Contact Center AI Security: Answers to Common Questions

Artificial intelligence (AI) holds a lot of promise for customer experience. Adopting AI into your contact center technology can improve your efficiency and reduce your costs — and it’s popular among consumers. In fact, more than 60% of consumers want more self-service options.

But AI adoption also raises questions about security. How can I ensure my data is secure? What are my access control options? How can we stay in compliance with regulatory requirements?

In a recent webinar, a panel of experts from Google and Genesys sat down to answer the most commonly asked AI security questions. Here are the highlights.

AI and Data Protection

How does Genesys provide security for a multi-tenant cloud environment? And how is data encrypted?

Genesys enforces multi-tenant environment security with barriers and controls that keep your data completely separated, allowing secure access to your organizational data only. We regularly test these controls to ensure access is secure and each organization is completely isolated within these barriers. With regards to encryption, Genesys applications interact with cloud servers over Transport Layer Security (TLS) transmission to ensure the highest level of security when your data is in transit. The TLS terminates only within the Genesys network. Sensitive data at rest is encrypted using AES- 256; keys are encrypted with a regularly rotated set of master keys.

How does Genesys manage storage of transcripts and other data? And is it local or in the cloud?

Call recordings, screen recordings and transcripts are encrypted using an individual customer key that can only be decrypted by the customer who owns them. The Genesys Cloud^™ encryption algorithm uses strong 3072-bit public/private key pairs to create unreadable records that can be safely stored off-premises. The use of long and strong cryptographic keys provides an effective defense against brute-force attacks. Public and private keys in a pair are mathematically linked. The private key is used to decrypt anything encrypted by its corresponding public key. It’s recommended that an organization change the encryption key on a regular basis. We also have secure destruction policies and controls in place to destroy your data from our environment when and as needed. Retention policies are managed by you and can be established to be suit your business needs.  CC managers can select recordings and transcripts to be protected from deletion for legal or other reasons.

Access Control and Application Security

How does Genesys manage authentication and role-based access control?

Genesys authorized users access the cloud environment using multi-factor authentication (MFA). All user activities are logged and monitored. Access by privileged users is reviewed periodically. Access permissions use the least-privilege principle and role-based access control mechanisms. These access controls ensure that only users with proper authority and legitimate business requirements are allowed access to your data. We use OAuth authorization for secure access to third-party applications without revealing any authentication details.

What types of continuous security and audit mechanisms are in place for system access?

Genesys offers continuous security monitoring with a group of experts that monitor our systems 24/7 and use a variety of tools, processes and industry best practices. We have many security engineers, security analysts, penetration testers, ethical hackers and compliance analysts in house to keep our offerings secure and compliant. All of our experts have contact center industry experience, and their responsibilities include event monitoring, intrusion detection, logging and alerting, vulnerability, and incident response management. We also provide audit mechanisms across events, user access and administration.

Compliance and Resiliency

What security and compliance standards does Genesys offer?

We support high levels of compliance with many standards and regulations worldwide. In-house personnel continuously monitor the compliance landscape and work to stay ahead of what comes next. Genesys offers compliance with SOC 2, PCI, GDPR, HIPAA, ISO, FedRAMP and Privacy Shield compliance with USEU and US-Switzerland data transfer requirements.

How is resiliency and general system availability communicated to Genesys customers?

At Genesys, we offer complete transparency when it comes to cloud services availability. Anyone can access our status page at https://status.mypurecloud.com/ and view all of our regional systems operational status, including any outages or degraded services. We feel strongly about maintaining transparency when it comes to our cloud systems operational status.

These are just a handful of the questions that were answered in the on-demand webinar, “All your contact center AI security questions answered.” Check out the recording to learn more, including details on Genesys and Google AI integrations, how Google approaches AI and security, and maintaining business continuity during critical events.