Join any meeting from Microsoft Teams Rooms. Available now

Secure by Design.
Secure by Default.

We are committed to building security into everything we do. 
By integrating proactive, risk-based security measures from the outset, we aim to protect our organization, partners, and customers from evolving threats and vulnerabilities.

Pexip's security practices

These are our tasks that form part of our development process and applies to all development within Pexip.

lock_reset

Security by Default, Privacy Always

Pexip incorporates security into our product design from planning through development, implementation, and sustainment. Too many companies and products attempt to “bolt on” security after the initial product design, inevitably resulting in security breaches and data loss. At Pexip, protecting your organisational and individual privacy is our primary mission.

change_circle

Defence in Depth

Defence in Depth refers to having multiple layers of interoperational security. Pexip’s software design process incorporates the Defense in Depth approach to ensure potential vulnerabilities in one functional area do not impact the overall risk to your organisation’s data.

visibility_off

Least Privilege

The principle of Least Privilege states that users and devices should only be given the minimum amount of system, application, and data access necessary to perform their job. In our business as in our products, Pexip defines and assigns roles and data access constraints to ensure that only those with a Need to Know have access to application, business, or customer data and metadata.

conversion_path

Supply Chain Risk Management

Supply chain risk management (SCRM) aims to minimize the impact of upstream dependencies on the overall security of products and services. At Pexip, our SCRM approach recognizes that we are both a consumer and a producer of supply chain risk. We manage our upstream software dependencies in accordance with our SDLC, and we aim to provide our customers with the security knowledge and artifacts necessary for their SCRM policies and processes.

action_key

Threat Modelling

Threat modelling is the process of considering the potential risks and threats of product design and determining how those issues can be addressed. By incorporating threat modelling at the planning stage of development, Pexip’s software lifecycle ensures that security and privacy concerns are included in product planning and architectural design, not just added as a “layer” or feature capability as an afterthought.

Secure Software Development Life Cycle (SSDLC)

The principles of Secure by Design and Default and Privacy by Design and Default are incorporated into each of the phases below.
Life Cycle (SSDLC)
Life Cycle (SSDLC)

Security features and capabilities

Pexip Infinity

Infinity powers Secure Meetings, Pexip Video Platform, and Pexip Connect Standard (self-hosted deployment).

 

The self-hosted solution supports the industry standards for communication encryption for end-user devices, ensuring that communication is secure and kept private even if it crosses the internet. 

  • Private deployments befitting your specific hosting architecture 
  • Attribute-Based Access Control (ABAC) support 
  • Participant-specific security protocols 
  • Global and local policy compliance engine 
  • API support for customer-developed security policy stack 
  • FIPS-compliant cryptographic algorithms 
  • Application and Session Intrusion Detection and Prevention 
  • Host-based File Integrity Monitoring (FIM) 
  • Purpose-built hardened operating system 
  • NIST- and ISO-compliant auditing and logging 
Pexip Infinity

Pexip Service

The Service enables secure calling and interoperability powering Pexip Connect (software-as-a-service). The Service supports the industry standards for communication encryption for end-user devices, ensuring that communication is secure and kept private even if it crosses the internet.

  • Highly redundant, globally accessible and geographically dispersed architecture
  • Dedicated operations teams providing continuous monitoring
  • Monitoring and metrics provide visibility into your organisation’s communication needs
  • Ideal companion to self-hosted deployments as part of your Business Continuity and Disaster planning
  • GDPR compliant and CSA Star Level 1 certified
  • Hosted in SOC2 compliant datacentres
  • Operated in accordance with the requirements of Pexip’s ISO certifications:
    • ISO 27001 with additional controls for ISO 27017 shared security responsibilities, ISO 27018 responsibilities for processors of personal data (PII)
    • ISO 27701 Privacy Information Management System for the development, provision, management and delivery of collaboration as a service with the role of PII processor.
Pexip Service

Pexip Government Cloud

Pexip Government Cloud (PGC) is Pexip’s FedRAMP and StateRAMP Authorized Government Community Cloud service offering for US customers. PGC supports US federal, state and local, and associated organizations such as government contractors, academia, or public-private consortia.

