The most effective way to keep your data private and secure is to focus on the fundamentals, Glance has adopted the following security practices.
Cross-Site Scripting Security
The Glance web application is built to resist attack. It uses dedicated web servers and database servers, with all unnecessary features removed to reduce the attack surface. Glance has development policies and tools in place to create code that resists injection, cross-site scripting, and request-forgery attacks.
Glance uses cryptographically random (hard-to-guess) session keys with automatic expiration to resist credential-replay attacks. It stores only hashed passwords, hashed according to current security best practice. Each customer may select their own password-complexity standards. Glance's architectural design prohibits the downloading or uploading of any data to the session servers.
Glance uses a host-based intrusion detection system to identify suspicious behavior. Server updates and patches are applied in accordance with the severity of the issues they address both weekly and monthly. Because attack vectors are always evolving, Glance tests its application for vulnerabilities at least twice a year with the latest version of tools such as BurpSuite and ZAPScan. All vulnerabilities are repaired as they are uncovered. Security policies are endorsed by the CTO.
Glance Networks stores the session details from any given session. Glance only stores session metadata and does not store any data from the session itself.
Glance stores the following session metadata:
- start time
- stop time
- number of guests that join the session
- the first guest's approximate location based on the public IP address
- the Glance URL (Agent Glance Address)
- the Session Type (whether a Cobrowse or a Screen Share session)
Internal Glance Monitoring
If requested by a customer via written correspondence, an authorized Glance Super-user can join an active session for the purpose of testing or monitoring activities. Glance requires the unique session ID and the Glance user address to locate and join that session. We do not actively monitor any sessions and make it a practice to not join any session unless otherwise required by our customers.
Glance cobrowsing has the capability to escalate sessions from one-to-one to many-to-one. This enables an agent to invite another authorized agent to join the in-process Cobrowse session. Doing this means the agent may escalate the conversation from one agent to two agents and have a soft handoff with the end-customer.