Securing Call Center Recordings Webinar 4 16 09

1,122 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,122
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Securing Call Center Recordings Webinar 4 16 09

    1. 1. You Never Know Who Is Listening: Securing Call Center Recordings & Personally Identifiable Information (PII)
    2. 2. Agenda <ul><li>What threats exist today that jeopardize the security of call center recordings </li></ul><ul><li>Best practice strategies for taking an encryption approach to security and compliance </li></ul><ul><li>Technologies that offset threats and meet compliance by securing call center recordings and PII </li></ul>
    3. 3. What threats exist today that jeopardize the security of call center recordings Ginney McAdams Vice President of Business Development TantaComm
    4. 4. 2008 Data Breaches Soar ITRC Reports 47% Increase over 2007 According to ITRC reports, only 2.4% of all breaches had encryption or other strong protection methods in use. Posted 1/5/09 on idthreatcenter.org 2008 - # of Breaches 2008 2007 2006 Business 240 36.6% 28.9% 21% Educational 131 20% 24.8% 28% Government/Military 110 16.8% 24.6% 30%
    5. 5. 2008 Data Breaches Soar ITRC Reports 47% Increase over 2007 For 2008 Financial Business Education Gvt/Military Medical Insider Theft 2.4% 5.6% 1.8% 3.4% 2.4% Hacking 3.5% 6.1% 2.7% 0.8% 0.8% Data on the Move 1.7% 7.3% 3% 4.3% 4.4%
    6. 6. Threats that Exist today <ul><li>Data Breach Threats </li></ul><ul><ul><li>Inadequate Security Precautions and Policies </li></ul></ul><ul><ul><li>Identity Theft </li></ul></ul><ul><ul><li>Stolen hardware </li></ul></ul><ul><ul><li>Stolen credit cards </li></ul></ul><ul><ul><li>Inadequate deletion of Customer Data </li></ul></ul><ul><ul><ul><li>Laptop </li></ul></ul></ul><ul><ul><ul><li>Desktop </li></ul></ul></ul><ul><ul><ul><li>Cell Phone </li></ul></ul></ul><ul><ul><li>Physical Data Management </li></ul></ul><ul><ul><ul><li>Access to data (electronic and paper) </li></ul></ul></ul>
    7. 7. Best practice strategies for taking an encryption approach to security and compliance Trisha Paine Board of Directors PCI Security Alliance
    8. 8. Sustainable Compliance Objectives and Requirements <ul><li>To achieve sustainable compliance you must: </li></ul><ul><li>Reduce the costs and complexity of regulatory compliance </li></ul><ul><li>Control information access and enhance security </li></ul><ul><li>Provide a foundation for quickly adapting to business and regulatory compliance changes </li></ul><ul><li>Understand what data is most sensitive to your business </li></ul><ul><li>Know where your sensitive data resides </li></ul><ul><li>Understand the origin and nature of your risks </li></ul><ul><li>Implement the appropriate controls based on policy, risk, and location of sensitive data </li></ul><ul><li>Manage security centrally </li></ul><ul><li>Audit security to constantly improve </li></ul>Objectives Requirements
    9. 9. <ul><li>Complexity of regulatory environment </li></ul><ul><li>Increased storage of sensitive data </li></ul><ul><li>Data loss threats are on the rise </li></ul><ul><li>Growing need to share more sensitive data with external users </li></ul><ul><li>Encrypt sensitive data </li></ul><ul><li>Mitigate risk through policy-based remediation and enforcement </li></ul><ul><li>Deploy enterprise encryption and tailored key management capabilities </li></ul>Issues Solutions Sustainable Compliance Factors and Challenges
    10. 10. Sustainable Compliance Resulting Benefits <ul><li>Reduce costs of compliance audits by *25% </li></ul><ul><li>Centrally manage policy and reporting </li></ul><ul><li>Reduce redundancy by standardizing on common set of security controls </li></ul><ul><li>Reduce system complexity through control consolidation </li></ul><ul><li>Rapidly comply with new mandates </li></ul><ul><li>Reduce training costs </li></ul>* Based on an analysis by C&H that compared audit effort using traditional controls, against audit effort using SafeNet EDP components
    11. 11. Assess risks  Classify critical assets based on business impact  Perform on-going Risk Assessments to identify threats and vulnerabilities  Implement controls based on policy and standards Monitor and adjust controls  Perform ongoing monitoring of controls  Analyze and mitigate threats  Identify and correct vulnerabilities  Adjust controls based on changing business needs Communicate  Provide reports and metrics to key stakeholders  Verify and validate controls are in place and performing Best Practices Bottom Line
    12. 12. Technologies that offset threats and meet compliance by securing call center recordings and PII Ginney McAdams Vice President of Business Development TantaComm
    13. 13. Securing your Recordings <ul><li>Solution Overview </li></ul><ul><ul><li>End-to-end media encryption </li></ul></ul><ul><ul><li>Data is encrypted as it’s being recorded </li></ul></ul><ul><ul><li>Employs Symmetric keys. Keys use industry AES (Advanced Encryption Standard) 256 bit strong encryption. </li></ul></ul><ul><ul><li>Media is kept encrypted while in transit over your network. </li></ul></ul><ul><ul><li>Secure playback software is used to decrypt & play files. </li></ul></ul><ul><ul><li>Key management appliance is fully redundant </li></ul></ul><ul><ul><li>Solution is HIGHLY scalable. One Key management appliance is capable of handling 12,000 requests. Software is easily added to our recording servers. </li></ul></ul>
    14. 14. Securing your Recordings
    15. 15. Securing your Recordings <ul><ul><li>Our solution assists you in meeting your PCI & PII security standards and regulations. </li></ul></ul>
    16. 16. Technologies that offset threats and meet compliance by securing call center recordings and PII Andrew Dillon Director of Product Management SafeNet, Inc.
    17. 17. DataSecure and Enterprise Data Protection An Integrated Suite of Data-Centric Security Solutions to Protect Data and Achieve Compliance Remote Location Data Center Databases SafeNet DataSecure Mainframe SafeNet ProtectDrive SafeNet ProtectFile SafeNet Authentication SafeNet ProtectDB SafeNet DataSecure Toolkit SafeNet DataSecure Toolkit SafeNet EdgeSecure File Servers Application and Web Servers SafeNet ProtectFile Laptop/Mobile Handset
    18. 18. Why DataSecure? Secure  Hardware-based, centralized key and policy management  FIPS/CC certified  Granular access privileges and separation of duties Fast  High performance encryption offload, over 100k TPS  Batch processing for massive amounts of data Flexible  Support for heterogeneous environments (app, db, file)  Support for open standards and APIs Simple  Intuitive administration  Centralized policy creation and enforcement  Granular logging/auditing
    19. 19. Questions?
    20. 20. Thank You Trisha Paine PCI Security Alliance [email_address] For more information: Ginney McAdams Vice President, TantaComm [email_address] Andrew Dillon Product Manager, SafeNet [email_address]

    ×