Use Your Telecom Provider to Ensure Voice Security & ComplianceUse Your Telecom Provider to Ensure Voice Security & Compliance
As the importance of contact centers and communication systems grows, so does their appeal to hackers as an attack vector.
December 4, 2024
Hackers have the upper hand since they can choose who, when, and how to attack an enterprise. Telephony Denial of Service (TDoS), number spoofing, and deep fakes are some of the methods used by hackers to commit fraud or hold an enterprise for ransom in the realm of telecommunications. People are the weak link in enterprise security, and this includes enterprises employees and customers who are calling every day.
Call security is the first line of defense. This ensures that the phone number is valid, has a good reputation and/or that the call and caller ID has been authenticated. Much of the call authentication being done is out of band by companies such as Neustar. This means that it is a private authentication service, not the standard STIR/SHAKEN that is done in-band. The governments/FCC efforts to reduce spam calls has been ineffective and much of the work being done is by the Telecom providers and their partners.
Caller security is the second line of defense. This ensures the person calling is who they say they are by using a voice print/biometric, smart phone authentication, and/or something they know. It is also possible to have someone login to a website and use a passkey (not password) to authenticate and to pass this authentication when use a click-to-call application to talk with someone in a contact center.
The reason to utilize a Telecom provider for this security is that they are in the middle and can provide additional security and compliance controls in near real time. They do this by providing a Session Border Controller as a Service (SBCaaS) to provide their and their partners security solutions. For instance, SBCaaS can be used to replicate (SIPREC) the call and send it to a vendor such as Pindrop, JourneyID, or Google. In this example, Google maybe used as an AI analytics engine that is recording, transcribing, and doing analysis on calls. Some SBCs can replicate a call up to 16 times in case an enterprise wants to send their calls to multiple cloud providers. Figure 1 below shows what this looks like and is done in a high availability architecture such that if one hosting location or SBCaaS fails the call will automatically go to the other side within 2-3 seconds.
The reason to advocate for putting Voice Security as a Service (VSaaS) within the telecom provider as a cloud service is to be able to rapidly react to any threats. Putting in infrastructure and applying changes within an enterprise data center can take weeks, if not months. Firewalls from vendors like Palo Alto and Fortinet offer there customers near real-time updates including IP address reputation, the latest malware signatures and behaviors, and URL validations. The same can and should be done in the telecommunications services for an enterprise.
At Enterprise Connect 2025, I will be hosting a panel session on “Securing Transactions In Enterprise Customer Interactions.” Hopefully you can join us.
