Preventing insider threats to documents and recordings


A malicious insider threat to an organization is generally defined as someone who has authorized access to an organization’s systems and intentionally misuses that access to violate the confidentiality of important information. PureCloud takes this security threat seriously and has designed safeguards to help stop insider threats. These safeguards protect access to the content repository and the contents stored there, including documents, screen recordings, and voice recordings.

PureCloud stores customer data including call recordings, screen recordings, and uploaded documents in a content repository that has its own auditing and tracking system built in.  These files are stored by Amazon Web Services (AWS), which has robust security measures in place. AWS provides high levels of protection from outside threats. 

We determined all the ways that someone with developer or system administrator credentials could access files stored in PureCloud outside the intended methods, and we could put mitigating controls in place to stop it. A challenge is providing enough access for people to do their jobs but not so much that they can access confidential customer data. We identified exactly which data buckets our people need access to and restricted access to the buckets they don’t.

We further tuned the access controls so that only the servers involved in providing the content management function could access those data buckets. Then, we built the servers with no remote log-on access so that even someone with a “root” or “super admin” account cannot access the server or the data bucket.

If someone at Genesys creates a new server with that access role, the appropriate personnel will get immediate notifications at their mobile devices. Then we can go in and determine whether that person is authorized or not, and if not, we can shut down the threat and figure out exactly who performed the unauthorized server creation.

Note: Do you need a higher level of assurance with your call and screen recordings?  We now offer local key management.  See Local key management.

Our approach

  1. Know your data — Take an inventory of all the data that your company stores and generates.
  2. Classify your data — Decide which data is Confidential or Non-confidential.
  3. Monitor your data — Collect data on who is accessing what, when, and how often.
  4. Limit access to your data — Restrict the pool of potential access accounts and methods using the data collected in the previous steps.
  5. Set up alerts for unauthorized access — Decide which actions should trigger alerts for security personnel.