CCF Security
There are two classes of security issues that could occur in CCF.
- Issues with customer applications, whether purchased or developed in-house.
- Issues with CCF itself.
This section describes best practices to avoid security issues with CCF and to help secure hosted applications. However, it is beyond the scope of this guide to describe how to secure applications that exist outside of CCF 2009.
For example, a typical inbound call center will have a number of applications. These could include:
- A billing application
- A knowledge management system to assist with answering customer questions
- An application for testing connectivity with the customer (for voice and broadband providers)
Whether these applications were purchased or developed in house, they were probably written before CCF was brought into the call center. These applications might have security issues, but these issues are part of the specific application and not CCF.
A basic security technique is to allow an agent to access only that information that he or she needs. For example, a billing application should allow an agent to view only that information that he or she needs when working with customers. If there is specific information that the agent does not need, such as a credit card number or password, then that information should not be displayed.
Keep the following recommendations in mind when you work with CCF.