Tag Archives: Cloud-Based Computing Articles

The Truths of System Hardening

Startel delivers best-in-call contact center solutions

By Shawn Griswold

Today you must take initiative to deal with security and system hardening. Flying under the radar, hoping and praying you will be okay, is no longer an option. Cybercrime is exploding. Crimes like exfiltration, ransomware, extortion, and sale of personal data are on the increase, and they are even being combined.

Previously threat analysts were only worried about ransomware, now they must worry about the ransomware actors exfiltrating data: turning around and locking us out of our own system, and then threatening to sell our information if we don’t pay. And they do sell data if the victims don’t comply. Sites like Klep exist to sell data. 

Why do they do this? For one, it’s safe for the bad actors. The countries that harbor these threat actors will not prosecute if they don’t harm anything within their own country. In Russia, for instance, where many of the threat actors attacking the U.S. reside, threat actor’s software can check the localization of a computer, and if it resides in any of the former soviet states, the software will automatically uninstall itself. They know better than to do business in their own backyard. But they can attack the United States all they want, and they will never face prosecution. So, it is a safe crime for them. 

As far as money goes, just to give you an idea, is a company called Darkside. It was in the news recently. The FBI blamed it for carrying out a ransomware attack on Colonial Pipeline, which crippled fuel delivery across the Southeastern United States. Darkside made $17 Million in seven months. It’s very profitable. Darkside began as a software company that provided services. Revel makes even more than that. 

It’s an easy business. Darkside took all the work out of creating ransomware. You can go on to a webpage, order your ransomware software, customize it for the environment you need it for, create it, and deploy it. You don’t even need to know how to write ransomware. 

Tools stolen from government hacking teams are used to commit these crimes. Equation Group, the hacking arm of the National Security Administration had malware code stolen by another hacking group called The Shadow Brokers and is now being used to commit crimes globally. As these tools have been stolen and released it makes things so much easier for the criminals.

From 2018-2019 ransomware attacks increased by 300 percent in the United States. In the first nine months of 2020 it has increased an additional 400 percent.

The other thing to keep in mind is that for those under a regulated environment such as HIPAA, PCI, ITAR, and FERPA, it really doesn’t matter. Ransomware equals a breach. And breach means disclosure. These are the things we try to avoid.

One of the biggest attack points we are seeing is VPN. This year alone, VPN attacks have increase over 2,000 percent. The number one way these threat actors are getting into corporations is by attacking people’s less secure home networks. Ultimately your security is no better than the end point. For example, the Colonial Pipelines breach came because of a compromised username and password for a user’s home VPN. The threat actors got ahold of it, and they did $5 million dollars in ransomware damage, plus the subsequent security costs to the company in mitigating future attacks. 

Another scary example occurred at the Oldsmar Water Treatment Plant in Florida. According to federal investigators an outdated version of Windows and a weak cybersecurity network allowed hackers to access the water system and momentarily tamper with the water supply. 

So, what can you do? Use system hardening.

What is system hardening? These are steps you can take to make your cyber security system more secure than what a default installation provides. You may be surprised that most systems are insecure by default for the sake of user convenience. Many companies want to make their software easy to use and easy to set up. But that doesn’t make it secure. 

For example, by default Microsoft Windows does not have the password lockout turned on. You need to go in and manually set it so that hackers can’t just “brute force” their way into your system. By default, it does not have password history turned on. So even if you tell it to change the password every thirty days, your old password will still work unless you turn on password history. As your passwords keep changing, you are only adding more opportunities for hackers to guess a password. 

These are the types of security measures you need to harden.

Anti-Malware and Anti-Virus

This should be mandatory and set to automatically update. Scans should also run automatically. Likewise, they need endpoint protection and intrusion protection. They need to do a certain amount of firewall and exfiltration. They just can’t let anything go out the door. 

If you are running in a domain where you have control over all the endpoints, you can investigate installing a central managed server where all the definitions are downloaded to it and then pushed out. Completely take it out of the hands of the agents or end users. This is a pain but cleaning up after a ransomware attack is far worse. The average cost of cleaning up after a ransomware attack is around $1.2 to 1.5 million. 

