Document Properties
Introduction
The Intershop Copilot for Buyers operates on a multi-layered security architecture. The goal is to systematically minimize risks across the entire chain, from the cloud infrastructure to the standard Intershop configuration and customer-specific customizations.
We distinguish three protection layers:
Layer 1 – Baseline Security through Microsoft Azure OpenAI and Azure Security Services
The operational foundation of the Copilot is Microsoft Azure, including Azure OpenAI Services. The platform offers a robust security framework:
Infrastructure Security:
Data encryption at rest (AES-256) and in transit (TLS 1.2/1.3)
DDoS mitigation, Intrusion Detection & Prevention (IDPS)
Network segmentation via virtual networks, private endpoints
Identity & Access Control:
Azure Active Directory with RBAC and Conditional Access Policies
Multi-Factor Authentication (MFA) mandatory for administrative access
Compliance & Governance:
Certifications including ISO 27001, SOC 1/2/3, GDPR, C5, HIPAA
Regional hosting (EU datacenters) for GDPR compliance
AI-Specific Security:
Azure Content Safety for automated filtering of harmful content (hate speech, sexual content, violence, self-harm)
Responsible AI framework with logging and monitoring of prompts/responses
Layer 2 – Intershop Standard Security & Hardening
Intershop ensures that all deployed services are operated in a hardened standard configuration:
Software Lifecycle Management:
Regular security patches and updates for all components (e.g., Flowise, container images)
Deployment in containerized environments on Kubernetes in Azure
Code & Configuration Security:
All changes must undergo mandatory code reviews and QA processes
Standard configurations are tested
Monitoring & Incident Handling:
Centralized logging
Automated alerting for security-relevant events
Regular internal security assessments
Layer 3 – Customer-Specific Customizations & 3rd-Party Security Validation
Individual extensions and integrations are the responsibility of the customer and their implementation partner:
Security Testing by Third Parties:
Customers can (and should) engage 3rd-party providers for penetration tests and vulnerability assessments.
Intershop provides guidelines and best practices for IAM (Identity and Access Management), secrets management, and secure coding.
Summary
The security model of the Copilot for Buyers is based on three lines of defense:
Microsoft Azure Security Stack:
Infrastructure, compliance, and AI protection.Intershop Security & Hardening:
Secure standard configuration, lifecycle management, monitoring.Customer-Specific Security:
Responsibility for extensions, including external security audits.
With this multi-layered approach, a defense-in-depth security model is implemented, addressing and minimizing risks at every level.
Disclaimer
The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Website, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.