Contact Centres: 4 Common Myths About Cloud Security

As a contact centre leader, you’ve likely been asked at some point how your department uses “the cloud.” And, while most contact centres do leverage one or more cloud-based applications, many leaders still are wary of its use.

After all, its very name is nebulous, and even some technical people remain uncertain exactly how this cloud thing works. What we don’t understand, we fear—particularly when world news often focuses on data breaches and security leaks that seem to centre around one core theme: the cloud.

That’s why traditionally data security has been a key barrier for contact centres wanting to transition to the cloud. Despite the headlines, however, modern cloud solutions provide comprehensive data security that generally exceeds the security offered by traditional, on-premises systems.

Here we dispel four common myths about contact centre cloud security.

CLOUD MYTH #1: The cloud is inherently insecure—my legacy, on-premises system is safer for my data.

Not true. While the number and breadth of attacks increase each year—the total number of records compromised in the first half of 2017 was higher than all of 2016—the reason for these breaches typically is not because the data was stored in the cloud, it is a natural increase aligned to increase in technology usage.

In most instances, the cloud is a safer option than a contact centre attempting to build its own cybersecurity practise. That’s because those who build and maintain the data centres that power these clouds are laser-focused on data security and governance—more so than the people building on-premises systems that sit behind firewalls. According to Philippe Very, professor of strategic management and head of faculty at EDHEC Business School, “the dominant actors in the cloud computing space, such as Amazon, Microsoft, Google, IBM and Oracle, have business models which cannot afford to be disrupted by data breaches, which means they should be among the most secure companies in the world. Cloud computing providers have good internal practises, have high security around their core business and can use this knowledge in their other businesses such as cloud computing.”

In addition, most legacy systems were in place long before the threats to their security surface, making those on-premises systems especially vulnerable to attack. According to CCS Insight Vice President of Enterprise Research Nick McQuire, “Cloud helps security operations respond quicker to threats and focus on business risk, as opposed to spending countless hours researching threats and trouble-shooting aging on-premises systems.”

CLOUD MYTH #2: Control equals security when it comes to data.

Nope. It may seem logical to assume this statement to be true—I mean, how can storing data on systems you don’t control or own possibly be as secure as storing data on systems you do own or control? And the cloud computing approach itself feels insecure—typically, we want to be able to connect with and touch something in order to feel secure about it. That’s not possible when your servers are located elsewhere.

Yet Gartner estimates that through 2020, public cloud infrastructure as a service (IaaS) workloads will suffer at least 60 percent fewer security incidents than those in traditional data centres. That’s because major cloud providers offer as good or better security than most enterprise data centres, with most organisations unable to come close to matching cloud providers’ spend on security. Major cloud providers live and breathe security—it’s what they do.

Nowadays, where your data is physically located matters less than how it’s accessed, and by whom. Nothing proves this truth more than “insider threats:” threats to data that come from within—from current or former employees, contractors, customers or other third parties who have access to your internal network. The number of insider threats continues to grow, with recent industry research estimating that 25 percent of all security incidents involve insiders.

CLOUD MYTH #3: Multi-tenanted environments are less secure.

Also not true. Multi-tenant environments are ones in which data from different customers is stored side by side on the same servers. Because of this co-location, some customers worry their data might be accessible by other companies that share that same environment.

Cloud providers, however, utilise several controls to make sure this breach doesn’t happen. They control the access for each customer, so customers see only their own data and are unaware of others using the same application. Cloud providers also utilise the highest-grade encryption, encrypt data both in-flight (as it travels over the Internet) and at rest (when it’s sitting in storage), and provide customer-specific encryption keys or password information.

In a nutshell, cloud providers that provide multi-tenant environments give each customer a separate database, separate storage volume and separate encryption keys in order to dutifully secure data.

CLOUD MYTH #4: The cloud is infinitely elastic.

As much as we’d like it to be, this statement is false. Elasticity is the ability to rapidly scale resources up and down on demand, with resources available instantly and zero degradation in response times. Ideally, applications would scale indefinitely as loads increase, and that scaling would happen just as quickly as the increases in loads.

Unfortunately, today’s clouds are not truly elastic. Inevitably, there’s a delay—perhaps seconds or even minutes—between when resources are requested, and when the application is running and available on it.

In conclusion, studies show your contact centre data actually is more secure in the cloud than it is behind a corporate firewall. With cloud-based applications offering so many efficiencies and advantages for your contact centre, don’t let outdated, unfounded cloud security concerns continue to hold you back.

Find out how Calabrio can cloud-enable your contact centre—download our Stepping Up to the Secure Cloud white paper.

Calabrio