Web Proxy

Do not allow agents to browse the internet freely. Create and maintain whitelists or required internet sites.

Firewalls

Companies put a lot of time and effort into securing what is on the outside trying to get in, but they don’t put the same energy into securing what’s inside trying to get out. Many companies hinge everything on the hacker never getting in. But there are multiple ways they can, and once inside what security plans do you have in place? 

Focus on inside to out as much as you would outside to in. You must assume they will get in. This is what the hackers are relying on. That once they can get in, they can exfiltrate the data without any barriers. Therefore, your inside to outside rules must be well defined and only allow outgoing traffic that is necessary.

Updates and Patches

You must apply all high and critical updates within thirty days of release to maintain security compliance. For example, the NotPetya virus caused $10 billion in damages because users did not apply a critical patch. If you are running in a domain, it is highly recommended that you use the Windows Server Update Service. The WannaCry virus was launched out of North Korea and was successful because nobody heeded the warnings from NotPetya and did not patch. This sort of security laziness is the initial cause or shortcoming of many system breaches. Do not delay these patches. 

And if Windows releases a patch outside of their normal patch cycle you should apply it immediately. If they feel it’s critical enough to offer it outside of their normal patch cycle, then you can be sure the virus is bad. They only do that when things are critical.

Vulnerability Scanning

Vulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks, and communications equipment and predicts the effectiveness of countermeasures. Some places where you can have this done are www.OpenVAS.org and www.tenable.com

Other Best Practices

Rename the default administrator and disable the account. Do not make it easy to hack a known default administrator account. You should always rename it to something other than administrator. The first account that a threat actor would want to access is the admin login. Don’t make it easy to find. Also, keep the system security group as small as possible. And do not allow users to run as local administrators.

It is also highly recommended to use a Server 2021 or later Active Directory Domain. This centralizes the management of authentication and access. Update group security policies per NIST or CIS standards. Once again default policies are not secure. For more information visit www.nist.gov or www.cisecurity.org

Harden web servers to meet OWASP standards. For more information go to www.owasp.org. Also look at www.ssllabs.com.

Educate Your Agents

Another thing many security admins take lightly is educating their employees about security risks. You should train your workers so they understand the risks involved with browsing the internet or opening spam emails. 

One way many security admins are gauging their workers knowledge and adherence to rules is to send out a faux phishing email from an anonymous source to see how many people click on it. You can even offer incentives to get that click rate as low as possible.

Conclusion

If there is one thing you should be learning from all of this is just how easy and risk free this crime is. For many hackers the only security protocol they must contend with when hacking your system is figuring out your name and password. Once inside they can easily move about. But if you take the steps mentioned above you will make it harder for the hacker. 

Many hackers are lazy and do not have time for redundant security measures. Once they realize how slow their progress will be, many will just give up. This is not because it is impossible but because it will require extra work. 

While we cannot guarantee a failsafe security system, we can make it harder for the hackers to hack.

Startel

Shawn Griswold is the security analyst for Startel Contact Center Solutions. Shawn has been involved in software engineering for over thirty years and has been providing cyber security for Startel for the last six.

Innovation Enhances the Cloud-Based Contact Center Infrastructure Market



By Donna Fluss

The past year was excellent for the cloud-based contact center infrastructure (CBCCI) market. DMG had projected that the market would grow by 22 percent in 2017, and the actual growth rate was 25.4 percent. Most of the sales were to existing contact centers whose management made the decision to migrate to the cloud. The introduction of contact center platforms from companies such as Amazon and Twilio also contributed to the growth of the market.

DMG remains bullish on this IT market, particularly now that we see some of the larger contact centers either moving to the cloud (albeit not all their seats at once) or considering a move. DMG expects the market to grow at a minimum of 23 percent in 2019 and 2020, and 21 percent in 2021 and 2022.

