As contact centers continue to adopt IP-based communications of various sorts, including voice and other unified communications applications, it opens up organizations to a host of security threats that need to be addressed. To a would-be intruder, an IP-based contact center represents opportunity – a whole slew of IP-based ports through which they may gain entry to the network.
Firewalls won’t do the trick in a contact center because they can’t adequately deal with real-time communications sessions (a topic we’ve covered previously). A session border controller (SBC), on the other hand, helps to secure contact centers in a number of ways that not only protect the organization from intrusion and regulatory problems, but increase efficiency for its agents.
How SBCs Help Ensure Regulatory Compliance
On the compliance front, various industry regulations require encryption and have detailed rules around how sensitive data should be handled. Complying with all of them can get complicated in a contact center setting.
Consider a health care organization that has to comply with HIPAA, which outlines requirements for maintaining privacy of patient data. Complying with HIPAA means phone calls from patients to providers need to be encrypted, both to protect the privacy of the patient and to prevent unauthorized parties from snooping on the call, says Walter Kenrich, Director of SBC Product Management at SBC maker Sonus Networks.
“An SBC can provide fully encrypted media and signaling streams to protect against snooping of those packets,” he says. What’s more, the SBC can support interworking with devices such as interactive voice response systems that rely on DTMF signaling, but without storing any of the data that passes through it – which would run afoul of the regulations.
Dig Deeper: Download the Latest ICMI Report on Critical Contact Center Metrics
Laws and standards such as Sarbanes Oxley (SOX) and PCI likewise require adherence to strict security policies. For SOX, voice transactions must be fully encrypted, protected and authenticated, with usage logs to provide tracking. With PCI, any personally identifiable data such as credit card or social security numbers that are shared, whether spoken or punched into an IVR system, have to be encrypted – and stored only on secured systems. The SBC plays a crucial role in making that happen.
SBCs: Crucial in Supporting Remote Agents
Lots of contact centers now rely on remote agents for at least part of their workforce. Even though they may be working in home offices, the same sorts of security concerns apply.
“You want to encrypt media and signaling going out to these remote agents,” Kenrich says. Firewalls won’t fit the bill because they can’t deal with encrypted packets. “If someone passes malware in an encrypted packet, a firewall will send it through – it doesn’t have the decryption keys.”
An SBC, on the other hand, can decrypt the stream, inspect all packets, identify any malformed packets or malware and stop the attack in its tracks.
What’s more, incorporating remote agents means being able to perform network address translation (NAT) traversal to allow them to be part of the contact center, he notes. NAT is used by most companies to extend the number of IP addresses they can use, by advertising one address to the public Internet but using a different numbering scheme internally. The SBC performs the NAT traversal function that allows remote agents to seamlessly and successfully navigate the device that performs the NAT function.
How SBCs Offer Efficiencies for Contact Centers
Finally, SBCs can create efficiencies in a contact center in at least a couple of ways. One is simply through the security measures it provides, which keeps the contact center from suffering costly downtime.
“If you’re having a denial-of-service attack while people are trying to call in, without an SBC in place no calls will get through, so the contact center is effectively shut down,” Kenrich says. An SBC will identify and thwart the DOS attack while continuing to allow legitimate calls to come through, thus protecting the contact center from downtime.
Security measures supported by SBCs also enable contact centers to take advantage of new technologies such as WebRTC. WebRTC promises to enable real time audio and video communications natively from web browsers, with no additional plugins or agents required. But again, in a contact center environment, WebRTC traffic has to be treated securely, like all other traffic, which means it will be encrypted.
“You need to have a gateway that can take WebRTC traffic, decrypt it and provide interworking with the SIP environment that the contact center uses,” Kenrich says.
With the gateway function in place, now companies can take advantage of WebRTC to potentially offer new communications channels to customers and potential customers – such as a live video or audio chat instead of just a text chat from a support site. “It allows companies to expand the reach of their contact centers as people look for new forms of communication,” he says.
Call recording can also be essential in contact centers, Kenrich notes, and SBCs play a role there as well, at least if it supports SIP Recording (SIPREC).
“An SBC with SIPREC enables you to centralize the call recording function across the network,” Kenrich says. In legacy networks, the call recording function was performed at the trunk-side level by tapping or spanning a network port. In IP-based contact center, an SBC with SIPREC can redirect calls to be recorded to a centralized server, even for remote agents. The strategy also provides for failover options if a call-recording server fails. Efficient indeed.