According to IDG researchers, 77% of companies today use cloud technology. On the other hand, with increasing popularity, they are becoming more susceptible to cyberthreats. According to Kaspersky Lab, every tenth (10%) leak of data from the cloud was a result of the provider’s actions, while a third of all cyber incidents in the cloud (33%) occurred from employee oversight.
What Data Passes Through Cloud Platforms?
These trends are also relevant for the communications sector: many companies communicate with customers using third-party services and platforms, among which the most popular are UCaaS (Unified Communications as a Service) solutions. We asked Alexey Aylarov, CEO and Co-founder, VoxImplant, what data the business passes to the vendor.
First, we need to know the components of a call passing through the communication platform: facts of a call, connection, answer, duration of the conversation. If the scenario used by the client involves voice recognition - for example, in cases of automated collection of consumer reviews - the third party becomes aware of the content of the conversation.
The communication platform, however, does not receive this data: Yandex and Google services perform the voice-to-text translation function, but the platform only transfers the encrypted text blocks to the client.
Second, this is the personal data of consumers, which is necessary to configure the voice bot. So, with automated calls, you need a pair of "Name - Contact Phone" so that the robot can greet the user by name when dialing. All data is stored inside the infrastructure and a narrow circle of people have access to it. This is mainly a support service - for situations with dispute resolution.
Leak Risks: Operational Factors
It is logical to assume that when transferring communications to the cloud platform, the risks of personal data leakage increase, since at least two more players are involved in the process - the provider and the data center.
However, this is not quite true. According to Matvey Voitov, senior product marketing manager, Kaspersky Lab, “With strong organizational and technical measures, as well as a trusted provider that offers secure cloud segments and uses specialized cloud protection, the risks of any leaks are minimal.”
In addition, Voitov notes the increased responsibility that all cloud service providers and platforms should take for the integrity, protection, and access to this data.
Leak Risks: The Human Factor
According to Aylarov, human intervention is possible; however, minimizing access to this data decreases the likelihood of leaks. “The only one that should know what data is stored on this or that remote server is the owner. For data center employees, this is just a piece of hardware with some information that they have no access to except in the physical sense. The password is only reported to the client, if you need to repair something or solve the problem.”
Aylarov explains how this works, using banking processes as an example: There are a select number of employees with access to data located on an internal server. In most cases, they do not access this information and use keys only when necessary. In such extreme situations, all responsibility for possible data leakage will rest with these select employees.
Leak Risks: Unscrupulous Contractors
Machine learning voice recognition, one of the major technological trends today, is based on the analysis of millions of excerpts of voice recordings. What are the risks associated with this? Both experts agree that, in theory, this process is designed to be safe for end-users. Aylarov emphasizes that the training of the robot should take place in anonymized voices. The CEO of Voximplant believes that the main responsibility here lies not even with those who listen to the recordings of conversations and prepares them for processing, but with those who send data for analysis. It depends on the latter how the records will be cut and whether a person, after listening to them, will be privy to any confidential information.
Voitov confirms, “While the analysis is completely automated, without the involvement of operators (for example, for fine tuning), the interests of users are not violated. Nevertheless, stories regularly pop up about the fact that for one reason or another, employees interfere with machine learning and analysis. Recently, it was revealed that one manufacturer of smart locks and video cameras used operators to view and analyze a private video stream to search for and identify incidents, although it was stated that video analytics in this service was fully automated. ”
Despite the apparent vulnerability, the cloud is a reliable way to store data, and technology companies are constantly improving on security. At the same time, leaks are still possible, but they are most often caused by employee errors. To improve the situation today, it is necessary to legislate issues of personal data, as well as develop a general level of culture of consumers' handling of information about themselves.