Adoption Rate for the CBCCI Segment

The adoption rate of the cloud-based contact center infrastructure market as of the end of 2017 was 14.1 percent. This includes hosted and software as a service (SaaS), up from 11.4 percent at the end of 2016. Assuming an average cost per seat of 125 dollars per month, this is already a 4.1 billion dollars market. The amount of 125 dollars per seat per month takes into consideration implementation, professional services, and add-ons such as WFO.

Differentiation Drives the Market Forward

CBCCI vendors have begun to differentiate themselves with innovative routing capabilities that can optimize the outcome of each interaction. Incoming transactions in any channel can be evaluated and directed to the agent or advisor ideally suited to handle the issue. The result is higher sales rates, larger collections, and greatly improved customer service.

At the same time, this enhances productivity, as inbound agents benefit from guidance and recommendations on handling transactions as they occur, without having to spend as much time researching the customer’s background and the context of the inquiry. The solutions also help organizations comply with various governmental regulations for required disclosures and prohibited activities during agents’ conversations with customers.

Artificial Intelligence Enhances Contact Centers

Artificial intelligence (AI) is having a profound effect on the CBCCI market. Customers show a preference for self-service, and AI-enabled intelligent virtual agents (IVAs) are playing a vital role in addressing the self-service challenge. IVAs can automatically verify callers and allow customers to ask questions in their own words. IVAs also support seamless migration from one channel to another and provide agents with information from diverse online sources to optimize and personalize each interaction and make the most of each sales opportunity.

Robotic process automation (RPA) is another valuable tool, relieving contact center agents of repetitive, noncognitive tasks, including the time-consuming processes required for compliance with two-factor authentication. This gives agents more time to spend on resolving customers’ issues, enhancing their job satisfaction as well as customer experience.

Contact Center Infrastructure Platforms Are Game Changers

Contact center infrastructure platform vendors are having a positive and disruptive impact on the CBCCI market. The new paradigm of “platform as a service” allows for the quick creation and deployment of customized solutions. Application programming interfaces (APIs) facilitate the build-out of functional capabilities rapidly and easily.

What’s Next?

The advantages of hosted/SaaS applications in the cloud are no longer the sole value proposition for buying a CBCCI solution. The CBCCI solutions are compelling because vendors are delivering outstanding and differentiated capabilities, either natively, by acquisition, or through integrations with best-of-breed providers.

During 2019, more contact center systems will incorporate AI, machine learning, and natural language understanding and processing (NLU/NLP). This will present companies with an opportunity to vastly improve their performance and gain insights into customer needs. The use of robotic process automation (RPA) and IVAs will enhance the customer and agent experience. The next few years will be exciting as market innovation enables companies to start delivering the personalized service their customers expect.

Donna Fluss is president of DMG Consulting LLC. For more than two decades, she has helped to emerge and established companies develop and deliver outstanding customer experiences. A recognized visionary, author, and speaker, Donna drives strategic transformation and innovation throughout the services industry. She provides strategic and practical counsel for enterprises, solution providers, and the investment community.

Cloud-Based ACDs and Dialers Come of Age



By Donna Fluss

Cloud-based contact center infrastructure (CBCCI) vendors have spent most of the last twenty years playing functional catch-up to the leading on-premise vendors. But this is no longer the case. DMG just completed our annual research on the CBCCI sector, and we are impressed and excited about the enhancements and changes to these solutions.

The value proposition is no longer to buy a CBCCI solution just because of the many benefits of using a cloud-based solution. Beyond the proven advantages of the cloud, these solutions are compelling because the vendors deliver outstanding and differentiated capabilities, either natively or by integrating with best-of-breed providers.

It’s undeniable that contact center platform vendors are having a highly positive disruptive impact on the pace of innovation in the CBCCI sector. The “platform as a service” paradigm, which leverages application programming interfaces (APIs) to roll out functional capabilities, makes it easier to build your own solution (BYOS). And the fact that these customized contact center solutions can be developed quickly using standard development languages is a significant change. Some of the vendors who have traditionally been “solution providers” are now starting to position their offerings as both a product and a platform.

