Data security in the contact centre

Since the introduction of the GDPR regulations, the importance of data security has become even more visible. What data is stored, and where? Who is it accessible to? What is being done to ensure data security? Consumers are increasingly being guided by these types of questions when selecting a company, and CIOs are all too aware of the need to secure their infrastructure. In 2020, it was even at the top¹⁾ of the list of technological investments!

^{1) MuleSoft: 2020 Connectivity benchmark report}

Opting for the cloud – how secure is it?

More and more companies are switching to a cloud solution, especially since the outbreak of the COVID-19 pandemic. Even organisations that until recently objected to it have now come to the conclusion that the cloud brings capabilities that go far beyond cost savings, scalability, and the ability to work from home on a large scale alone. Benefits that ultimately won out over the fear of change.

But how secure is a cloud solution really? What are the possibilities? The ‘basics’ in a nutshell:

In a public cloud environment, an organisation shares capacity and functionality with other organisations on the same servers. A logical division is made between the data of one organisation and that of others. The solutions from the public cloud are almost always standardised, which means that customisations or integrations tend to be (almost) impossible.

In a private cloud environment, a separate installation is implemented for each organisation, completely separate from other installations. The advantage of this is that, on the one hand, all the advantages of a public cloud solution can be used, while integrations and further customisation are also possible.

Although the public cloud today meets high data security requirements, organisations that process large amounts of sensitive data often prefer a private or ‘single-tenant’ cloud environment. It can provide more restricted and protected access than the public cloud or a multi-tenant environment. In that respect, it is comparable or even better than an on-premise solution.

To be sure that a cloud provider meets the requirements in the area of data security, it’s worth checking whether it is in possession of an ISO-27001 certificate. This standard is about process-based safeguarding of information, in order to ensure the security, availability, integrity, and privacy of the data. Topics covered in this are, for example, the protection of personal and company data, and protection against hackers and burglary.

Secure integration

In addition, integrations with other systems should also be considered. It turns out that 90% of web applications are more often exposed to attacks due to API vulnerabilities than through the user interface²⁾. There is now a visible shift from the traditional perimeter security (firewall) around the entire network, towards a more modular approach to data security. This is also known as cybersecurity mesh.

A firewall assumes that an organisation trusts the internal network and everyone within it. But, especially as it becomes increasingly important for employees to access applications and data anytime, anywhere, and from any device, this approach is becoming less and less effective. In addition, organisations are increasingly using microservice containers, which means that more and more parts of IT systems are located outside the existing security perimeter.

Cybersecurity mesh offers a solution for this that is scalable, flexible, and reliable. It is part of a zero-trust policy, which is based on the principle that all access to systems must be verified.

^{2) ZDNet: Top 8 trends shaping digital transformation in 2021}