Data Security

Comprehensive Protection for Sensitive Information

Data security is top of mind for financial firms and call centers. Regulations are heightening attention to protect sensitive information contained in call recordings and screen captures. But safeguarding sensitive customer information is a good practice in any business, protecting your company against harmful lawsuits and negative publicity.


NICE’s approach to data security incorporates three key focus areas:


  • Infrastructure security– The foundation of data security is a secure computing environment resistant to breaches and attacks. The NICE system architecture isolates access to critical components and information, supports standard server-hardening techniques, and employs secure Internet Protocol (IP) communication methods and certified virus protection.


  • User security– Internal sources account for most data security breaches so user security is crucial. NICE solutions feature strong user authentication, advanced profile-based user authorization, password policy rules, account locking and a fully queriable audit trail database. Microsoft Active Directory support for user authentication is also an option.


  • Information security– If all other barriers fail and information reaches unauthorized parties, media encryption is the last defense. NICE solutions use advanced encryption standard (AES) symmetric encryption, the most efficient and secure industry algorithm, to secure sensitive data throughout its lifecycle.


Advanced data security wherever, however sensitive data is shared or stored:


  • End-to-end media encryption– Recorded interactions may contain sensitive information— credit card numbers, security codes, medical history, passwords— that needs to be protected from unauthorized access. NICE provides full end-to-end encryption for recorded interactions. Data is encrypted at the point of capture and remains encrypted throughout its lifetime— storage, transfer and archival.


  • Secure communications– NICE solutions utilize secure communication methods when information is exchanged between the client application and server. Even though most implementations operate within internally secure network boundaries, this provides an extra layer of protection for data security.


  • User authentication and access– Every user is required to have a unique username and password to gain access to NICE solutions. Passwords are stored securely and comprehensive management capabilities enforce security policies. Every user also has defined access rights, managed on an individual or role basis, determining what features and data they access.


  • System hardening– All server-based components run as Windows services rather than as user applications to ensure data security. Servers provided by NICE are shipped pre-hardened. If your IT organization has its own guidelines, detailed information is provided on required permissions and settings. Support for network address translation (NAT) and port address translation (PAT) provides enhanced security for network communications. Default TCP/IP port settings can also be changed. Leading anti-virus software is supported and certified for compatibility with NICE solutions.


  • Audit trail– A comprehensive, detailed audit trail is an essential component for data security. NICE solutions provide complete activity tracking and reporting to facilitate investigation and analysis of user actions. Functions performed by users are logged in the audit trail database. Using a database, instead of log or text files, allows detailed queries to be performed on the information, returning targeted results depending on the type investigation being conducted.


NICE Data Security capabilities provide a comprehensive solution to safeguard sensitive information contained in call and screen recordings. Click to learn more about compliance recording and contact center operational efficiency solutions.