AIC: 3 Critical Factors in Contact Center Network Design
May 21, 2019
By: Peter Fischer
The IT network, where the processing of sensitive data is done, and calls are being answered and initiated, is a crucial part of a contact center’s customers’ business model. Customers trust the outsourced vendors they work with to make sure their data is always available, managed with integrity, and kept completely confidential.
The “holy trinity” of implementing security measures that guarantee availability, integrity, and confidentiality is known as the AIC triad, a model designed to guide policies for information security within an organization. (It is more commonly referred to as the CIA triad — confidentiality, integrity, availability — but that version can sometimes be confused with the Central Intelligence Agency.)
By analyzing the requirements and needs of its customers, the contact center should specifically tailor these three elements on a case by case basis while operating within the window of three primary industry regulatory security councils: PCI DSS 3.2 level 1, HIPAA, and SOC2.
Adhering to these policies, procedures, and controls provide the necessary network safeguards and prevent spreading viruses that may initiate on the customer’s network. As such, they are critical factors that every contact center should include when designing a system.
An outage at the contact center’s end directly impacts the productivity of its customers, so the first and foremost measure to apply to the network’s design is availability.
Some of the factors that determine availability, measured in an annual uptime percentage, can be direct, such as redundant routes and network equipment.
Other indirect factors, like power outages, are mitigated by deployment of centralized battery backup systems that feed not only the network equipment and servers but also all the desktop PCs the agents are using. This, in return, is fully backed up by Industrial grade generators that have enough fuel to keep the network running for several days.
Another indirect factor is physical location. The network design must allow for rapid expansion into new physical locations and be able to migrate and/or grow programs between locations while maintaining the highest integrity and confidentiality standards.
Tier 1 Provider Importance
Contact centers tend to rely on third-party telecom providers that integrate with the customer-vendor networks to provide the connectivity.
Whether it be an MPLS circuit or a VPN over the internet, a contact center should only interface with Tier 1 providers.
In Transparent BPO’s case, the demarcation point is at the NAP of the Americas, a massive, six-story, 750,000 square foot data center and internet exchange point located in Miami, Florida. It serves as the primary network exchange point between the U.S., Caribbean, South and Central America, and the rest of the world.
The next step of architecting a network platform for contact centers is the implementation of processes and controls that ensure the integrity and consistency of the data during the time the data passes through the network.
An RBAC (Role Based Access Control) system should be implemented, restricting network access based on the roles of the center’s employees. Users should be assigned access rights tailored to their job function, preventing them from accessing or altering information that doesn’t pertain to them.
Other measures to implement are audit controls that detect and alert on unauthorized changes in data and that backups are available to restore affected data to its correct state.
Finally, confidentiality (the equivalent to privacy) requires the implementation of robust security controls to prevent data from reaching the wrong people. This includes segmenting the network by programs and safeguarding every demarcation point by high-availability application level firewalls.
Intrusion detection and prevention, access rules, application control, geo-IP, content filters, and deep packet inspection are security mechanisms that should be applied to every single data packet out of the billions of packets traversing the network daily.
The contact center needs to put a centralized security suite in place to protect every single PC on the contact center’s network against viruses, malware, zero-day exploits, ransomware, and other malicious forms of intrusion. It should also apply the latest patches and updates to operating software and applications.
The security of your contact center network is vital to your customers’ success. As such, it’s in your best interest to design a system that has the AIC triad as its heart. To do otherwise is to put your customers’ data at unnecessary risk. Not only can that affect your customer adversely but also the reputation of your business.
Transparent BPO partners with leading industry technology solutions to ensure our network is rock-solid with full redundancy to achieve five-nines reliability. If you want to work with a contact center that puts the availability, integrity, and confidentiality of your customers’ data first, talk to us.