Cloud Contact Center. Security White Paper



Similar documents
Cloud Contact Center. Security White Paper

HIPAA Privacy & Security White Paper

Nuance OnDemand provides security and reliablity.

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Security Controls for the Autodesk 360 Managed Services

IBX Business Network Platform Information Security Controls Document Classification [Public]

Complying with PCI Data Security

Contact Center Security: Moving to the Cloud

GoodData Corporation Security White Paper

BEST PRACTICES FOR COMMERCIAL COMPLIANCE

Secure and control how your business shares files using Hightail

Cisco Advanced Services for Network Security

twilio cloud communications SECURITY ARCHITECTURE

Security Considerations

PCI Requirements Coverage Summary Table

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

StratusLIVE for Fundraisers Cloud Operations

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Contact Center Security: Moving to the True Cloud

CHIS, Inc. Privacy General Guidelines

Retention & Destruction

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Privacy + Security + Integrity

PCI Requirements Coverage Summary Table

Security Information & Policies

BMC s Security Strategy for ITSM in the SaaS Environment

BOLDCHAT ARCHITECTURE & APPLICATION CONTROL

Tenzing Security Services and Best Practices

PCI v2.0 Compliance for Wireless LAN

HIPAA Security Alert

Healthcare Compliance Solutions

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

Josiah Wilkinson Internal Security Assessor. Nationwide

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

Vendor Questionnaire

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

Healthcare Compliance Solutions

Preemptive security solutions for healthcare

Addressing Cloud Computing Security Considerations

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

Autodesk PLM 360 Security Whitepaper

Apteligent White Paper. Security and Information Polices

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

This policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.

Hosted Exchange. Security Overview. Learn More: Call us at

Security and Information Policies

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Security & Infra-Structure Overview

For more information on how to build a HIPAA-compliant wireless network with Lutrum, please contact us today!

Payment Card Industry Data Security Standard

White Paper How Noah Mobile uses Microsoft Azure Core Services

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

How To Achieve Pca Compliance With Redhat Enterprise Linux

Altus UC Security Overview

Our Key Security Features Are:

Healthcare Security and HIPAA Compliance with A10

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

NetSuite Data Center Fact Sheet

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

QuickBooks Online: Security & Infrastructure

Becoming PCI Compliant

Cloud Management. Overview. Cloud Managed Networks

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Famly ApS: Overview of Security Processes

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Achieving Compliance with the PCI Data Security Standard

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Payment Card Industry Data Security Standard

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

HIPAA Compliance for the Wireless LAN

Keyfort Cloud Services (KCS)

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

PCI DSS COMPLIANCE DATA

Strengthen security with intelligent identity and access management

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

An Oracle White Paper June Security and the Oracle Database Cloud Service

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

FormFire Application and IT Security. White Paper

Security Issues in Cloud Computing

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

PCI Data Security Standards (DSS)

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

PCI Compliance for Cloud Applications

Achieving PCI-Compliance through Cyberoam

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

IBM Connections Cloud Security

Transcription:

Cloud Contact Center Security White Paper

Introduction Customers communicate with organizations in a variety of forms from phone conversations to email, web chat and social media. As each interaction may contain sensitive and confidential information, security has become a top requirement for consumers and enterprises alike. Many companies are turning to cloud-based solutions for more robust security as part of their contact center strategy. Cloud contact center solutions provide many advantages over traditional on-premise solutions, including the lower upfront capital expenditure, deployment flexibility and scalability, relief of infrastructure installation and maintenance, and an instant gateway to advanced capabilities. One important benefit of cloud contact center solutions is the relief of security implementation. This built-in benefit with the right cloud contact center solution can translate into significant cost savings. Mitel has implemented security measures that take a comprehensive multiple-layer approach that has been certified to meet industry s standards including Payment Card Industry - Data Security Standards (PCI-DSS) and Health Insurance Portability and Accountability (HiPAA) compliance. In fact, Mitel has been providing secure cloud contact center solutions to leading enterprises, including some of the largest financial and insurance companies in the world, for over a decade. Overview Mitel s security strategy provides controls at multiple levels of data storage, access, and transfer. The strategy includes the following components: Physical Security Network Security Platform Security Application Security Data Security Human Security Compliance Physical Security Mitel s MiContact Center Live Cloud solution for large enterprises operates in Tier 4-class data centers. Each data center employs the same physical security standards and is controlled by multiple security parameters including: Electronic entry systems that require each person who enters a data center have a valid badge and pass biometric controls System access includes multiple levels of authentication including two layers of biometric authentication Surveillance cameras supported by infrared, ultrasonic and photoelectric motion sensors Alarm systems deployed throughout the datacenters Armed security guards on duty 24x7 Exterior walls constructed of steel reinforced poured concrete or reinforced masonry that exceeds building code requirements for structural strength Multiple Internet connections to block intentional disruptions of service Multiple power connections with generator backup Fire suppression systems Tracking and recording of all access made to the data center Network Security MiContact Center Live uses network elements that interconnect systems and information across multiple locations. Mitel achieves network security through technical systems and processes including the following: Firewalls: Multiple layers of firewalls are deployed Web Application Firewall (WAF): Analyzes application level activity in real-time to detect and block malicious activity Segmentation: Systems are broken up in logical groups with restricted access to other groups, helping to contain intrusions that may occur Intrusion Detection Systems (IDS): Detects suspicious activity Data Encryption: Ensures added security when data travels over our internal network and when customers access the information externally over other types of networks 2 Mitel

