This article provides a security overview of the Showell integration with Microsoft Dynamics
In this article
1. Introduction
The Showell App integration with Microsoft Dynamics enhances user productivity by allowing access to Showell workspace content directly within the Dynamics environment. This integration provides seamless access to sales materials and other relevant content, streamlining workflows for sales teams and other users.
Showell is embedded within Dynamics using an iFrame, with communication facilitated via the Postmessage method. Additionally, analytics data is exchanged from Showell to Dynamics through server communication, utilizing OAuth 2.0 for secure authorization.
The Showell App integration with Microsoft Dynamics is designed with security as a fundamental aspect, employing strong authentication, encryption, and data handling practices. While this overview provides a comprehensive look at the security measures in place, further details can be obtained through direct contact with Showell support.
More information:
- Showell for Microsoft Dynamics Terms of Service
- Showell for Microsoft Dynamics Privacy Policy
- Showell's commitment to security
- MS Dynamics 365 Integration: Installation Guide
- MS Dynamics 365 Integration: Usage Guide
2. Authentication and Authorization
Authentication between Showell and Microsoft Dynamics is managed through OAuth 2.0, ensuring secure and streamlined access.
During the authorization process, Showell requests specific permissions to act on behalf of the authenticated user, enabling secure data exchange. The tokens obtained (access and refresh tokens) are encrypted to maintain security. The OAuth tokens allow our backend to fetch data as the authenticated user but are limited to prevent further actions once the initial authorization is complete.
3. Data Encryption
Data security is a top priority, and the integration uses robust encryption methods to protect data both in transit and at rest.
Data transmitted between Showell and Microsoft Dynamics is secured using HTTPS, ensuring encrypted traffic to prevent interception. At rest, data within Showell's physical database is encrypted using AES-256 encryption, a standard that meets industry guidelines for securing confidential information.
Encryption keys are managed according to Showell’s Encryption Key Management policy, ensuring they are periodically reviewed and upgraded as necessary.
Our server infrastructure is hosted on AWS in Europe, ensuring compliance with European data protection standards.
4. Data Handling and Privacy
The integration between Showell and Microsoft Dynamics involves specific data handling practices to ensure privacy and compliance:
- By authorizing the connection between Showell and Dynamics, you, as the end user, allow the Showell server to access and update Dynamics data on your behalf.
- Showell only retains the recipient's email (such as Contact, Lead, or Opportunity) that is entered in the designated recipient field during the share creation process. No additional data is stored on the Showell platform.
- This data is linked to Shares on the Showell Server, which is then synchronized back to Dynamics.
Compliance with privacy regulations such as GDPR, CCPA, and ISO 27001 is maintained, ensuring personal data is handled responsibly. Users can exercise their data subject rights (access, rectification, deletion) by contacting Showell support. We retain user data only as long as necessary to provide the service and comply with legal requirements.
5. Tracking and Logging
Showell does not collect data from Dynamics. It only gathers tracking information within the Showell App to monitor usage and improve service quality. For example, in Showell's Digital Sales Room, the following information is tracked:
- Visitor details: Who visited the Digital Sales Room, which content they viewed, the duration of their viewing, and whether they downloaded the content to their device.
Showell servers are authorized to access and sync Dynamics data (See point 4), specifically the recipient's email for Share analytics. Analytics data is exchanged from Showell to Dynamics through server communication, utilizing OAuth 2.0 for secure authorization. Tracking information is stored within Showell's infrastructure and is accessible to authorized personnel only. This information is protected through encryption and access control measures to ensure it remains secure.
Error messages are logged with Sentry.io, helping to identify and address issues promptly without collecting personal data.
For more information on Share Analytics: analyze your shared content
6. Security Measures
Additional security measures are in place to safeguard the integration:
Regular Security Audits and Penetration Testing: Conducted in compliance with ISO 27001 standards, including regular monitoring and logging to check the effectiveness of procedures and controls. Important logs are reviewed monthly, and violations are reviewed within one business day.
Secure Development Practices: Adhered to throughout the development lifecycle.
Certifications and Standards: Compliance with standards such as ISO 27001 to ensure robust security practices.
7. Incident Response
In the event of a security breach, Showell has a comprehensive incident response plan:
- Identification: The incident is detected, reported, and verified by the Security Response Team (SRT).
- Assessment: The SRT examines the incident, logs details, evaluates risks, and categorizes the incident type.
- Response: The SRT acts to control the incident, secures evidence, and reports to law enforcement if necessary. Post-incident analysis is conducted to prevent future occurrences.
The SRT, composed of the CTO, CISO, senior management, customer support, IT, and Product Development team members, is responsible for investigating and responding to incidents. The team ensures compliance with relevant laws and conducts post-incident reviews to implement remedial actions.
8. Contact Information
If you have any questions or concerns about this security overview or the handling of your information, please contact your Showell contact person or Showell Support.
💡 Summary (TL;DR)
The integration allows seamless access to Showell content within Dynamics, improving productivity. It uses iFrame for embedding and Postmessage for communication.
Authentication and Authorization:
Managed via OAuth 2.0, ensuring secure access.
Tokens are encrypted and used to securely fetch data.
Data Encryption:
Data in transit is secured with HTTPS.
Data at rest is encrypted with AES-256.
Hosted on AWS in Europe, complying with European standards.
Data Handling and Privacy:
Showell can access and update Dynamics data with user authorization.
Only the recipient's email is stored by Showell; no other data is retained.
Email data is linked to Shares and synced back to Dynamics.
Complies with GDPR, CCPA, and ISO 27001.
Data is retained only as long as needed for service and legal requirements.
Tracking and Logging:
Showell Analytics data is securely exchanged via OAuth 2.0 to MS Dynamics.
Error messages are logged with Sentry.io without collecting personal data.
Security Measures:
Regular security audits and penetration testing.
Adherence to secure development practices and ISO 27001 standards.
Incident Response:
Comprehensive plan with identification, assessment, and response by the Security Response Team.
