We are excited to announce the general availability of Voice Recording Encryption—a feature that provides an additional layer of security for your Programmable Voice Recordings.
Customer call recordings are heavily utilized by businesses for a variety of reasons, including training, compliance, customer dispute resolution, and more. The content of these recordings, which is often sensitive in nature, requires protection.
Customer security has always been a priority for Twilio, even before the release of this new feature. By default, recordings are encrypted at rest in Twilio’s cloud storage, with optional HTTP Basic Authentication for access.
Some businesses, typically those that need to comply with strict industry or regional regulations for data protection such as financial services, require additional security for their recordings. We built Voice Recording Encryption to address this need by offering an additional layer of security through the use of public and private keys.
With Voice Recording Encryption enabled, your recordings are encrypted with your public key as soon as the call ends, ensuring that it can only be accessed by the holder of the corresponding private key—you! Below we will go into more depth on how it works, pricing, and how to get started.
How Voice Recording Encryption Works
Voice Recording Encryption enhances the security of your call recordings through the following:
- Place more control in your hands: Voice Recording Encryption is based on asymmetric cryptography—where your business’ public key is used for encryption and private key for decryption. Only those who have access to that private key can listen to the contents of the recording. This puts more control, and more responsibility, on you and your business.
- Keep recordings secure immediately after call completion: With Voice Recording Encryption, the voice recording is encrypted within the Twilio infrastructure, at the earliest point possible after the call ends and the recording has been completed.
See the feature docs for more details.
Voice Recording Encryption is included with the Twilio Enterprise Edition. For customers not enrolled in the Twilio Enterprise Edition, pricing for this feature is $.015 for each encrypted recording minute. You will continue to be charged for the associated Programmable Voice and recording minutes. If you are interested in unlimited usage for a fixed monthly price, please contact our sales team.
Getting Started with Voice Recording Encryption
Note: When first testing Voice Recording Encryption, we recommend using an account with non-production recordings to familiarize yourself with the feature. All recordings generated on the account after Voice Recording Encryption is enabled will no longer be playable as before, as it requires you to add a new decryption step in your workflow. This is why we recommend building and testing the feature with test recordings, before enabling more broadly.
Get started with Voice Recording Encryption with these five steps.
- Generate a RSA key pair: Create a valid public / private key pair.
- Submit the Public Key: Submit the public key to Twilio using the API or the Console.
- Store the private key securely: We recommend storing the private key in your secure infrastructure (HSM, AWS KMS, and so on). You’ll need the private key to decrypt the recordings.
- Enable the feature: Turn on the feature for your account from the Console and configure the submitted public key by selecting it.
- Decrypt recordings: Build a decryption step into your recordings workflow. You will need to decrypt the recording with your private key, in conjunction with a couple of values that Twilio provides with the recording.
For more details on each of these steps, see the Voice Recording Encryption docs.
We built Twilio Voice Recording Encryption with your customers’ privacy in mind. Now that it’s generally available, any business can add an extra layer of security to their call recordings starting today.