How secure is my data in MyOperator’s cloud, and what controls can I add?
⚡Quick answer -
MyOperator uses AWS-based “defence-in-depth”: private VPCs, encrypted storage, TLS-only traffic, RBAC, 24 × 7 monitoring, and an audited incident-response plan. You control user roles, IP allowlisting, MFA, and data export.
When should I use this guide?
Read this if you :
- need to reassure stakeholders about data security, or
- Want a checklist of customer-side actions—IP allowlisting, MFA, and log reviews—to meet your internal policies.
📕Table of Contents
- Cloud security at a glance
- Watch the video walkthrough
- Protections by layer
- Incident-response workflow
- Customer controls
- How-to: enable IP allowlisting
- Verify & monitor security
- Limits and shared-responsibility
- Related Articles
1 — Cloud security at a glance
• Hosting: AWS, isolated Virtual Private Cloud (VPC)
• Encryption:
– At rest → AES-256 on all storage
– In transit → TLS 1.2+ for every endpoint
• Access control: Role-based (RBAC), MFA, optional IP allowlisting
• Monitoring: IDS, malware scans, central logs, 24 × 7 SOC
• Certifications: AWS ISO 27001, GDPR-aligned processes
• Change management: Peer code review, CI security scans, monthly pen-tests
Watch the video walkthrough
2 — Protections by layer
Layer | Controls we operate |
Infrastructure (AWS) | VPC isolation, Security Groups, encrypted EBS/S3, automated patching |
Application | TLS-only APIs, prepared-statement DB queries, CSRF tokens, rate limits |
Operations | Least-privilege IAM, MFA for admins, quarterly access reviews, secure SDLC |
3 — Incident-response workflow
Alt-text: “Monitor → Detect → Contain → Notify customer if SLA impacted → Post-mortem.”
4 — Customer controls (what you can do)
- Enable MFA – Settings → Security → Multi-factor.
- Use least-privilege roles – Settings → Users: give each agent exactly what they need.
- Turn on IP allowlisting (see next section).
- Review access logs weekly – Reports → Audit.
- Rotate API keys every 90 days under Settings → API Keys.
5 — How-to: enable IP allowlisting in
Platform | One-liner (replace values) |
Linux iptables | sudo iptables -A INPUT -s 203.0.113.10/32 -p tcp --dport 443 -j ACCEPT |
AWS SG (CLI) | aws ec2 authorize-security-group-ingress --group-id sg-1234 --ip-permissions IpProtocol=tcp,FromPort=443,ToPort=443,IpRanges='[{CidrIp=203.0.113.10/32,Description="Office"}]' |
MyOperator UI | Dashboard → Security → IP Allowlist → Add 203.0.113.10/32 → Save |
Repeat for all office / VPN IPs.
6 — Verify & monitor security
✓ Dashboard → Security shows “MFA enforced” and green IP-allowlist badge.
✓ Attempt login from an unallowed IP → receives 403 Forbidden.
✓ Audit Log records the last 30 days of role changes and login events.
7 — Limits and shared responsibility
Item | Our role | Your role |
Encryption | We manage keys & ciphers | Keep browsers updated |
Access control | Provide RBAC & logs | Assign least privilege, rotate creds |
Third-party apps | OAuth scopes shown | Approve only trusted apps |
Compliance | Data stored in the stated region | Supply lawful recording consent, WhatsApp opt-in |
No cloud is 100 % breach-proof; your configuration and user hygiene matter.
9 — Related Articles
• How do I enable IP allowlisting in MyOperator?
• What security certifications does MyOperator hold?
• How can I audit user access to my MyOperator account?
Keywords - MyOperator security, cloud encryption, AWS VPC, IP allowlist, MFA, incident response
Related Articles
What is MyOperator?
MyOperator 1.0 was all about telephony; MyOperator 2.0 is a Business AI Operator. To reflect this evolution, we’re repositioning MyOperator across every touchpoint—from marketing to product—as an AI-powered, omnichannel communication platform. We ...What are cloud-based services and how can MyOperator help me use them?
⚡Quick answer - Cloud-based services let you consume software, storage and compute over the internet—no servers to buy or maintain. They scale on demand, charge as you go, and update automatically. MyOperator is a SaaS cloud telephony platform you ...Data storage policy
Last verified: July 25, 2025 Applies to: Active MyOperator accounts unless superseded by contract or law. MyOperator retains different kinds of account data for 6 months to 3 years. Recent data (≤ 6 months) stays on primary storage for fast dashboard ...How can I be sure MyOperator won’t misuse or sell my data?
⚡Quick answer - MyOperator never sells your data. Access is strictly role-based, encrypted, audited, and covered by our ISO 27001 programme. You can self-serve or request export/deletion at any time. When should I use this guide? • You’re performing ...How do I complete MyOperator’s KYC and onboarding—online or offline—and what happens next?
⚡Quick answer - Choose either the self-service Online KYC (GST- or Aadhaar-based) or the Sales-assisted Offline KYC. Both flows end with the Customer Application Form (CAF) e-signature. Once KYC is approved, billing details are locked (for GST ...