For organizations looking to establish or convert to cloud-based contact centers, addressing security and privacy issues is a critical component of the planning stages to ensure that there are no major security exposures and all compliance requirements are met. For cloud-based contact centers, availability and accessibility from the cloud is crucial. Employees need to be able to carry out their responsibilities and overall business objectives need to be met. Security threats can impede work from getting done and create challenges for management. And if credit cards are being processed through the contact center, there are quite possibly civil and criminal liabilities with any lapses in security. Credit card companies can hand down fines up to $500K per incident of non-compliance. In order to avoid these issues, the top security concerns that cloud-based contact centers must address are:

• Ensuring that only authorized, credentialed users have access to confidential information
• Ensuring the integrity and privacy of confidential information like social security numbers, contact information, credit card information, agents' notes, call data, transcripts and recordings
• Integrating with third-party systems without putting security and privacy in jeopardy

Contact center application security can be broken into three areas:

• Role-based security
• Telecom security
• Password-Based Authentication

Role-Based Security

Role-based security is an important aspect in protecting cloud-based contact centers. It should allow contact centers to give each user in their organization access to features and data based on their role within the organization. A cloud-based contact center application should allow for roles to be designated to users in such a way that access is defined and constrained to prevent any unauthorized access.

Various roles and authorities can be designated to users so that each person can access the features and data needed to complete their work. Access should be determined at read, write, update and delete levels for all data. It can also be set at restriction levels in terms of skills, teams and projects. So, an agent, depending on their role, may be able to see customer details, but unable to update, edit or delete them. A supervisor might have access to view the performance of a team member or his or her entire team, but unable to see the performance of a team in a different department.

Telecom Security

Additionally, the license owners should have the authority to prohibit CSRs from making calls or texts that have not been authorized to unauthorized calling areas. Telecom security measures should also prohibit outbound users while at the same time allow them to make user initiated calls or texts to assigned calling areas to avoid international calling charges. If necessary, it should also prevent inbound license owners from receiving calls from certain calling areas.

Password-Based Authentication

Password-based authentication is also important to give users permission to access any subscribed features. Any passwords stored in the database should be encrypted. Cryptographic algorithms should be used to verify users. There are many algorithms that are proven to secure cloud-based services. If there are repeated access attempts, alerts can be set up  and the user should be presented with further authentication.