Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Hosted Contact Centre                                                      Security                                       ...
Security© 2008 1Stream Managed Technical Solutions Pty Ltd
What is IT security         • Computer security - protection of information           and property from theft, corruption,...
How big is the problem?         • Early 2011 Sony acknowledged that personal           information of 77 million play stat...
Cloud security© 2008 1Stream Managed Technical Solutions Pty Ltd
The Cloud© 2008 1Stream Managed Technical Solutions Pty Ltd
The Future of the Cloud© 2008 1Stream Managed Technical Solutions Pty Ltd
Cloud Complexities© 2008 1Stream Managed Technical Solutions Pty Ltd
The cloud at a glance                      Cloud Infrastructure           Cloud Infrastructure   Cloud Infrastructure     ...
Cloud characteristics         • Private cloud                   – enterprise owned or leased         • Community cloud    ...
NIST/Cloud security© 2008 1Stream Managed Technical Solutions Pty Ltd
Call Centre Security© 2008 1Stream Managed Technical Solutions Pty Ltd
Security in the call centre         •       Physical security – cameras, access control/turn-styles, lockers         •    ...
Call Centre Security matrix                        PCI Compliance                        FAIS / FSB                       ...
What needs to be considered?         •       VOIP         •       Access to recordings         •       CRM database inform...
VOIP         •       Encryption – TLS / SRTP         •       Firewall – STUN (TURN/ICE)         •       Proxy – complex (n...
Recording Access         •       ECT act         •       Consider multi-media         •       Encryption – at least 128 bi...
CRM         •       Process more than technology         •       Physical security         •       Perimeter defence      ...
Payment Card Industry Data Security                      Standard (PCI-DSS)         • 36.7% of contact Centres claimed to ...
PCI-DSS Objectives© 2008 1Stream Managed Technical Solutions Pty Ltd
Cloud Vs Premise© 2008 1Stream Managed Technical Solutions Pty Ltd
Cloud Benefits Pros and Cons         •       Flexibility         •       On-demand         •       Access to technology   ...
Cloud Benefits Pros and Cons         • Multi-tenanted         • 3rd party vendor         • Limited input to security stand...
Summary         • The world is going “cloud”         • Organisations must take responsibility         • Do not assume all ...
© 2008 1Stream Managed Technical Solutions Pty Ltd
Upcoming SlideShare
Loading in …5
×

