As Contact Centers Shift Rapidly to Cloud, Sensitive Data Needs New Levels of Protection

01

October 2020

By: Mohie Ahmed

Privileged users inside organizations have access to that company’s most valuable assets. As we have learned from countless exploitations, advanced adversaries target privileged accounts, which is why leading analysts agree: Privileged Access Management (PAM) is not a “nice-to-have” – it is a “must-have.”

Without a plan in place to secure privileged accounts and credentials, IT professionals and security teams are finding themselves in an even more complex environment, especially with the increased adoption of cloud computing. Business leaders are opting for cloud alternatives to reduce cost, improve computing strength, and reducing resources to manage on-premises infrastructure. Software-as-a-Service makes sense – as does Communications Platform-as-a-Service (CPaaS) and Unified Communications-as-a-Service (UCaaS).

In the case of the latter two, we have witnessed a dramatic shift to cloud for Contact Centers – a trend that was already well underway but accelerated with the global pandemic and requirement to work remotely. Companies had to move their agents to the cloud overnight, and Business Process Outsourcing (BPO) contact center service providers had to do the same.  This was no small task considering the largest BPOs have tens of thousands and even hundreds of thousands of contact center agents, managers, and other employees to support.

With security solutions deployed as a service, it is now far easier for contact centers to move en masse to the cloud without giving up critical security protections. With cloud-ready PAM solutions, like Ironsphere, risk mitigation does not require managing additional infrastructure or require expensive and ineffective hands-on management associated with on-premises solutions.

Ironsphere’s software platform model allows organizations to offload the majority of the work of managing infrastructure and handling upgrades, freeing IT security staff up to concentrate on risk management and compliance.

PAM-as-a-Service (PAMaaS) is a critical initiative today, especially for contact centers who are collecting and using more and more personal and private information to serve customers better and faster and to run more cost-efficient operations. Compliance in the contact center has never been harder, and fines have never been higher, and with PAMaaS, contact center operators gain all the benefits without burdening their IT teams with managing additional infrastructure or doing upgrades.

This includes moving to an OpEx model vs. CapEx model for security, which makes enhancing their offerings and security postures easier and more affordable than ever.

With PAM in place, even when agents, managers, and executives are working from home and accessing applications and databases while ensuring proper compliance – in healthcare, financial services, retail, and other industry scenarios – data is protected, and systems continue to run without outages caused by internal players.

PAMaaS dramatically accelerates the path to implementation, which has become more important than ever, given the work-from-home directives still in place in many areas of the world.

Even after COVID-19 is under control, we are learning that organizations have been sold on the advantages of remote working, at least for some employees, and are moving dollars over from real estate expenses to building advanced digital platforms that are secure and reliable, highly available and expertly managed.

Contact centers and Customer Experience solutions (including chatbots and more) are investing in protecting data because of the masses of representatives that have access to personal customer information. Even with the extensive authentication security protocols in place, there is vulnerability every time someone accesses a file.

Years ago, for example, AT&T was fined $25 million after two employees at its call center in Mexico confessed to accessing customers’ information and reselling it to strangers.

This is a risk management imperative.

As cyber threats continue to rise, so do the costs. According to a Ponemon Institute report, the cost of the average record lost is valued at $154 USD, while the cost of the average company security breach is valued at $3.79 million dollars.

This calculation by Ponemon includes direct and indirect consequences of the leak: time and resources wasted identifying the source, business lost as a result of key company employees being tied up with the matter, customers lost due to incurring issues of trust, and stocks that drop as a result of investor concerns.

One of the best ways to control internal threats in this type of environment is to control access; by knowing exactly what information they had access to, IT forensics becomes much easier if anything goes wrong.

The ugly truth.

Most data breaches are internally caused, either intentionally (disgruntled workers) or unintentionally (curious or untrained workers). We have seen greedy or desperate employees selling valuable customer data, and related massive fines when the breaches are exposed publicly.

Sage, AOL, Texas Lottery, and GS Caltex all experienced internal security breaches, for example, and to prevent risks, companies need to first acknowledge the threat of internal data breaches, and then implement the necessary security measures to prevent them.

Whether a company runs its own contact center or contracts with a BPO of managed services provider, having PAM in place makes all the difference – protecting customers, protecting businesses, and ensuring new models, including work-from-home, will work for years to come.

Similar Blogs

Higher Stakes In OPSEC As COVID-19 Disrupts Everything

Wars are rarely won because of individual heroics, but by teams of people working efficiently together. Today, we find ourselves at war with the coronavirus – a global pandemic of epic proportions. Cybersecurity is essential in military operations, and the U.S. Government and other governments around the world are shining a brighter spotlight on the need to protect vital systems and sensitive information, including intellectual property regarding the development of treatments and future vaccines.

read more