Neil Titcomb outlines the important questions a business should ask when storing sensitive information in the cloud.
Securing customer data on all applications managed from the cloud will become increasingly important as cloud adoption expands and more companies move customer-facing contact centre applications to the cloud.
Despite the increased adoption of cloud-based contact centre solutions, some organisations still have concerns due to the increase in high-profile security breaches.
Here are some things to consider before handing over your data:
1. Will your data be physically secured inside and out?
As with all types of security, whether it’s network, physical or logical, there should be several layers of security parameters in the centres to ensure the security of the data.
Physical security is a critical component in protecting customer data, given that more often than not, stolen data is the work of a current or former employee rather than of an outsider hacker.
Physical security should be controlled 24/7 by means such as: card-key access, video surveillance, security system logging and security personnel. Data centre access should only be granted to employees and contractors who have a legitimate need.
When an employee no longer has a need for access to the centre, their privileges should be immediately revoked. This should be confirmed by policy and through regular audits of access lists.
2. Are there measures in place to prevent unauthorised access and hacking?
Logical security is a second critical layer in keeping customer data safe, using software-based techniques for authenticating user privileges on a specific computer network or system to secure access.
Cloud service providers also use role-based permissions which assign users to roles granting them specific levels of access to systems and data.
There are many different techniques to authenticate users, such as usernames and passwords and two-way authentication (when the user and the computer system engage in a two-way, question-and-answer exchange).
3. Are there multi-layer firewalls in place?
Weak network security is one of the biggest threats. Unauthorised access and “snooping” are the two main types of network security threats.
Key questions to ask are whether the cloud provider’s network is protected by multi-layer firewalls and an intrusion detection system.
Partnering with the right service provider can in many cases help you stay ahead of data theft and potential security breaches. But it is key to find a cloud service provider that leverages the tools available today to secure your confidential information, and adheres to the latest security guidelines.
4. Does your provider believe securing data is critically important?
It is important to select a company that believes securing data is critically important and is a shared responsibility.
This starts with choosing a cloud service provider that views protection of customer data as a shared responsibility and demonstrates a commitment to maintaining a highly secure and private environment for all clients.
A recent report titled “Security of Cloud Computing Providers” from the Ponemon Institute reported 69% of cloud providers in their survey did not believe that securing customer data was their responsibility; only 16% believe security should be a shared responsibility between cloud provider and tenant.
With thanks to Neil Titcomb at Genesys