  • FedRAMP-Authorized Moderate SaaS
  • Microsoft (MS) CVI and Video Meeting Room (VMR) support
  • High Availability deployment using MS Azure
  • Developed with Pexip’s Infinity video engine
  • FIPS 140-3 compliant
  • Customer-specific call policies and Dial Plans
  • Zero Trust-compliant device, user, and data authorization
  • Customer-owned SAML identity management
  • Federally-compliant Continuous Monitoring and reporting
Pexip Government Cloud

Pexip VPaaS

Pexip's Video Platform as a Service (VPaaS) enables customers to embed video quickly and easily into existing business-to-consumer or government-to-citizen workflows.
  • Geo-fenced services allowing for isolation of data into a specifically desired region
  • No access to personally identifiable information (PII)
  • Fully API and SDK driven service, allowing organizations to build their own call flow policies
  • Deployed as a Zero Trust Architecture (ZTA)
  • Application and Session Intrusion Detection and Prevention
  • GDPR compliant
  • Enables customers to achieve HIPAA compliance
Pexip VPaas
Pexip Infinity

Pexip Infinity

Infinity powers Secure Meetings, Pexip Video Platform, and Pexip Connect Standard (self-hosted deployment).

 

The self-hosted solution supports the industry standards for communication encryption for end-user devices, ensuring that communication is secure and kept private even if it crosses the internet. 

  • Private deployments befitting your specific hosting architecture 
  • Attribute-Based Access Control (ABAC) support 
  • Participant-specific security protocols 
  • Global and local policy compliance engine 
  • API support for customer-developed security policy stack 
  • FIPS-compliant cryptographic algorithms 
  • Application and Session Intrusion Detection and Prevention 
  • Host-based File Integrity Monitoring (FIM) 
  • Purpose-built hardened operating system 
  • NIST- and ISO-compliant auditing and logging 
Pexip Infinity
Pexip Service

Pexip Service

The Service enables secure calling and interoperability powering Pexip Connect (software-as-a-service). The Service supports the industry standards for communication encryption for end-user devices, ensuring that communication is secure and kept private even if it crosses the internet.

  • Highly redundant, globally accessible and geographically dispersed architecture
  • Dedicated operations teams providing continuous monitoring
  • Monitoring and metrics provide visibility into your organisation’s communication needs
  • Ideal companion to self-hosted deployments as part of your Business Continuity and Disaster planning
  • GDPR compliant and CSA Star Level 1 certified
  • Hosted in SOC2 compliant datacentres
  • Operated in accordance with the requirements of Pexip’s ISO certifications:
    • ISO 27001 with additional controls for ISO 27017 shared security responsibilities, ISO 27018 responsibilities for processors of personal data (PII)
    • ISO 27701 Privacy Information Management System for the development, provision, management and delivery of collaboration as a service with the role of PII processor.
Pexip Service
Pexip Government Cloud

Pexip Government Cloud

Pexip Government Cloud (PGC) is Pexip’s FedRAMP and StateRAMP Authorized Government Community Cloud service offering for US customers. PGC supports US federal, state and local, and associated organizations such as government contractors, academia, or public-private consortia.

  • FedRAMP-Authorized Moderate SaaS
  • Microsoft (MS) CVI and Video Meeting Room (VMR) support
  • High Availability deployment using MS Azure
  • Developed with Pexip’s Infinity video engine
  • FIPS 140-3 compliant
  • Customer-specific call policies and Dial Plans
  • Zero Trust-compliant device, user, and data authorization
  • Customer-owned SAML identity management
  • Federally-compliant Continuous Monitoring and reporting
Pexip Government Cloud
Pexip VPaaS

Pexip VPaaS

Pexip's Video Platform as a Service (VPaaS) enables customers to embed video quickly and easily into existing business-to-consumer or government-to-citizen workflows.
  • Geo-fenced services allowing for isolation of data into a specifically desired region
  • No access to personally identifiable information (PII)
  • Fully API and SDK driven service, allowing organizations to build their own call flow policies
  • Deployed as a Zero Trust Architecture (ZTA)
  • Application and Session Intrusion Detection and Prevention
  • GDPR compliant
  • Enables customers to achieve HIPAA compliance
Pexip VPaas

Recent CVEs

CVE-2024-6387

Status: Completed

More information

CVE-2024-3094

Status: Completed

More information

Zero trust architecture in video conferencing

All you need to know. 
Zero Trust Banner

Get in touch

lock

Ask privacy-related questions

Contact us at privacy@pexip.com.

Send email
campaign

Disclose a vulnerability

Read our Vulnerability Disclosure Handling Policy.

Learn more
bug_report

Report a bug

Contact our support team via the support portal.

Access portal