Securing Sensitive Contact Center Information in the Cloud

By Neil Titcomb

Securing customer data on all applications managed from the cloud will become increasingly more important as cloud adoption expands and more organizations move customer-facing contact center applications to the cloud. Despite the increased adoption of cloud-based contact center solutions, some organizations still have concerns due to the increase in high-profile security breaches. Therefore, what should business and IT managers be looking for when seeking reassurances about security from a cloud provider?

First, when choosing a cloud service provider, it’s important to select a company that believes securing data is critically important and is a shared responsibility.

A recent report from the Ponemon Institute titled “Security of Cloud Computing Providers” reported that 69 percent of cloud providers surveyed did not believe that securing customer data was their responsibility; only 16 percent believed security should be a shared responsibility between cloud provider and tenant.

Organizations seeking the enhanced business agility, cost reductions, and other core benefits of cloud-based contact centers should indeed make the move to the cloud, but they need to make sure to move securely. This starts with choosing a cloud service provider who views protecting customer data as a shared responsibility and demonstrates a commitment to maintaining a highly secure and private environment for all clients. Surprisingly, few providers do.

Physical Security: Securing Inside and Out: As with all types of security – whether it’s physical, logical, or network – there should be several layers of security parameters in the centers to ensure the security of the data.

Physical security is a critical component in protecting customer data given that, more often than not, stolen data is the work of a current or former employee rather than an outside hacker. Physical security should be controlled 24/7 by means such as keycard access, video surveillance, security system logging, and security personnel. Data center access should only be granted to employees and contractors who have a legitimate need. When employees no
longer have a need for access to the center, their privileges should be immediately revoked. This should be confirmed by policy and through regular audits of access lists.

Preventing Unauthorized Access and Hacking: Logical security is a second critical layer in keeping customer data safe. This entails using software-based techniques for authenticating user privileges on a specific computer network or system to secure access. Cloud service providers also use role-based permissions, assigning users to roles that grant them specific levels of access to systems and data.

There are many different techniques to authenticate users, such as usernames and passwords and two-way authentication. Two-way authentication is more secure than a simple username and password system; it occurs when the user and the computer system engage in a two-way, question-and-answer exchange. When the user attempts to log in to the system, the system sends a challenge question the user must correctly answer in order to gain access.

There exists any number of challenge questions that can be asked in order to prevent unauthorized users from easily gaining system access with a stolen username and password combination. Two-way authentication is one of the strongest methods of authenticating users, and it can be extremely useful in cloud centers.

Multilayered Firewalls: Weak network security is one of the biggest threats to an organization. Unauthorized access and snooping are the two main types of network security threats. It’s important to ask whether the cloud provider’s network is protected by multilayered firewalls and an intrusion detection system.

In many cases, working with the right service provider can help an organization stay ahead of data theft and potential security breaches. But it is key to find a cloud service provider that adheres to the latest security guidelines and uses the best tools available to secure confidential information.

Make sure you are familiar with the policies and procedures in place to deal with overall security and understand the cloud provider’s approach to any breaches or attempted breaches that may occur – and then ensure that these meet your organization’s needs.

Neil Titcomb is the UK&I sales director for cloud at Genesys.

[From the October/November 2013 issue of AnswerStat magazine]