SECURITY VULNERABILITY ASSESSMENTS Mitel conducts internal and external network vulnerability scans each quarter (at a minimum) and after significant changes in the network (e.g. new system component installations, changes in network topology, firewall rule modifications, product upgrades). As a result: All potential vulnerabilities identified are communicated to appropriate Mitel personnel for remediation All high-level vulnerabilities are scheduled to be corrected within 10 days Medium-level vulnerabilities are corrected and subject to Change Control Policy Follow-up scans confirm compliance with Mitel security standards In addition, the Mitel Security Operations Center (SOC) staff engages in efforts to monitor activities on the Mitel network 24x7x365. The SOC team manages the network to detect and prevent threats and to maintain recovery control and audit logs of all activities of all users. This allows the security team to assist any necessary investigations or audits. Platform Security As a cloud-based solution, MiContact Center Live was built as a multi-tenant solution with distributed systems on an application architecture to preserve the security of each tenant. Mitel has designed the platform with tight security in mind around servers and the operating system, middleware and application/ multi-tenancy stack. HIGH AVAILABILITY To minimize service interruption due to hardware failures, natural disasters, Denial of Service (DoS) attacks, or other catastrophes, Mitel has implemented a disaster recovery plans for its data centers. This program includes: MULTI-TENANT SECURITY MiContact Center Live separates tenant applications and data. This isolation and separation preserves the integrity of each tenant environment and its data. Mitel supports the following tenant separations: Server level: Each tenant has a unique and isolated (virtual or physical) environment with a single management system. Data level: The application is designed so that access across tenants is securely administered. Mitel may deploy different tenant separate methodologies depending on the features that a customer orders. Application Security Mitel has deployed the following application security methodologies: SECURE BY DESIGN Secure Software Installation Controls: Access to Mitel applications uses multi-level authentication and all access is logged. Prudent Configuration of Access Controls: Least Privilege and Need-to-Know principles are applied during the design of the applications. HOLISTIC SECURITY Users access the MiContact Center Live Platform in the Cloud via our Secure Sign-in feature. Customers can adjust their level of password strength and expiration policies to fit their needs. The platform provides a rolebased and IP-based permission systems, giving you fine grained control over who in your organization has to access to specific applications and data. In addition, we offer several unique capabilities to ensure that your customers data remains secure. Mitel s Secure Exchange feature, for example, allows callers to securely provide sensitive personal information while ensuring that agents do not hear or have access to that data. Geographically dispersed data centers that operate in activeactive mode. Redundant applications that provide backup capabilities. If the primary server goes out of service, a backup server acts as the primary server. LOAD DISTRIBUTION MiContact Center Live deploys proxy and parallel servers to add efficiency to large-scale configurations. The use of these technologies reduces the loss of functionality and data caused by an outage or security attack. 3 Mitel

Data Security Security and privacy of customer data is extremely important to LiveOps and is an essential element of our client relationship. Mitel applies particular security measures and attention to customer data in various areas as detailed in the following sections. In the past year Mitel has: Processed billions of dollars through the platform Supported 144 million calls on the Mitel platform for 531 million minutes That s over a thousand years of voice calls! Supported hundreds of clients within Financial Services, Healthcare, High Tech, Insurance and Retail Collected over 25 million credit card numbers (PCI-DSS) Collected over 4 million bank account numbers Processed 100+ million instances including Personally Identifiable Information (PII) Collected tens of millions of medical data artifacts (HIPAA) POLICY AND PROCEDURES Mitel Security Policy and Procedures include provisions to protect customer data from unauthorized access by implementing access controls and employing data and protocol encryption. DATA COLLECTION Mitel views secure customer data collection and retention as a top priority. To address this business goal, Mitel employs a variety of practices and procedures. End customer data must be kept private when it is collected, such as when an end customer makes a purchase or provides personal information necessary to receive support or benefits. Mitel protects and maintains the security of that data in its possession until it is deleted or destroyed in accordance with defined data retention periods and data deletion procedures. DATA ENCRYPTION Sensitive data is stored in 2048-bit RSA encrypted secured databases. These databases are not accessible to agents who have access to Mitel Contact Center. Call recordings are encrypted on a hardened appliance using the AES256 encryption standard in accordance with NIST FIPS 140-2 3 (US Federal Information Processing Standard). DATABASE SERVERS Customer data is stored on Mitel database servers on a secure database VLAN. Database access is limited to authorized operations and engineering teams. Logical access is protected in the MiContact Center Live application hosted on web servers in a DMZ, utilizing 128-bit SSL cipher key minimums, and requiring unique usernames and passwords to authorized users. User access and database transactions are logged. Human Security Background and reference checks are performed on Mitel personnel who are authorized to access customer data. In addition, all employees must review and certify a full understanding of the Mitel s Policy and Procedures, which includes: Data retention Employee security awareness training and management Data storage and transmission Security vulnerability assessment program Acceptable usage of Mitel s systems Fraud Detection A specialized team can audit and gather information regarding potentially fraudulent activity. Automatic monitoring systems detect anomalies in the behavior of agents. Manual review and investigations are conducted when required. Constant tuning of heuristic detection methods to identify fraudulent activities. Compliance Mitel has implemented the compliance procedures to ensure high levels of compliance to legal and consumer laws. Mitel compliance measures and achievements adhere to a broad range of laws and regulations governing electronic information security. Always consult your legal counsel to ensure you understand what regulatory and compliance requirements are appropriate for your specific use of MiContact Center Live and its features. 4 Mitel

