Go BackVoIP and security: exploding an 'urban myth'
The much-trumpeted voice over IP (VoIP) technology can offer organisations significant cost savings and enhanced applications, yet many IT departments remain concerned about security.
Public and private sector organisations dealing with data such as financial or medical records are particularly sensitive to such issues and a number of recent high profile cases involving both in-house and off-shore call centres have done little to allay their concerns.
There are typically two principal perceived security concerns when it comes to VoIP. One is eavesdropping on calls and the other is 'man in the middle' attacks, where a phone or server is inserted between the call centre agent and the end-user to obtain information such as credit card details.
Though such risks cannot be ignored, it is important to remember, of course, that old-style telephony systems were also vulnerable to security breaches, especially eavesdropping. Any employee with the right tools could patch-in and listen to a conversation between the agent and an end-user. The vulnerability existed, yet because there was no generally recognised problem, the systems did not protect against it.
With VoIP, by contrast, it is possible to encrypt a conversation. This discourages third parties from eavesdropping and making use of information they may hear: similarly, other tools are available which guard against 'man in the middle' attacks. Put simply, by being more aware of the vulnerability and doing more to protect against it, VoIP solutions can be more secure than legacy telephony infrastructures.
End-to-end encryption
So how should a call centre operator ensure maximum security protection is achieved when selecting and installing a VoIP-based communications solution? At an enterprise level, it is essential to ensure that the existing network is VoIP-ready and that the solution deployed meets a superior industry standard, best exemplified by SIP. Equally, existing security practices and policies should be both reviewed and strictly adhered to.
At an operational level within today's call centre, in addition to pressure from the end-user, regulatory demands may also require that customer conversations are recorded and are retained securely for compliance purposes.
In response, until now individual vendors typically offered high-level encryption to protect their part of the total VoIP-enabled communications solution only - in effect, providing essentially point solutions for point problems.
However, the launch of Version 3.0 of Interactive Intelligence's Customer Interaction Center® (CIC) solution will provide end-users with complete end-to-end encryption for the first time, providing maximum security at every interface and touch point. Security is further enhanced through full interoperability with individual handsets and gateways.
The result is a unified security solution, easily managed and administered from a single central location.
Lead from the front
Many IT departments feel that, in order to provide a secure, reliable system, they must lag behind the technology curve. This 'urban myth' has the potential to reduce an organisation's competitive advantage over time.
Firstly, companies in general - and contact centres in particular - should not assume that leading edge technologies such as VoIP must be insecure. Rather, they should perform a thorough investigation of what the technology can offer, including security features and, as ever, be realistic about what they can successfully deploy.
Staying with the technology curve largely depends on the vendor the company is using. By working with one that has a history of innovation and staying closer to the front of the curve, a company will be able to exploit the advantages of newer technology sooner - and fulfil their security and compliance obligations at the same time.
Case study: Orchestra
Bristol-based Orchestra Group offers outsourced call centre services to blue-chip, utilities and government clients. It began its business 50 years ago specialising in security printing services. This evolved from continuous print and laser facilities to direct mail fulfilment campaigns, security planning, debt management and response handling services, which is supported by its 100-seat contact centre.
In order to support its growing outsourcing activity, in 2006 Orchestra Group deployed Interactive Intelligence's flagship contact centre automation software, Customer Interaction Center® (CIC).
The CIC investment enables Orchestra to offer its clients a totally integrated and strongly secure, IP-based customer service solution encompassing inbound and outbound call processing, e-mail, Web chat and collaboration, speech recognition, messaging, and predictive dialling.
"We added Interactive Intelligence to our initial supplier list with eight other vendors that matched our specific immediate and long-term requirements," said Leslie Etheridge, special projects director at Orchestra. "We selected Interactive Intelligence because we believed it would provide excellent support, and would give us more opportunity than some larger vendors to shape product direction, thus helping us more quickly respond to business propositions from new and existing clients. The Interactive Intelligence CIC product matched our feature criteria, while its unique single-platform, standards-based software architecture offered increased flexibility and investment protection."
Reporting was also high on the list of requirements for Orchestra, according to David Paulding, sales director for Interactive Intelligence U.K. "The majority of Orchestra's clients use its entire service offering - from print and mailing, to direct response and inbound/outbound campaigns," says Paulding. "At the same time, in often highly sensitive environments they also benefit from industry-leading levels of security.
"Using CIC, Orchestra can now view all IVR, e-mail, phone and other interaction activity in a single report instead of multiple reports that make end-to-end reporting and quality monitoring difficult to impossible."
Orchestra's call centre operation takes an average of between 4,000 and 5,000 calls per day, in addition to other forms of interactions. Agents are multi-skilled to handle different media types, so when call fluctuations occur CIC can "blend" routing activity, thus enabling agents to more quickly reply to customer e-mail and faxes.
"Training agents to use CIC was easy because it runs under the Windows operating system, with which most people are 'au fait'," confirms Etheridge. "Feedback from our agents is that they find the system simple to use and, since installing CIC, agent productivity has significantly increased," he adds.
Orchestra's clients too are benefiting from CIC's ease-of-customisation, which the company can now perform in-house, thus cutting costs.
"With CIC, we are able to be more creative in providing enhanced, in-house services to clients while still containing costs," Etheridge said. "This translates into superior service for our clients' customers, which gives them a critical competitive advantage."