An inbound contact center solution (often referred to as an automated call distributor or ACD) is valuable for enterprises of all sizes, and many organizations will benefit from outbound calling functionality. This has been the case for the past forty years, but now the vendors are adding analytics, big data, artificial intelligence (AI), and robotic process automation (RPA) to help companies work smarter instead of harder.

In the recent past, ACD vendors specialized in bringing in or sending out interactions, and it was considered a differentiator if the solution offered omni-channel capabilities. Today, omni-channel functionality is a “must have” (although there are still some CBCCI solutions that do not offer this capability), and the differentiation is coming from the more effective ways that enterprises can route or issue the interactions. In some cases, CBCCI solutions can evaluate an incoming interaction in any channel and, based on information previously collected about the individual, get it to the agent or advisor who is ideally suited to handle the transaction.

This means higher sales rates, larger collections, and much improved customer service. This is and always has been the top goal for organizations and is a perfect (and real) example of working smarter, not harder. But there is so much more going on today.

Imagine an inbound contact center where agents receive appropriate guidance and recommendations along with each interaction, instead of having to spend minutes researching the background and context. These solutions are also HIPAA- and GDPR-compliant, addressing essential regulatory issues. Moreover, they empower the agent and are effective in helping customers the way they desire during their journey. These innovations are game changers for companies and the industry in general.

RPA is also finding its way into the contact center world. To date, so much of the work performed by agents is to comply with two-factor authentication and to meet the needs of the company. Of course, customers care about the security of their information, but they aren’t thrilled with the burden of meeting authentication requirements, and they surely don’t care about the processes agents/advisors have to follow to get a high quality-assurance score. For example, a customer doesn’t want to wait while an agent types up their notes or copies and pastes data in multiple systems. Freeing agents to spend their time on customers’ issues (instead of enterprise requirements) will change the entire sales, service, and collections experience by enabling them to do what should be a fun and interesting job.

The worlds of interaction management and customer relationship management (CRM) are coming together. Instead of fighting to “own” the customer, CBCCI vendors are either offering their own CRM functionality or making it easy to cleanly integrate to a third-party solution, such as Salesforce. Once this happens, enterprises and small companies alike will be able to take advantage of the full functionality and intelligence that comes along with the CRM system. It’s not just vendor promise or hearsay, but a real opportunity.

These are just a few of the very practical and high-value capabilities that are making their way into the current and next generation of CBCCI solutions, and there is a great deal more already available in the market. For companies that haven’t looked at their ACD or dialer in the past five years, DMG recommends reviewing some of the leading CBCCI offerings on the market and considering replacement of their existing solutions with ones that position them to do what their customers expect—delivering an outstanding experience throughout the journey.

Donna Fluss is president of DMG Consulting LLC. For more than two decades, she has helped emerging and established companies develop and deliver outstanding customer experiences. A recognized visionary, author, and speaker, Donna drives strategic transformation and innovation throughout the services industry. She provides strategic and practical counsel for enterprises, solution providers, and the investment community.

Ruminations on Cloud-Based Contact Center Technologies

By William Lane

There has been much press about Amazon Connect, a self-service cloud-based contact center solution offered by Amazon Web Services (AWS). There was a huge protest on various industry listservs about how this might affect the various business models of vendors and users within the telephone answering service (TAS), contact center, and related industries. When considering new information, it is best to take a deep breath, step back, and consider a broader view of the situation to evaluate the impact.

The purpose of this article is not to analyze Amazon Connect or other online cloud-based services currently available from other vendors, but instead to present some observations I believe are applicable to determine if this new offering, or any other much-touted cloud-based contact center service, is relevant to you and your business. I will ask pertinent questions to focus on what you may or may not need from your chosen technology vendor. To do so, I am going to assume you are in the business of servicing your customers’ clients from a TAS or contact center perspective.

First, does speed matter when interacting with your customers’ clients? This question is key to understand whether a particular cloud-based solution suits your business needs. Amazon Connect and many other cloud-based services utilize WebRTC exclusively. With WebRTC, the effective solution is completely browser-based. A solely browser-based solution means that the provider has implemented a mouse-driven versus a keyboard-driven business model. While this may be acceptable for many businesses, the impact is no shortcut keys or macros, resulting in a loss of efficiency and speed for agent-client interactions.

