What to Expect Out of Your Cloud Provider and Call Center Security

If you think you’re scared of performing personal pharmacy or credit card transactions in the cloud, imagine the concerns of business managers when it comes to security and government regulatory compliance. In fact, according to our newest whitepaper “Call center compliance in the Cloud,” many businesses avoid the problem altogether:

To address (compliance) concerns, businesses are often advised to move only nonsensitive data to the cloud, but this limits the benefits that can be had from moving systems off premise.

It takes clear-headed effort and a little bit of legwork to get those security and compliance assurances, but the good news is that “oftentimes a vendor’s security practices are more rigorous than its customers.” So going to the cloud for your call center services is worth it.

The benefits of cloud computing services

Moving computing systems to the cloud can:

  • lower capital expenditures
  • provide access expertise not readily available in-house
  • tap into resources that might not otherwise be affordable

Moving the gateway to the business—the call center—to the cloud is no different. The catch is that for many organizations, the need to comply with regulatory requirements stands in the way.

Sensitive data must be protected, and the territory is governed by HIPAA as well as PCI DSS.  HIPPA, as anyone in the healthcare field knows, protects the privacy of customers and patients. Vendors who process credit cards need to pay attention PCI DSS.  The kicker is that whoever owns the data is ultimately and totally responsible for protecting it—regardless of where or how the data is stored.

Four “Musts” for your cloud call center provider

The whitepaper provides four things you should look for when considering (or auditing) a prospective (or existing) cloud call center provider:

  1. The provider must hold you to your own compliance requirements. Don’t expect the provider to “play nice” when it comes to pointing out noncompliance issues that could get you and the provider in hot water.
  2. The provider must perform continual risk assessments. According to the whitepaper, the call center provider must do risk assessments of its environment “prior to any infrastructure changes and at least annually to ensure continual compliance.” (Compliance cannot be allowed to slip to complacency.)
  3. The provider must have solid and secure software development and build practices. Among other things, the provider needs to build in the necessary security controls directly into the software or platform, rather than trying to plug leaks after the fact. Look for a mature software security infrastructure and security certified programmers.
  4. The provider must provide proper segmentation (i.e., physically separating systems with sensitive data from systems that have nonsensitive data).

Download the complete whitepaper. As you read through the warnings, details and examples, bear in mind that we published this whitepaper as a benchmark of everything we at USAN do to protect the security and compliance of our clients. We do all that while at the same time provide you with an optimum customer engagement platform.