[Inside calldesk] How to ensure the security of callers' data when you handle millions of calls every year?

Hundreds of companies are now equipped with AI-powered voice agents that automate repetitive calls in their contact center. When millions of interactions rely on our voice agents every day, how can we ensure the reliability of the solution and guarantee the security of callers' data? Damien Gallet, Security & Reliability Manager at calldesk, explains our security management founding principles.

Ensuring the security of its users' data is often perceived as a constraint. However, at calldesk, we believe that security is a real enabler. For this reason, we work hard to provide our customers with solutions that benefit from the latest advances in terms of data protection, but also resilience.

In addition to the benefits for the business and the contact center, implementing AI-powered voice agents allows for increased security in user data management, and even on the entire contact center reliability.

To ensure that these values are respected on a daily basis, we have implemented several founding principles.

Every call matters

In customer relations, a single bad experience can degrade the caller's brand perception. At calldesk, we make sure that all calls are handled as planned.

• Our architecture is built to scale: based on serverless applications, it allows us to respond instantly to flow increases and call spikes.

• Our architecture is also resilient to incidents, thanks to the distribution of our operations over several different and independent geographical zones, with automatic failover systems from one zone to another.

• Our code is constantly reviewed and tested: our very strict development policy puts quality at the heart of our processes, with the use of unit and functional tests, code reviews, automatic verification systems, integration and continuous deployment.

• Our system is monitored 24/7, and we're commited to ensure very high levels of service availability.

• Finally, our creation platform calldesk studio is designed to ensure the quality of the voice agents that our teams and our customers build: intelligent real-time error detection system during bot construction and deployment, automated tests, emergency numbers configuration...

GDPR by design

When we began developing our product in 2016, GDPR was in the making, and ensuring the security of user data was becoming central to a growing number of organizations. Convinced that this trend was marking a profound transformation in the relationship between customers and businesses, we designed our technology to be natively GDPR compliant.

• Our product allows you to configure on-demand data retention, with a 0-day-retention option, which sees no personal data stored or retained by calldesk.

• All personal data is collected for the sole purpose of its use by the customer. The collection process is controlled from start to finish by the customer, who is responsible for the choice of data collected, the choice of treatments carried out, and the choice of the form in which this data is returned.

• We only use suppliers and products in accordance with the GDPR, and all of our data is stored in Europe only, in several geographical locations, in order to ensure the best reliability and maximum reactivity in case of an incident.

• Our studio can manage several dozen users per customer account. This means that the customer can manage his users and define their role in total autonomy, according to the principle of least privilege.

Solutions at the forefront of security

We only choose partners that offer the highest levels of security on the market, and we implement a high touch security approach to orchestrate our solution over and above these services.

• Our solution is hosted with the best security players on the market. We require that their organization is ISO 27001-17-18 certified, and that PCI-DSS and HIPAA (Credit Card and Health Data Management) certifications have been obtained on the needed services.

• Our data is encrypted by default in transit and at rest, both over the phone channel and for the call data.

• All of our entry points are state of the art in terms of encryption and authentication.

High security integration

Finally, we pay particular attention to the security and availability of our link with our customers and their information systems. Thus, we implement all the necessary means to meet their security requirements.

• We have already set up nearly a hundred voice agent integration projects, with a variety of integration constraints. These architectures can be redeployed in a customized way very quickly.

• We work hand in hand with our customers and partners to find the most appropriate and secure integration solutions, capable of satisfying all stakeholders.

• Depending on the criticality of the integration, we can set up a back-up connection to ensure continuity of service in all circumstances.

• We test our integrations and automatic failover mechanisms to back-up systems on a regular basis with our customers.

In short, the calldesk solution was designed and developed to ensure the best possible users' data management. On a daily basis, we continue to apply these principles within our technical team, thanks to the definition of four cardinal values: leave no caller behind, work exclusively with solutions that are natively GDPR compliant, customize the approach with each partner to guarantee the best security level, and perform custom integrations to ensure reliability.

As a result of these principles, we are very proud to have won the 2020 AWS "Architecture of the Year" award, which recognizes the most innovative, secure and reliable startups.