Second, is your business transaction-heavy? In a browser-based environment, the transactional logic resides on the cloud-based server. If your business model calls for intensive usage of message-scripting transactions, the agent is going to initiate commands via the Internet to a database server located at another destination numerous times per client contact. Even if there is an acceptable level of latencywhich often there is not due to Internet connectivity issues—efficiency will suffer. This may be why few cloud-based solutions include message-scripting functionality.

Third, does your company have in-house professional services staff? If not, who will develop the necessary third-party integrations and additional features and functionality you need to differentiate yourself from your competition? Amazon Connect, and many other cloud-based contact center solutions, provide only self-service solutions. They may or may not offer tools you can use to build unique offerings for your customers. Therefore, it will be necessary for someone to utilize the provided tools to create the solutions that will attract customers to you as opposed to your competitors. Does utilizing a one-size-fits-all cloud-based solution, where price may be the only differentiator available to you in a global market, square with your business model? 

Fourth, would your business model tolerate multiple hours of periodic downtime? It is no secret that AWS, the backbone for the new Amazon Connect service, has gone down several times over the last twelve months. The February 28, 2017, outage affected some customers for nearly eight hours. Many cloudbased providers make no guarantees of uptime in their service level agreements (SLAs). It is simply not an imperative element of their self-service business model.

Fifth, does your business model require validated HIPAA compliance? Many cloud-based solutions, including Amazon Connect, do not address HIPAA compliance. They do not provide proof of annual HIPAA assessments, audits, and the resultant scores provided by third-party auditing firms. Many cloud-based solutions leave all compliance adherence to the user and absolve themselves from any regulatory responsibility by claiming they are merely conduits providing a service, thus leaving you to fight the regulatory battles.

Ensuring that your business model matches your chosen vendor’s business model is imperative to achieving business success. If HIPAA compliance, platform reliability and robustness, third-party integrations, customized features and functionality, and agent speed are important to your business model, then many of the oft-hyped cloud-based contact center solutions available may not be for you.

William Lane has nearly forty years of experience in customer service and software development. He is president and CEO of Startel and Professional Teledata.

Save

Save

Save

Four Major Cloud Deployment Models



By Kevin Mahoney

The National Institute of Standards and Technology (NIST) recognizes four major cloud deployment models: public cloud, private cloud, community cloud, and hybrid cloud, as follows:

Private Cloud: The private cloud provides services designed for a single organization. Consumers within the organization may include different business units, but the focus of the private cloud is to serve one specific business organization. This is important to note as private-cloud functions may not scale as easily as with a public cloud, but in this model it is the organization that determines the design and scalability of the resources.

This model is similar to building and managing your own infrastructure, with your organization having the option of building the resources itself on-site or off or having a third party provide the resources. Security and downtime play a critical role in making this build versus buy/versus on-site or off-site decision.

For example, healthcare organizations and other industries may have mission-critical applications to consider – particularly with respect to Internet availability – which make the private cloud on-site model the best choice. Or perhaps moving data to the cloud would violate a regulatory standard such as HIPAA, HITECH, SOX, or SAS 70.

Examples of private cloud deployments include OpenStack and vCloud. OpenStack is an open-source cloud platform supporting the IaaS (Infrastructure as a Service) model. It provides businesses with IaaS resources for internal purposes. Once owned jointly by NASA and Rackspace, OpenStack now is a nonprofit organization operated by the OpenStack Foundation. vCloud from VMware Inc. is a platform that also supports IaaS environments. The idea behind the suite of vCloud solutions is creating a cloud-based, virtual data center that enables the organization’s IT staff to deliver scalable services to internal business units, much like a public cloud does.

Public Cloud: The public cloud is the exact opposite of the private cloud. NIST defines the public cloud this way: “The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or by some combination of them. It exists on the premises of the cloud provider.”

