As Contact Center Data Grows, So Grows the Risk of Data Breaches: PAM Now A Priority for 2021
By: Mohie Ahmed
In an increasingly virtual, distributed, and remote working world, more people are relying on contact centers than ever before.
The contact center industry has been scrambling to keep up with new demands – including the requirement to shift from physical centers to remote workers – and this changes their need for new security solutions dramatically.
The dramatic and ongoing shift to work-from-home itself has flooded Contact Centers with more calls while also driving those “Centers” to remote decentralized architectures, with agents working from home. The technology and infrastructure to support this have been around for a while, but what we are experiencing now is a sea change in Call Center dynamics bringing huge challenges and likely irreversible change.
There is a continuing surge in online activities: working, learning, buying, government services, including unemployment insurance as millions lose their jobs, healthcare through telemedicine, and more.
When everything goes smoothly, things work; but when things go wrong, people want to reach people and do so without having to wait hours or even days for a conversation. This is causing contact centers to relax some guidelines and is expanding the attack surface as more employees are able to access systems, given that contact centers often protect access based on physical perimeters.
In these unprecedented times, the load is exploding — in both the public and the private sector. Coping with the massive unanticipated surges in demand is creating a perfect storm of challenges: supporting critical services over a public broadband infrastructure, connecting agents, applications, and consumers using new platforms that are not always compliant with regulations (PII, PCI, HIPAA, and more).
A natural solution for IT teams is putting in place Privileged Access Management software to ensure only those who should access applications and databases, services, and networks, can access them. This is a straightforward way to unify new models and regain control over privacy and compliance, ensuring that customer information is treated in a manner compliant with regulations, securing customer privacy, and protecting the security of systems and data from bad actors – who are moving in as they see more tears in security fabrics.
Contact center operators – whether enterprises running their own contact centers – or the large Business Process Outsourcing (BPO), companies who run contact centers for businesses – are increasingly deploying PAM, especially those who use third-party contractors for IT and who have connectors into third-party applications and clouds. Ensuring TRUST is mission-critical for enterprises, service providers, government agencies, and PAM is the route to that – the most straightforward, efficient, and effective approach, when the PAM solutions they choose are cloud-friendly, and comprehensive – simple to implement and practical to scale.
In an organization, privileged users have access to IT and network infrastructure for operation and administration purposes or have access to sensitive information or assets, such as customer records, employees’ payroll, and financial records. Sample privileged users are:
- System, database, and application administrators who have continuous and unrestricted access to a broad range of assets
- Help desk agents who have restricted access to a broad range of assets
- Business Application (e.g., ERM, Salesforce) users or users of an organization’s social media (e.g., LinkedIn, Twitter) accounts
- Nonemployees, such as vendor support, consultants, contractors
Why is PAM critical for contact centers?
Privileged users access an organization’s critical systems, resources, and assets using elevated or unrestricted accounts, i.e., privileged accounts. These accounts include local and domain administrative accounts, service accounts, emergency accounts, application accounts and are referred to as “the keys to the kingdom.”
They are primary targets of both external and internal malicious users and have been used in successful attacks to gain access to an organization’s critical systems and resources, resulting in data breaches or service outages that have material business impact. So, privileged accounts are a potential source of threats to the security posture of any organization because of their elevated/unrestricted access to critical systems and sensitive information.
To learn more or schedule a demo, please contact us.
The year of COVID-19 has been a nightmare on so many levels, with over a million dead globally, and nearly a quarter of those in the USA.read more
Whether a contact center is run by an enterprise, by an outsourcing partner, by a government agency, insurance company, healthcare provider, or non-profit organization, the platforms (voice, messaging, and increasingly video conferencing) are generating data every minute of every day.read more
By November 30, 2020, certain U.S. Department of Defense (DoD) prime contractors and subcontractors will need to complete a cybersecurity self-assessment prior to receiving new DoD contracts and prior to the exercise of new options under existing DoD contracts. Additionally, DoD contractors will need to ensure that any subcontractors that receive Controlled Unclassified Information (CUI) have also completed the cybersecurity self-assessment.read more