Q: Is Zendesk Secure?


First, let’s talk about Zendesk. It’s a powerful service-first CRM tool used by thousands of businesses to understand and communicate with customers. Zendesk is full of business-critical data that is essential for day-to-day operations.

With so much important data held in Zendesk, now is the time to think about taking a proactive approach to ensuring its security.

So, is Zendesk secure?

Zendesk provides a secure experience for customers by keeping their security systems up to date with best practices.

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard that many organizations must adhere to.

Zendesk has done its due diligence and is certified Level 1 PCI DSS compliant, meeting all six categories of PCI standards:

  • Maintain a secure network
  • Maintain a vulnerability management program
  • Regularly monitor and test networks
  • Protect cardholder data
  • Implement strong access control measures
  • Maintain an information security policy

This compliance is extended to all Zendesk accounts.

Based on this, we can conclude at a systems-level Zendesk is very secure.

Zendesk Account Security

However, companies that use Zendesk should also take steps to secure company-specific data.

The best way to approach data security for a cloud-based tool like Zendesk is the Shared Responsibility Model:

The Shared Responsibility Model explains that keeping your Zendesk account’s data secure is a shared responsibility between you and Zendesk. Zendesk takes care of the software, infrastructure, and disaster recovery of the entire platform. You, as the user, are responsible for password security, permissions given to users and third-party apps, and backups of the data you put into your account.

Web app providers take extensive precautions to ensure their infrastructure won’t fail and to maintain ~99.98% service availability. They have a security team that is dedicated to platform availability. This is one of the many benefits of using a managed service like Zendesk.

For instance, in the unlikely event that one of Zendesk’s data centres is compromised by a natural disaster, the security team will recover the entire platform to the last backup. You might experience a few minutes of downtime, or even none at all, depending on how fast they can react to the situation.

But you cannot use their backups to recover a single account or account-specific data back to a previous point in time.

While Zendesk provides instructions for using XML and/or CSV exports of your data as a workaround, it’s not a reliable, complete, or user-friendly method.

We explain why here:

What Zendesk offers is a macro-backup of their entire system. Zendesk runs an full encrypted backup every 24 hours. These platform-wide backups cover you for incidents on their end that impact their entire user base, such as data breaches. What Rewind offers you is a micro-backup of just your most important account data. It’s an accessible backup of your Zendesk data. One you can use to swiftly recover critical information.

Human error, malicious attacks, and software glitches caused by 3rd party software are just some of the reasons why people lose important information in Zendesk. Using an automated backup service like Rewind for your web apps makes backups and recovery simple and gives you peace of mind about the security of your business-critical data. It’s like having an insurance policy on your data.

You don’t need to be an expert in backups, spend an afternoon each week managing your backups, or have your own IT team. It’s a set-it-and-forget-it process that can recover your data in the event of a disaster. That’s a pretty good deal if you ask us.