How Session Border Controllers help secure contact centers – and create efficiencies.

As contact centers continue to adopt IP-based communications of various sorts, including voice and other unified communications applications, it opens up organizations to a host of security threats that need to be addressed. To a would-be intruder, an IP-based contact center represents opportunity – a whole slew of IP-based ports through which they may gain entry to the network.

Firewalls won’t do the trick in a contact center because they can’t adequately deal with real-time communications sessions. A session border controller (SBC), on the other hand, helps to secure contact centers in a number of ways that not only protect the organization from intrusion and regulatory problems, but increase efficiency for its agents.

How SBCs Help Ensure Regulatory Compliance

On the compliance front, various industry regulations require encryption and have detailed rules around how sensitive data should be handled. Complying with all of them can get complicated in a contact center setting.

Consider a health care organization that has to comply with HIPAA, which outlines requirements for maintaining privacy of patient data. Complying with HIPAA means phone calls from patients to providers need to be encrypted, both to protect the privacy of the patient and to prevent unauthorized parties from snooping on the call.
An SBC can provide fully encrypted media and signaling streams to protect against snooping of those packets. What’s more, the SBC can support interworking with devices such as interactive voice response systems that rely on DTMF signaling, but without storing any of the data that passes through it – which would run afoul of the regulations.
Laws and standards such as Sarbanes Oxley (SOX) and PCI likewise require adherence to strict security policies. For SOX, voice transactions must be fully encrypted, protected and authenticated, with usage logs to provide tracking. With PCI, any personally identifiable data such as credit card or social security numbers that are shared, whether spoken or punched into an IVR system, have to be encrypted – and stored only on secured systems. The SBC plays a crucial role in making that happen.

SBCs: Crucial in Supporting Remote Agents

Lots of contact centers now rely on remote agents for at least part of their workforce. Even though they may be working in home offices, the same sorts of security concerns apply.
You want to encrypt media and signaling going out to these remote agents. Firewalls won’t fit the bill because they can’t deal with encrypted packets. If someone passes malware in an encrypted packet, a firewall will send it through – it doesn’t have the decryption keys.
An SBC, on the other hand, can decrypt the stream, inspect all packets, identify any malformed packets or malware and stop the attack in its tracks.

What’s more, incorporating remote agents means being able to perform network address translation (NAT) traversal to allow them to be part of the contact center, he notes. NAT is used by most companies to extend the number of IP addresses they can use, by advertising one address to the public Internet but using a different numbering scheme internally. The SBC performs the NAT traversal function that allows remote agents to seamlessly and successfully navigate the device that performs the NAT function.

How SBCs Offer Efficiencies for Contact Centers

Finally, SBCs can create efficiencies in a contact center in at least a couple of ways. One is simply through the security measures it provides, which keeps the contact center from suffering costly downtime.
When people are trying to call in, during a denial-of-service attack, without an SBC in place no calls will get through, so the contact center is effectively shut down.
An SBC will identify and thwart the DOS attack while continuing to allow legitimate calls to come through, thus protecting the contact center from downtime.
Security measures supported by SBCs also enable contact centers to take advantage of new technologies such as WebRTC. WebRTC promises to enable real time audio and video communications natively from web browsers, with no additional plugins or agents required. But again, in a contact center environment, WebRTC traffic has to be treated securely, like all other traffic, which means it will be encrypted.

Therefor you need to have a gateway that can take WebRTC traffic, decrypt it and provide interworking with the SIP environment that the contact center uses.

With the gateway function in place, now companies can take advantage of WebRTC to potentially offer new communications channels to customers and potential customers – such as a live video or audio chat instead of just a text chat from a support site.

Call recording can also be essential in contact centers and SBCs play a role there as well, at least if it supports SIP Recording (SIPREC).

An SBC with SIPREC enables you to centralize the call recording function across the network. In legacy networks, the call recording function was performed at the trunk-side level by tapping or spanning a network port. In IP-based contact center, an SBC with SIPREC can redirect calls to be recorded to a centralized server, even for remote agents. The strategy also provides for failover options if a call-recording server fails.