Security in the Virtual Contact Center
May 14, 2013
May 14, 2013
We all know that it takes more than an agent, a phone and a quiet workspace to facilitate a virtual contact center. One of the questions we get asked the most involves security concerns. A virtual contact center introduces two security elements that must be managed diligently to both empower virtual agents and secure data and customer records.
Contact center managers worry about managing what they can’t see. They wonder how they can trust an agent’s activities when they can’t lay eyes on them in a cubicle. They worry that policies will go ignored and corporate risk will escalate. Some of this concern is brought about by the feeling of separation from the virtual contact center that provokes an “us vs. them” perspective in the beginning.
The reality is that operational managers actually have the same or more control and visibility than they do in a physical contact center—each activity is tracked, managed and governed to meet compliance needs. This is made possible by two components of the virtual contact center infrastructure.
Secure Processing at the Core
The ability to virtualize and pool technologies and resources to serve multiple departments and consumers within a secure multi-tenant model is the chief enabler for connecting at-home agents with inbound customer service calls. With PCI Level 1 certification, HIPAA compliance, and HITECH Act certification, personally identifiable and sensitive information is protected at the same level of a “bricks & mortar” contact center infrastructure.
And the single platform core infrastructure ensures consistency end-to-end throughout the entire network which is not bound by the geography of the agent. Softphones and VPN phones further enable mobility, enabling the secure work-at-home model to flourish. One of the biggest benefits of this core infrastructure is that it is rapidly elastic, simplifying what it takes to accommodate seasonal or event-driven variations in usage and/or volume.
Desktop Security by Policy, Process and Design
A secure remote desktop is run by a thin client as a virtual desktop that is accessed over a secure VPN connection. Capabilities are remotely disabled on the home agent’s computer including the ability to copy and paste, print, as well as the ability to save or store any data on the machine, itself. This carrier-class virtual desktop infrastructure (VDI) relegates the agent’s PC to the equivalent of a browser, including limiting internet access to authorized websites, client files and applications.
The VDI infrastructure also allows for strict verification of the endpoint (computer) in use. This is performed with a Host Integrity Check. Every time an employee agent logs on, the PC’s operating system and application and security software should be examined to ensure everything is installed, up-to-date and operating properly. The endpoint HIC should also validate the registry settings, confirm that no unauthorized application is currently installed, and verify that the agent is attempting access at a scheduled time and via an authorized network.
Addressing the Personal Side of Security
Even with all of the security protocols in place for the technology in use, it is a best practice to intensify the work-at-home agent screening process for added assurance. This includes criminal background checks, credit checks and employment reference and verifications.
The VDI also provides secure agent access to scheduling, community interactions and continuous-improvement training. Work-at-home agents are also provided annual compliance training to ensure their knowledge is current and the appropriate behaviors are reinforced.
Establishing a Secure Partnership
The context of separation between a virtual contact center and the bricks and mortar location of the company will narrow as business processes evolve. The operational capability to maintain end-to-end visibility into virtual agent activity will help to improve customer service, retain highly educated talent and ensure that customer data is secure. With the secure infrastructure in place, the new perspective will be focused on business process and service improvement, not concerns over controlling a workforce that is not physically present.