You Never Know Who Is Listening: Securing Call Center Recordings & Personally Identifiable Information (PII)

Agenda• What threats exist today that

jeopardize the security of call center recordings

• Best practice strategies for taking an encryption approach to security and compliance

• Technologies that offset threats and meet compliance by securing call center recordings and PII

What threats exist today that jeopardize the security of call center recordings

Ginney McAdamsVice President of Business Development

TantaComm

2008 Data Breaches SoarITRC Reports 47% Increase over 2007

2008 - # of Breaches 2008 2007 2006

Business 240 36.6% 28.9% 21%

Educational 131 20% 24.8% 28%

Government/Military 110 16.8% 24.6% 30%

According to ITRC reports, only 2.4% of all breaches had encryption or other strong protection methods in use.

Posted 1/5/09 on idthreatcenter.org

2008 Data Breaches SoarITRC Reports 47% Increase over 2007

For 2008 Financial Business Education Gvt/Military Medical

Insider Theft 2.4% 5.6% 1.8% 3.4% 2.4%

Hacking 3.5% 6.1% 2.7% 0.8% 0.8%

Data on the Move 1.7% 7.3% 3% 4.3% 4.4%

Threats that Exist today• Data Breach ThreatsData Breach Threats

– Inadequate Security Precautions and Policies– Identity Theft– Stolen hardware – Stolen credit cards– Inadequate deletion of Customer Data

• Laptop• Desktop• Cell Phone

– Physical Data Management• Access to data (electronic and paper)

Best practice strategies for taking an encryption approach to security and compliance

Trisha Paine

Board of Directors

PCI Security Alliance

8

Sustainable ComplianceObjectives and Requirements

To achieve sustainable To achieve sustainable compliance you compliance you must:must:

• Reduce the costs and complexity of regulatory compliance

• Control information access and enhance security

• Provide a foundation for quickly adapting to business and regulatory compliance changes

• Understand what data is most sensitive to your business

• Know where your sensitive data resides

• Understand the origin and nature of your risks

• Implement the appropriate controls based on policy, risk, and location of sensitive data

• Manage security centrally

• Audit security to constantly improve

ObjectivesObjectives RequirementsRequirements

9

• Complexity of regulatory environment

• Increased storage of sensitive data

• Data loss threats are on the rise

• Growing need to share more sensitive data with external users

• Encrypt sensitive data

• Mitigate risk through policy-based remediation and enforcement

• Deploy enterprise encryption and tailored key management capabilities

IssuesIssues SolutionsSolutions

Sustainable ComplianceFactors and Challenges

10

Sustainable Compliance Resulting Benefits

Reduce costs of compliance audits by *25%

Centrally manage policy and reporting

Reduce redundancy by standardizing on common set of security controls

Reduce system complexity through control consolidation

Rapidly comply with new mandates

Reduce training costs

*Based on an analysis by C&H that compared audit effort using traditional controls, against audit effort using SafeNet EDP components

11

Assess risksAssess risks Classify critical assets based on business impact Perform on-going Risk Assessments to identify threats and vulnerabilities Implement controls based on policy and standards

Monitor and adjust controlsMonitor and adjust controls Perform ongoing monitoring of controls Analyze and mitigate threats Identify and correct vulnerabilities Adjust controls based on changing business needs

Communicate Communicate Provide reports and metrics to key stakeholders Verify and validate controls are in place and performing

Best Practices Bottom Line

Technologies that offset threats and meet compliance by securing call center recordings and PII

Ginney McAdamsVice President of Business Development

TantaComm

Securing your Recordings• Solution OverviewSolution Overview

– End-to-end media encryption– Data is encrypted as it’s being recorded– Employs Symmetric keys. Keys use industry AES

(Advanced Encryption Standard) 256 bit strong encryption.

– Media is kept encrypted while in transit over your network.

– Secure playback software is used to decrypt & play files.– Key management appliance is fully redundant – Solution is HIGHLY scalable. One Key management

appliance is capable of handling 12,000 requests. Software is easily added to our recording servers.

Securing your Recordings

Securing your Recordings

Our solution assists you in meeting your PCI & PII security standards and

regulations.

Technologies that offset threats and meet compliance by securing call center recordings and PII

Andrew DillonDirector of Product Management

SafeNet, Inc.

DataSecure and Enterprise Data ProtectionAn Integrated Suite of Data-Centric Security Solutions

to Protect Data and Achieve Compliance

Remote Location

Data Center

Databases

SafeNetDataSecure

Mainframe

SafeNet ProtectDriveSafeNet ProtectFile

SafeNet Authentication

SafeNet ProtectDB

SafeNet DataSecure

Toolkit

SafeNet DataSecure

Toolkit

SafeNetEdgeSecure

File Servers Application and Web Servers

SafeNetProtectFile

Laptop/Mobile Handset

Why DataSecure?

18

SecureSecure Hardware-based, centralized key and policy management FIPS/CC certified Granular access privileges and separation of duties

FastFast High performance encryption offload, over 100k TPS Batch processing for massive amounts of data

FlexibleFlexible Support for heterogeneous environments (app, db, file) Support for open standards and APIs

SimpleSimple Intuitive administration Centralized policy creation and enforcement Granular logging/auditing

Questions?

Thank You

Trisha PainePCI Security Alliance

trisha.paine@pcialliance.org

For more information:

Ginney McAdamsVice President, TantaCommgmcadams@tantacomm.com

Andrew DillonProduct Manager, SafeNet

andrew.dillon@safenet-inc.com