Contact Center: Cloud-Based Security Considerations
By Donna Fluss
One of the top concerns regarding hosting or cloud-based computing is security. Enterprises are apprehensive about placing their critical corporate assets – customer data – in someone else’s hands. Here is a list of security considerations related to hosted contact center applications.
- Protecting enterprise data from hackers – This issue confronts anyone with valuable data, whether it’s maintained internally or in a cloud. (The FBI, White House, State Department and other government agencies have all been hacked with varying degrees of success.) In theory, hosting companies have the most to lose – their entire business – so they are highly motivated to put in place multiple levels of security to minimize the risk of security breaches. Hosting companies also have the benefit of learning from all of their customers, each of whom has their own security requirements, so they have a much broader base of knowledge of security best practices than any single company.
- The risk of sending large volumes of critical data over a public network – Even if you are using a virtual private network (VPN) to transmit your data, it is still part of the shared public network. It is “out there” and, conceptually, can be accessed by anyone with access to the network. Let’s put it this way – if the FBI, NSA or another security agency wants to “listen” in to your network, it would not be a significant challenge. And generally, the “bad guys” are able to do many of the same things the “good guys” can.
- Voice over Internet Protocol (VoIP) is not secure – Anyone in the path of an unencrypted VoIP transaction can pick up the transactions. All it takes is a sniffer. Securing VoIP-based interactions remains a serious concern for the market.
- Dependence on a cloud provider to keep the system up and running and address back-ups, contingency and disaster recovery – In a hosted environment, maintaining and operating the system is out of your company’s direct control.
- The need to protect the physical site – Protecting the physical site is as important as shielding the data.
- Technical support is provided by the hosting company – You depend upon a third party to carefully vet their staff and ensure that they are honest and protective of their clients.
These risks are real, and while most of them can be minimized through the use of best practices, there is no way to eliminate them entirely. To minimize the risks, DMG Consulting recommends working with a respected hosted contact center infrastructure provider who uses highly secure and redundant facilities that pass an annual third-party security audit. If this isn’t good enough, send in your own team of security auditors. Of course, if the hosting company takes security seriously, they’ll keep a very close eye on your team. (And if they don’t, use someone else.)
If you have any questions, please contact me at www.dmgconsult.com or 973-325-2954.