Hosted Contact Centre Security

1,721 views

Published on

1Stream Hosted Contact Centre Security

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

Hosted Contact Centre Security

  1. 1. Hosted Contact Centre Security Jed Hewson 1Stream Hosted Contact Centre© 2008 1Stream Managed Technical Solutions Pty Ltd
  2. 2. Security© 2008 1Stream Managed Technical Solutions Pty Ltd
  3. 3. What is IT security • Computer security - protection of information and property from theft, corruption, or natural disaster and continuance of service. • Computer system security - collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events© 2008 1Stream Managed Technical Solutions Pty Ltd
  4. 4. How big is the problem? • Early 2011 Sony acknowledged that personal information of 77 million play station users had been hacked. • NHS reports 140 security breaches in 3 months and have now closed down part of their IT systems • Wikileaks – a leak from within the secret service! • Citysights – NY tour operator exposed 100,000 card details • Is copper an IT security issue?© 2008 1Stream Managed Technical Solutions Pty Ltd
  5. 5. Cloud security© 2008 1Stream Managed Technical Solutions Pty Ltd
  6. 6. The Cloud© 2008 1Stream Managed Technical Solutions Pty Ltd
  7. 7. The Future of the Cloud© 2008 1Stream Managed Technical Solutions Pty Ltd
  8. 8. Cloud Complexities© 2008 1Stream Managed Technical Solutions Pty Ltd
  9. 9. The cloud at a glance Cloud Infrastructure Cloud Infrastructure Cloud Infrastructure IaaS Software as a Service PaaS PaaS (SaaS) SaaS SaaS SaaS Architectures Cloud Infrastructure Cloud Infrastructure IaaS Platform as a Service (PaaS) PaaS PaaS Architectures Cloud Infrastructure IaaS Infrastructure as a Service (IaaS) Architectures© 2008 1Stream Managed Technical Solutions Pty Ltd
  10. 10. Cloud characteristics • Private cloud – enterprise owned or leased • Community cloud – shared infrastructure for specific community • Public cloud – Sold to the public, mega-scale infrastructure • Hybrid cloud – composition of two or more clouds© 2008 1Stream Managed Technical Solutions Pty Ltd
  11. 11. NIST/Cloud security© 2008 1Stream Managed Technical Solutions Pty Ltd
  12. 12. Call Centre Security© 2008 1Stream Managed Technical Solutions Pty Ltd
  13. 13. Security in the call centre • Physical security – cameras, access control/turn-styles, lockers • PC security – AV, lock down, firewalls • Internet security – firewalls, white and blacklists. • Logon Access – AD, CRM, email and other applications • Access to databases and file &print servers • Access to call recordings/ screen recordings/other media recordings • Access to call data • Dialing Compliance • FAIS/FSB Compliance • PCI Compliance • Certify to standards such as ISO 27001© 2008 1Stream Managed Technical Solutions Pty Ltd
  14. 14. Call Centre Security matrix PCI Compliance FAIS / FSB Dialing Compliance Access to recordings Access to databases Internet security Network security PC Security Physical security Collection Customer Fin. Serv. Telesales Service Sales Debt PCI© 2008 1Stream Managed Technical Solutions Pty Ltd
  15. 15. What needs to be considered? • VOIP • Access to recordings • CRM database information • PCI-DSS compliance© 2008 1Stream Managed Technical Solutions Pty Ltd
  16. 16. VOIP • Encryption – TLS / SRTP • Firewall – STUN (TURN/ICE) • Proxy – complex (non-default) passwords • Break the IP chain (include iSDN) • VLAN/QOS© 2008 1Stream Managed Technical Solutions Pty Ltd
  17. 17. Recording Access • ECT act • Consider multi-media • Encryption – at least 128 bit • Tamper proof store • Auditable access • Deletion management© 2008 1Stream Managed Technical Solutions Pty Ltd
  18. 18. CRM • Process more than technology • Physical security • Perimeter defence • Data Encryption • User authentication • Application security • Internal Systems security • Operating system • Database and server management • Back up and Disaster recovery© 2008 1Stream Managed Technical Solutions Pty Ltd
  19. 19. Payment Card Industry Data Security Standard (PCI-DSS) • 36.7% of contact Centres claimed to be fully compliant with the Payment Card Industry Data Security Standard • (89%) admitted to not understanding PCI DSS, the requirements nor penalties • The act of recording a call can break the rules of PCI DSS • Penalties of up to $500 000© 2008 1Stream Managed Technical Solutions Pty Ltd
  20. 20. PCI-DSS Objectives© 2008 1Stream Managed Technical Solutions Pty Ltd
  21. 21. Cloud Vs Premise© 2008 1Stream Managed Technical Solutions Pty Ltd
  22. 22. Cloud Benefits Pros and Cons • Flexibility • On-demand • Access to technology • SLA • Access to skills • Cheaper!!© 2008 1Stream Managed Technical Solutions Pty Ltd
  23. 23. Cloud Benefits Pros and Cons • Multi-tenanted • 3rd party vendor • Limited input to security standards© 2008 1Stream Managed Technical Solutions Pty Ltd
  24. 24. Summary • The world is going “cloud” • Organisations must take responsibility • Do not assume all providers are the same • Hosted providers can offer better technology, experience and skills • For the majority of call centres the hosted provider has more to lose© 2008 1Stream Managed Technical Solutions Pty Ltd
  25. 25. © 2008 1Stream Managed Technical Solutions Pty Ltd

×