Here we think of Amazon Web Services, Rackspace, Azure, Gmail, and Salesforce.com as examples of highly scalable, multi-tenant services. Security, maintenance, and isolation of data between customers are controlled by the cloud provider. The public cloud is great for hosting SaaS (Software as a Service) applications, managing changing load demands and development and testing environments, and reducing infrastructure costs.

One of the reasons this model is so popular is the fact that users typically pay the costs on an allocation or utilization basis with on-demand provisioning, thereby maximizing their resources. The public cloud is a great model for information that is not highly sensitive or subject to security mandates.

Community Cloud: The community cloud focuses on providing services for specific consortiums and interest groups. A community cloud is shared by several organizations with similar policy and compliance considerations. Data and security are shared between the members with access restricted for those outside the community. Facebook and LinkedIn are examples of the community cloud model.

Facebook is the world’s largest social networking service, with more than 1.65 billion users. There are no fees to join and use Facebook; its revenue is generated by advertising. Privacy is one of the main challenges with Facebook, as its policies have been known to change without user knowledge. LinkedIn also is a social networking service, but it caters to professional business users and has more than 433 million users in 200 countries. LinkedIn offers a free subscription along with several paid tiers, with each tier providing additional features.

Healthcare organizations in particular are good candidates for the community cloud. These organizations are concerned with regulatory requirements. The community cloud is a good way of ensuring that these organizations meet these challenges, and they can benefit by the sharing of information and resources with similar organizations.

Hybrid Cloud: Finally, one of the more popular deployment models is the hybrid cloud. This is how NIST defines the hybrid cloud: “The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).”

The hybrid cloud model might be considered the best of both worlds. Here we have the advantages of secure applications and data as with the private cloud while still benefiting from the lower costs of sharing data and applications as with the public cloud. Cloud bursting, which is the process or ability to move from a private cloud to a public cloud, can help balance workloads during peak workloads and workload spikes without interruption or user intervention. Backup and disaster recovery is another beneficial use for the hybrid cloud.

Examples of the hybrid cloud include the offering from Amazon Web Services (AWS) called Virtual Private Cloud (VPC) technology and Microsoft’s Azure. Amazon’s VPC can extend a customer’s data center into the AWS cloud infrastructure. This enables customers to run their application servers in the AWS infrastructure while keeping their data in their own data centers. Data control is retained by the customer while scalability of the application servers is achieved by being in the cloud. Microsoft Azure enables customers to use its PaaS (Platform as a Service) APIs to integrate with their private applications, thereby maintaining app security.

The four cloud deployment models help us understand and see through the marketing hype surrounding cloud computing. Cloud computing is an ever-changing and growing technology that offers game-changing possibilities to IT staffs and the business community. And it is here to stay.

Kevin Mahoney is a hospital and healthcare-related account advocate and sales engineer at Amtelco, a manufacturer and supplier of call center solutions located in McFarland, Wisconsin. Contact him by email at kmahoney@amtelco.com.

3 Major Cloud Service Models

By Kevin Mahoney

Three different types of cloud service models exist: software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Notice the key word here is service. Perhaps you’ve also heard of several other services that are available, such as desktop as a service, IT as a service, storage as a service, network as a service, and monitoring as a service. It gets confusing.

The key to remember here is that, regardless of the function of the service, all of these services revolve around abstracting the physical resources and creating or presenting these resources as services for end users. The National Institute of Standards and Technology (NIST) considers IaaS, PaaS, and SaaS to be the three main categories. Regardless of how many different services are available, providers are no longer concerned with specific products, platforms, and physical boxes. Instead, providers are supplying a wealth of great services.

Additionally, the cost model is changing. While a fixed cost is still an option, the more popular methods include an allocation-based and a utilization-based approach. The allocation-based approach is simply paying for the hardware configuration used. For example, the number of servers, the number of CPUs in the servers, and the amount of RAM in each server all have associated costs. Utilization-based refers more to the OneDrive and Dropbox examples, with the cost dependent on how much disk space we purchase or utilize.

