Published: September 15, 2011 | Comments
Clouds are funny things. One minute they are light and fluffy, a pleasure to behold. And in the next minute, they have turned dark and threatening. This is true in nature and in technology. It seems that one cannot swing a telephone cord without hitting an article about some corporation’s or government agency's website experiencing some form of attack.
In 2011 alone:
In an almost amusing twist, the so-called "hacktivist" group, LulzSec, was attacked by Jester, another electronic vigilante.
Much of the worlds business resides in the cloud and businesses, as well as consumers, need to feel that their data is safe and secure. But, that is becoming increasingly difficult. Andrew Kemshall, in Have You Been Hacked This Month? Oh, Yes You Have (Forbes, August 2011) surmises that "… the average family's personal information has been breached 10 times since June ".
Contact centers are no stranger to the cloud. In the past decade, the hosted contact center market has grown by leaps and bound. Moreover, it is expected to maintain this pattern of growth into the near future. DMG Consulting, in its 2010 - 2011 Hosted Contact Center Infrastructure Market Report, estimates that the hosted contact center market will grow 25% in 2011, 20% in 2012, and 18% in 2013. Given that hosted contact centers are in the "cloud" just as Sony and the Washington Post sites are, one has to ask … are hosted contact centers safe?
To answer that question one must first look at how data are traditionally stored in contact centers. The likely targets of hackers, criminals, and other intruders would more than likely be databases storing personal data such as order processing system, CRM solutions or even server containing call recordings and screen captures. Contact center solutions contain very little customer information that data mainly consists of names, telephone numbers and possibly email addresses. So, contact center solution would not be a profitable target for intruders.
Hosted contact centers are no different from on-premise solution in what data is stored on the contact center servers. "Users should store sensitive data within their own data center or find a partner who specializes in very secure data storage," advises Richard Manulkin, CEO of ConnectFirst. "The purpose of a contact center solution is to connect customers to agents. If the data presented to or captured by an agent is of a sensitive nature, other integrated providers – such as CRM or Order Processing vendors – will need to have robust security anyway. Let those companies store the data."
Access to the Washington Post and Sony accounts were through public access web sites with thousands of ports open to anyone with the skill to crack through the security. The data stolen from the 70 police departments was stored on a server hosting a secure web site. Hosted contact centers are different. According to Steve Cramer, Senior Vice President of Operation for Newbridge Telecommunication Solutions, "most hosted contact center vendors connect to the client contact center using carrier’s private network, such as MPLS or Point-to-Point connections." Using a private carrier cloud (MPLS or point-to-point) enables hosted contact centers to manage who has access to the data and voice streams. It also eliminates the public access ports that are normally the targets of intruders.
Hosted contact center servers are many times located in highly secure data centers in compliance with SAS-70, ISO 27001, SSAE 16, or one of a number of data center security auditing protocols. While this does not guarantee a hack-proof environment, it does make intruding into the data center difficult. In addition, hosted contact center service prodders employ redundant solutions in geographically disbursed locations. This allows the service provider to maintain operations in the event of catastrophic weather, seismic activity, and even political unrest.
In businesses using hosted contact centers, the least secure area is the business’ site. Customers may not feel the need to be PCI-DSS or HIPPA compliant and so may not take all necessary measures to ensure total security. In addition, many businesses may have limited IT resources, human and fiscal, to create airtight security. "Hosted contact center vendors are better prepared to secure their data that the average SMB," according to Ken Landoline, Principal Analyst, Unified Communications and Contact Center for Current Analysis. Large companies, especially those in the financial and healthcare industries, have appropriate and specialized resources to put into IT security. A small mom and pop vendor that does not accept credit cards or medical information may not have the means or need to create an extreme secure environment.
Are hosted contact center safe? While there is no such thing as a 100% hack proof solution, hosted contact centers can be considered safe. Most hosted contact center vendors provide a high level of security in their data centers. Moreover, the connection to the carrier network is through a private cloud. Businesses investigating hosted contact center and are concerned about security should ask the vendors:
To describe the path the voice and data would take from the agent to their data centers and take into consideration if the path runs through public, private, or hybrid clouds
- About their data center security and if the vendor employs redundant and disbursed data center as well as data centers compliant with a industry standard data center security certification
- To provide their best practices for securing personal data
Security starts at home and businesses need to ensure that their customer's personal data is safely stored. The weakest link in any network is the people that interface the network. A company with lax data security or even a single PC without a password is an open invitation for trouble. While system intrusion is usually big news, people losing briefcases with a thumb drive containing personal data have caused more damage.
Are hosted contact centers safe? The answer is they are as safe as you make them.
Michael Barbagallo is the president and principle analyst for Shenandoah Analytics.