Genesys Cloud stores your organization’s data in a multitenant environment, which means that your data is on the same servers as data for other Genesys Cloud customers. So if the environment is multitenant, how is it that people in other organizations can’t get at your data?

Whenever a Genesys Cloud user triggers an event, such as adding tags to a profile or uploading a document, that event goes into the cloud and is first received by our Public API, which acts as a firewall of sorts.

The Public API:

  1. Determines the validity of the event. Is this a valid user? Is it from a valid organization? Is this user a member of that organization? If the answer to any of those questions is no, the event fails and sends back an error. 
  2. Assigns IDs to the event. If everything is correct, the Public API then assigns an encrypted hash to this event that contains IDs for the user and the organization. Since user IDs are tied to a specific region, the event is now region-specific too.

Then, the event bounces between Genesys Cloud APIs until it reaches its destination. It does this because each API serves a specific function, and it can take several functions to process a single event. One API depends on another API’s help to solve a problem or retrieve data, for example.

Multi-tenant security step 2

Every internal request travels over a secure HTTPS/TLS connection and requires verification using the encrypted IDs. At each hop, the event must identify itself as being from a valid user in a valid organization.

Once identified, the event cannot come in contact with events that have a different Organization ID, so no one can see what doesn’t belong to them.

Some data is even encrypted inside the database, like passwords, which means that no one at Genesys can access it, even administrators with full permissions.