Is migrating to the Cloud safe for call compliance?
Call compliance presents any company with a steep challenge. Compliance when migrating to the Cloud can seem even steeper. Rapid Cloud expansion has redefined global business, and at the heart of the Cloud’s unending promise is a single word: sharing. The ability to share information instantly to a limitless number of locations has spurred countless new industries. But, just like any paradigm shift, that ability has spurred just as many new concerns. From farms to Wall Street, businesses are moving assets to the Cloud, but what happens when you need to transfer your call recordings? Those conversations are filled with critical customer data. Are you breaking compliance regulations and placing your company in legal jeopardy by putting your call recordings in the Cloud?
Is Cloud Fabric Secure?
The Cloud is too many things to just say yes or no to that loaded question. The better question: is my data secure? In a recent interview with CloudCo Partner’s Mike Evanisko, Mike revealed that all too often customers still don’t even think about security despite trying to maintain compliance when migrating to the Cloud. Many people will read the phrase 256-bit encryption and think:
That sounds good enough.
Look, numbers! Probably means I’m safe.
‘Encryption’ is a Scrabble word.
To stay on topic, let’s just say that the strength of modern encryption is mind-boggling. Unsurprisingly, people still cause the majority of security failures, not encryption. In a nutshell, encryption is the process of deeply scrambling data that you can only reassemble with a key. Logically, as long as that key is only held by the authorized parties, the encrypted data is useless to those who would try to exploit it. Moreover, clever criminals that might try to break an encryption key have a huge hurdle. Specifically, modern encryption keys change on a constant basis so that even when a thief cracks one, they find it expired. In summary, when you encrypt your data there’s virtually no difference between the security of a local network and the Cloud. More to the point, security is probably not the factor that will push you toward migrating your assets to the Cloud.
Isn’t My Critical Data More Secure On-Premises?
The cash you stuffed in your mattress was safe until you had a fire. Maybe you had a good reason not to trust the bank, but they would’ve insured your cash. This issue becomes deeply clear when we swap out the word cash for data. Your call recordings are much, much safer in the Cloud. Call compliance in the Cloud deeply simplifies a host of issues. All storage networks, on-prem or offsite, have faults in them. But, when you choose on-prem storage, you add more work to your already full plate. Power blowouts, hard drive failures, temperature spikes in the server room, and every other problem now becomes your problem. Sadly, one failure in any of those trouble areas can cost you data and force you to revert to a backup. Let’s hope you vigilantly monitored your backup system. On balance, running your own call storage servers is a data safety concern.
However, Cloud storage companies do nothing better than brood over your data like mother bears. Cloning and swapping out drives is what they do. Redundantly backing up global data is what they do. Guaranteeing the rapid return of your lost data, yep, it’s what they do. Nevertheless, we’re talking about migrating call recordings to the Cloud, and here’s where safety, security, and compliance all meet.
Breaking Regulations Is Easier Than You Think
Say you’ve got a dispute stemming from a recorded phone conversation. You’re in Pennsylvania, and you review the call on site. Next, the company’s legal team in New York has to hear the conversation. You decide to pull the call off your local system and email the audio to legal.
Oh, dear, you’ve just broken compliance. Worse, the customer’s lawyer has done enough research about your multi-location company to figure out you might’ve breached regulations. When challenged to provide proof of compliance, you’re discovered to have emailed audio, and this is a clear PCI violation. That email that you sent just cost your company the whole case.
Or (cue the heroic music), your calls were all stored in the Cloud. The audio in question remained encrypted while it was being sent to legal. (Music crescendos) You maintained compliance, and all that pleading you did to get your calls migrated to the Cloud has saved the day. Your boss throws a lunch in your honor, gives you a brand-new red stapler, and names you employee of the month. (fade to white).
What If I Don’t Need To Send Data Outside My Company?
Fair enough, your company is self-contained and you just feel more comfortable about keeping call data on-site. Remember all that stuff about maintaining your own backup system? It’s still true even several paragraphs later. And, if you’re dead-set on having a hardware instance of your call data onsite, that’s totally understandable. But an offsite backup of that data will really help you when your hardware system goes down because compliance laws don’t flinch. You’ll be safest redundantly encrypting your call data over multiple global locations in the Cloud. In the event of a catastrophic data loss caused by say, a fire, you remain compliant. You’ll even continue recording calls, provided the call center didn’t burn down.
The Safest Place For Mobile Call Data Is The Cloud
The rise of the mobile workforce has thrown a big wrench at compliance. Don’t get me wrong, I’m a blogger, I’m firmly part of that workforce. Remote employees are here to stay and the Cloud offers companies compliance for this scenario by eliminating centralized call storage. Compliantly recording from Unified Communications platforms would be a nightmare if it weren’t for the Cloud. Cloud-native browser-driven CallCabinet actually makes softphone and remote conversation capture effortless. If your workforce is partly or fully mobile, you’re already using the Cloud. You might as well securely record them there.
The inherent security designed into Cloud services is built around heavy encryption, and as we move deeper into IoT (cue the coming in another blog post music), the Cloud will prove to be the frontline defense against data theft. Reach out today and talk to us about your compliance needs and let us show you how a true Cloud solution can maximize your legal protection.
Brian is a freelance technology writer and media editor based out of Central New Jersey. He’s logged 20 years of experience in the Telecom industry and side-hustles in the record industry. Brian started his career in technology at a company that made analog modems. He migrated to a marketing career in the call recording industry where he learned exactly how and why calls are monitored for quality assurance. These days Brian fuses his skills together to deliver his researched observations about telephony and compliance laws in polished articles and videos. He’s also composed the music for a long list of big Hollywood trailers. He does not miss the sound of analog modems but he is endlessly fascinated with phones.