Articles on: MyOperator

How secure is my data in MyOperator’s cloud, and what controls can I add?

Quick answer


MyOperator uses AWS-based “defence-in-depth”: private VPCs, encrypted storage, TLS-only traffic, RBAC, 24 × 7 monitoring, and an audited incident-response plan. You control user roles, IP allowlisting, MFA, and data export.



When should I use this guide?


Read this if you:


  • Need to reassure stakeholders about data security, or
  • Want a checklist of customer-side actions—IP allowlisting, MFA, and log reviews—to meet your internal policies.



1 — Cloud security at a glance


  • Hosting: AWS, isolated Virtual Private Cloud (VPC)
  • Encryption:
  • At rest → AES-256 on all storage
  • In transit → TLS 1.2+ for every endpoint
  • Access control: Role-based (RBAC), MFA, optional IP allowlisting
  • Monitoring: IDS, malware scans, central logs, 24 × 7 SOC
  • Certifications: AWS ISO 27001, GDPR-aligned processes
  • Change management: Peer code review, CI security scans, monthly pen-tests



Watch the video walkthrough



2 — Protections by layer


Layer

Controls we operate

Infrastructure (AWS)

VPC isolation, Security Groups, encrypted EBS/S3, automated patching

Application

TLS-only APIs, prepared-statement DB queries, CSRF tokens, rate limits

Operations

Least-privilege IAM, MFA for admins, quarterly access reviews, secure SDLC



3 — Incident-response workflow


Monitor → Detect → Contain → Notify customer if SLA impacted → Post-mortem.



4 — Customer controls (what you can do)


  1. Enable MFA – Settings → Security → Multi-factor.
  2. Use least-privilege roles – Settings → Users: give each agent exactly what they need.
  3. Turn on IP allowlisting (see next section).
  4. Review access logs weekly – Reports → Audit.
  5. Rotate API keys every 90 days under Settings → API Keys.



5 — How to enable IP allowlisting


Platform

One-liner (replace values)

Linux iptables

sudo iptables -A INPUT -s 203.0.113.10/32 -p tcp --dport 443 -j ACCEPT

AWS SG (CLI)

aws ec2 authorize-security-group-ingress --group-id sg-1234 --ip-permissions IpProtocol=tcp,FromPort=443,ToPort=443,IpRanges='[{CidrIp=203.0.113.10/32,Description="Office"}]'

MyOperator UI

Dashboard → Security → IP Allowlist → Add 203.0.113.10/32 → Save


Repeat for all office/VPN IPs.



6 — Verify and monitor security


  • Dashboard → Security shows “MFA enforced” and a green IP-allowlist badge.
  • Attempt login from an unallowed IP → receives 403 Forbidden.
  • Audit Log records the last 30 days of role changes and login events.



7 — Limits and shared responsibility


Item

Our role

Your role

Encryption

We manage keys and ciphers

Keep browsers updated

Access control

Provide RBAC and logs

Assign least privilege, rotate creds

Third-party apps

OAuth scopes shown

Approve only trusted apps

Compliance

Data stored in the stated region

Supply lawful recording consent, WhatsApp opt-in


Warning No cloud is 100% breach-proof; your configuration and user hygiene matter.



Keywords - MyOperator security, cloud encryption, AWS VPC, IP allowlist, MFA, incident response

Updated on: 08/01/2026