This Guide provides an overview of the security risks and requirements inherent in a contact-center environment, and describes how Genesys addresses those risks.
The risks and threats inherent to data networks also apply to contact centers. In general, the risks common to contact center solutions can be broken down into the following categories:
- Authentication and authorization
- Protection of data at rest
- Service availability
- Protection of data in transport
- Web application security
This Guide is not an exhaustive study of all of the security features that Genesys offers. Many security features are documented elsewhere in the Genesys documentation suite. As these features evolve, so too will this document—to provide a concise one-stop reference for all of your security needs.
This Guide describes each of the Genesys security features mentioned in the preceding sections. It also includes detailed deployment instructions for those features that can be installed either system-wide, or in a manner that is consistent for all products. If the deployment process differs between components or products, you are referred to appropriate product documentation for the specific steps.
Where part of the deployment of a feature is performed as part of another procedure, this document provides an overview of that part. For detailed instructions, you are referred to the appropriate product documentation.
In Case of Emergency
If you have a problem or emergency related to the security of your Genesys system, do not hesitate to contact Genesys Customer Care at 1-888-GENESYS (436-3797) or firstname.lastname@example.org. Do not further jeopardize the safety of your system by discussing the situation in online message boards or applying any unapproved remedial software.
Security and Standards Compliance
The Genesys suite of products is designed to make up part of a fully functioning contact center solution, which may include certain non-Genesys components and customer systems. Genesys products are intended to provide customers with reasonable flexibility in designing their own contact center Solutions. As such, it is possible for a customer to use the Genesys suite of products in a manner that complies with the security-related business standards such as General Data Protection Regulation, ISO 27001/27002 (formerly 17799), HIPAA, PCI DSS etc. However, the Genesys products are merely tools to be used by the customer and cannot ensure or enforce compliance with these standards. It is solely the customer's responsibility to ensure that any use of the Genesys suite of products complies with these business standards. Genesys recommends that the customer take steps to ensure compliance with these business standards as well as any other applicable local security requirements.
Our Pure Engage Cloud infrastructure is compliant with industry standards such as PCI DSS, SOC2 Type II, ISO 27001, and HIPAA.
New in This Release
The following new security features and functions have been introduced in release 8.5:
- Kerberos authentication is supported by some components for user authentication.
- Call recordings can be encrypted, then decrypted for feedback. See Encrypted Call Recordings.
- When configuring TLS, you can specify the version of TLS protocol to use to secure connections.
Supporting Components information for all features has been updated as required.