All inbound and outbound data from our backend layer is encrypted and transmitted over TLS or DTLS, with 2048-bit asymmetric encryption and 256-bit symmetric encryption using certificates from third-party credited authorities.
Network communication is protected using the latest in technology to secure all video, audio, and data. Using the TLS and DTLS cryptography protocols, previously referred to as SSL, we provide protection using a 2048-bit asymmetric key in conjunction with a 256-bit symmetric session key. More information on network ports used can be found further within this document.
The backend tier provides four public services:
- REST API
- XMPP and
- STUN / TURN
Montage uses a combination of Azure and Amazon services to provide a resilient and redundant backend while delivering the lowest latency possible.
Azure's data centers are geographically dispersed and comply with ISO/IEC 27001:2005, SOC 1, and SOC 2 and have a CSA STAR certification.
These data centers are managed and operated by Microsoft. Microsoft has decades of experience building enterprise software and running some of the world's most extensive online services.
Using Azure's Network Security Groups (NSG), access to virtual machines hosting our services is limited to those ports configured within the NSG only.
All our virtual machines are located within the same virtual LAN, and communication between virtual machines is via private network interfaces behind the Azure firewall.
We also use Amazon AWS to host and support the services we offer to our clients. Amazon AWS is a well-known cloud service managed by Amazon, a trusted provider of cloud services that provide geographical dispersion - allowing us to have a server closer to the end-user, which reduces latency in cloud connectivity.
All our cloud services running on Amazon AWS are running under a Virtual Private Cloud (VPC). Each environment has its own virtual network protected by Amazon's availability zone and firewall.
Amazon AWS servers are geographically dispersed and have many certifications and third-party assessments, including ISO/IEC 27001:2005, SOC 1 and SOC 2, and CSA STAR certification. Further information can be found in their security whitepaper.
The Montage software consumes a REST API provided by our SaaS layer, which is credential secured. All communication with the REST API and our XMPP services are over TLS (port 443) with 2048-bit asymmetric encryption and 256-bit symmetric encryption. For video calls, STUN is used to establish a peer-to-peer connection. If this fails, the client will attempt to use our relay service using the TURN protocol.
In addition to DTLS encryption, we also encrypt data through Secure Real-Time Protocol, which safeguards IP communications from hackers. This ensures your video and audio data are kept private point-to-point.ccc