Security in the Contact Center

Download Report

Transcript Security in the Contact Center 

Contact Center
Security Strategies
Grant Sainsbury
Practice Director, Dimension Data
4
IP Communications Are Now The Standard
Dimension Data Global Contact Center Benchmarking Report 2008
Why IP voice in the contact center?
• Improves workflow and business effectiveness
• Ability to distribute to the contact center workforce
• Reduces telecommunications total cost of ownership
• Enables channel aggregation
• Delivers flexible architecture
IP Communications Security Threats
• Improves workflow and business effectiveness
– Networks are more open. Exposed to greater array of internal threats.
• Ability to distribute the contact center workforce
– Family members use work PC for personal use
– Data leaves contact center & enterprise; it leaves home network
• Reduces telecommunications total cost of ownership (TCO)
– DOS attack takes down voice and desktop applications
– Systems based on open and well known OS, databases, and protocols
• Enables channel aggregation
– Email & websites are channel for viruses, trojans, malware and spyware
– New channels require different authentication and information
protection considerations
• Delivers flexible architecture
– Expose corporate network to extranet
The Role of Security in the Contact Center
• Regulation & standards compliance
• Data loss prevention
• Process control
– Security policies often require attention to process. To
achieve compliance, processes often require auditable,
repetitiveness.
8
Strategies to Cope with Security Threats
Know the legislature and regulations that affect your contact operation e.g. DPA, FSA, PCI, HIPPA, SOX, ISO 27001, DNC
PCI Data Security Standards May Apply
Build and Maintain a Secure Network
–
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
–
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
–
Requirement 3: Protect stored cardholder data
–
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
–
Requirement 5: Use and regularly update anti-virus software
–
Requirement 6: Develop and maintain secure systems and applications (vulnerability assessment, patch management)
Implement Strong Access Control Measures
–
Requirement 7: Restrict access to cardholder data by business need-to-know
–
Requirement 8: Assign a unique ID to each person with computer access
–
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
–
Requirement 10: Track and monitor all access to network resources and cardholder data (logging and QM)
–
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
–
Requirement 12: Maintain a policy that addresses information security
Reference: www.pcisecuritystandards.org
PCI Data Security Standards May Apply
Build and Maintain a Secure Network
–
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
–
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
–
Requirement 3: Protect stored cardholder data
–
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
–
Requirement 5: Use and regularly update anti-virus software
–
Requirement 6: Develop and maintain secure systems and applications (vulnerability assessment, patch management)
Implement Strong Access Control Measures
–
Requirement 7: Restrict access to cardholder data by business need-to-know
–
Requirement 8: Assign a unique ID to each person with computer access
–
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
–
Requirement 10: Track and monitor all access to network resources and cardholder data (logging and QM)
–
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
–
Requirement 12: Maintain a policy that addresses information security
Reference: www.pcisecuritystandards.org
11
Strategies to Cope with Security Threats
Know the legislature and regulations that affect your contact operation e.g. DPA, FSA, PCI, HIPPA, SOX, ISO 27001, DNC
Architect the contact center around the network
Deploy firewalls, IDS, IPS, web/email filtering, anti-virus, & policy-controlled desktop
Strong authentication on home agent equipment under strong corporate IT policy
Disable CD/DVD/USB ports on home agent equipment
Encrypt data, voice and application, going across Internet to home agents
Apply auditable logging on home agent workstations and lock down data access
Publish a home work security policy and require sign off
Apply data access by job function which is not typically impacted by channel
Train agents in use of non-voice communications. An email can carry the same legal weight as a hand written letter and it is a
persistent form of communication.
Ensure that corporate core security practices, baselines and standards are applied to the contact center infrastructure
Thank you for listening.
Enjoy rest of the conference.
Grant Sainsbury
Practice Director, Customer Interactive Solutions
(919) 791-1055
[email protected]