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI) What is PCI-DSS? PCI is a certification required by Visa, MasterCard and other major credit card processors for ensuring data security and privacy. PCI certification protects a company from liability if credit card data is stolen or compromised. For more information, visit: https://www. pcisecuritystandards.org/. Who is required to adhere to PCI-DSS? Any company (merchant or service provider) that stores, transmits, records, or acts as a gateway for credit card information is required to become PCI-DSS compliant. How does Mitel comply with PCI-DSS? Mitel is fully compliant with the 12 Security Domains of PCI-DSS Level-1 service provider. Compliance is audited and certified yearly by an independent 3rd party, Qualified Security Assessor. What parts of Mitel s services are in compliance? The following components have been certified for use with PCI-DSS related data: Mitel telephony components. IVR system, including the Secure Exchange feature. Call recording and playback system. Mitel Scripting system (e.g., credit card collection screens). Mitel real-time fulfillment. Mitel batch fulfillment. Mitel s data centers located in the United States, Australia and Europe. HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) What is HIPAA? Enacted in 1996, HIPAA regulations require companies to adopt policies and procedures to protect the privacy and security of Protected Health Information (PHI). Covered Entities, as defined in the regulations, which include health insurers and billing processors, must fulfill the requirements defined under HIPAA s privacy and security rules. These rules define administrative, physical and technical safeguards for PHI. For more information, visit: http://www.hhs.gov/ocr/privacy/hipaa/. Who is required to adhere to HIPAA? The Privacy Rule applies to health plans, healthcare clearing houses, and any health care provider who electronically transmits health information in connection with certain transactions, which include claims, benefit eligibility inquiries, referral authorization requests, or other transactions for which the U.S. Department of Health and Human Services has established standards under the HIPAA Transactions Rule. How does Mitel comply with HIPAA? Mitel security procedures and controls meet customer HIPAA compliance requirements. What parts of Mitel s services are in compliance with the HIPAA requirements? Mitel is in compliance with HIPAA requirements in accordance with the following security features: Call recording encryption. Strict access controls. Access logging. Auditing & reporting systems. Configurable data sensitivity levels on collected data:»» Confidential: Normal access control.»» Highly confidential: Restricted access.»» Highly confidential - FMG : Encrypted, no user access. 5 Mitel

SAFE HARBOR What is Safe Harbor? The U.S. Department of Commerce, in concert with the European Commission, developed the Safe Harbor Framework to allow U.S. organization to comply with the directive by agreeing to abide by the Safe Harbor Privacy Principles. Companies certify their compliance with these Principles on the U. S. Department of Commerce website. The Framework, approved by the EU in 2000, gives companies assurance that the EU will consider their practices adequate for data transfers between the U.S. and both the EU and Switzerland. For more information, visit: http://www.export.gov/safeharbor/. Summary Mitel employs a multi-layered security strategy that support a cloud contact center platform used by leading enterprises and business worldwide. The MiContact Center Live solution provides heightened security and high availability at no additional cost, saving our clients excessive overhead and expenses. How does Mitel comply with Safe Harbor? Mitel complies with the U.S. E.U. Safe Harbor framework and the U.S. - Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Mitel has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. Written by Ian Maclaren Portfolio Manager Contact Center Cloud Solutions Bringing a broad range of expertise and leadership in defining and managing telecommunications product portfolios, Ian Maclaren joined Mitel in 2014 with a mission to help organizations understand the role of the cloud in contact centers. He s responsible for Mitel s cloud contact center portfolio, including both MiCloud Contact Center and MiContact Center Live. Ian comes to Mitel following extensive management and global product experience at Avaya and Nortel, including time as Product Manager for SMB cloud communications at Avaya. Follow Ian Maclaren online: https://ca.linkedin.com/in/ianmaclaren mitel.com Copyright 2015, Mitel Networks Corporation. All Rights Reserved. The Mitel word and logo are trademarks of Mitel Networks Corporation. Any reference to third party trademarks are for reference only and Mitel makes no representation of ownership of these marks. 36115-20254-123456-R0714-EN

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information