3 Ways the Cloud Delivers Greater Data Security
Security is commonly mentioned as a top concern of contact center CIOs transitioning to the cloud. It should be. In fact, security is a top concern for any good CIO whether technology is deployed in the cloud or on premise.
But is it possible that data security could be improved in the cloud for the multi-site, multi-source contact center? Actually… Yes. Here’s how:
1) Secure, centralized location of data.
As the contact center landscape becomes more complex (with multi-site, multi-source and multi-shore configurations) so does the technology make-up. Aging, disparate systems create integration nightmares and slow the ability to change.
Disparate technology and locations also creates multiple data silos that require physical and virtual protection. The more complex the organization, the more locations and countries, the more difficult it is to lock down data.
The right cloud provider will utilize redundant Class A co-location facilities that guarantee optimum operating conditions in terms of power, temperature and physical security – reducing the stress on in-house IT across contact center sites. If the cloud vendor demonstrates PCI-compliant policies and procedures, data is protected virtually.
The cloud provider should also be able to demonstrate robust role-based security with full system auditing to ensure that data is accessible only by those who should have permissions to do so. Further, any changes should be recorded with documented change control.
This enables a CIO overseeing multiple sites to have centralized visibility into system-wide changes, regardless of location—a requirement simplified by the cloud.
2) Eliminating Single Points of Failure.
For a multi-site contact center to maintain true redundancy, duplicates of each piece of hardware (like ACD, predictive dialer or IVRs) are needed, as well as redundancies at the telecom carrier level. The alternative is to purchase expensive WAN/bandwidth networking equipment to link and load balance sites together, which is so cost prohibitive that most companies do not.
A cloud contact center provider should be able to demonstrate security and redundancies at all levels. Examples could include:
• Carrier backbone connections
• Full transport redundancy via several SIP routing proxies and carrier peering
• A Gigabit Ethernet LAN and WAN mesh to eliminate single points of failure
3) Simplifying PCI Compliance
Even the newest contact center hardware fails to be PCI compliant “out of the box”. Organizations are left to invest precious resources to meet this key security mandate, including an ongoing focus on implementing, auditing, updating and maintaining compliant networks, infrastructure and change control processes.
This complexity only increases for multi-site organizations where system redundancies, policies and audits must be duplicated at each location. PCI rules around payment lines are especially stringent with requirements around transmission, processing and storing of credit card data.
By leveraging already PCI-compliant infrastructure deployed in the cloud, contact center operations and IT groups can shift resources to application deployment, vendor management, analytics and strategy.
Take note: several predictive dialer/ACD vendors have yet to achieve PCI security and procedure standards. For a full list of PCI compliant vendors see, this link: http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf.
No CIO will ever truly outsource security to a vendor. It will always be a concern with technology. The difference is that the cloud can now deliver ways to simplify it.
The key comes down to vendor selection due diligence and vendor management.