Infrastructure as a Service (IaaS): In this scenario the vendor provides all the infrastructure items, including the networking, storage, servers, and virtualization. Amazon Web Services (AWS) is a great example of IaaS. You simply have AWS provision your order based on your storage, servers, virtualization, and security needs. You essentially end up with a data center as a service, which is very powerful. This is such a popular cloud service, in fact, that most people probably think of IaaS when they think about the cloud.

Platform as a Service (PaaS): Developers might not want to spend time setting up, configuring, and changing their environments for development and testing. With platform as a service, the cloud provider handles the hardware layer as well as the software layer. The cloud provider takes care of the operating system, middleware, and runtime – everything an application requires to function. In this model, all the scaling, maintenance, and redundancy are fully managed in the cloud, allowing developers to focus on their applications. Microsoft’s Azure environment and Google’s App Engine are popular examples of these types of attractive options, especially for organizations with smaller teams and budgets that don’t include the management and support of their own infrastructure.

Software as a Service (SaaS): With software as a service (SaaS), the cloud provider delivers the entire infrastructure over a network or the Internet. The user is not responsible for setting up anything. The user can access these resources with any device from anywhere that’s convenient. One example is Google’s Gmail; users access Google’s email infrastructure, off-loading all IT responsibility to the cloud provider. Other examples include Citrix’s GoToMeeting, Microsoft’s Office 365, Cisco’s WebX, and Google Docs. There are literally hundreds of similar offerings. This model is so popular that people often think this is the cloud.

It is important to mention that you can surrender control to the cloud in varying degrees and multiple ways. Consider Microsoft Office: Some programs can be set up as true SaaS programs, or IT can introduce some controls, which moves this model toward more of a platform or infrastructure as a service model.

The bottom line here is that no matter what acronym we hear, we are talking about powerful, scalable services offered by today’s cloud providers that are based on these fantastic cloud models.

Each level of service – IaaS, PaaS, and SaaS – places more control in the hands of the cloud provider. IaaS represents the least amount of control from the provider, PaaS places more control with the provider, and SaaS enables full control through the provider. Pick the option that works best for your call center.

Kevin Mahoney is a hospital and healthcare-related account advocate and sales engineer at Amtelco, a manufacturer and supplier of call center solutions located in McFarland, Wisconsin. Contact him at kmahoney@amtelco.com.

5 Cloud Characteristics

By Kevin Mahoney

My inbox receives daily articles on an array of cloud-related topics such as “Cloud Migration Strategies,” “10 Ways the Cloud Is Changing the World,” “Choose the Best Cloud for Your Enterprise,” and on and on. The daily barrage makes my head spin with all its marketing speak. What do we actually mean when we say “the cloud,” and what are the essential characteristics that make up cloud technology?

Let’s begin with a quick visit to the National Institute of Standards and Technology (nist.gov) to learn what cloud computing is. The NIST guidelines on information privacy and security served as the basis for the requirements eventually embodied in the HIPAA and HITECH legislation:

“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics . . .”

This definition tells us that the cloud is convenient, on-demand, and available for many resources, including networks, servers, storage, applications, and services. It also tells us that there is minimal management effort and plenty of self-service aspects to the cloud.

Cloud technologies are all about separating the physical IT resources from the actual underlying infrastructure. This is virtualization technology at its finest and applies to the many resources available to us in this service-oriented model. For example, when we think about our cloud-based email accounts, we are no longer thinking about Microsoft Exchange as an email service. We now are thinking about Google, Yahoo, and other such cloud-based email applications. When we are using a hosted storage service, we are not thinking about rack upon rack of storage in our data centers; instead we are thinking about services such as Dropbox Inc.’s Dropbox and Microsoft’s OneDrive.

What a win-win scenario cloud technologies bring to the table! It’s a win-win for users because it is on-demand, contains self-service features, is highly available, and presents users with all kinds of interactive interfaces or APIs. Plus, cloud technology providers are attractive because they help their customers reduce costs, better utilize equipment, provide end users with an engaging experience, and build a fail-in-place environment.

Of course, it’s easy for some to say, “What’s the big deal? All these technologies have been around for quite some time. Virtualization, for example, has been around since the 1970s. What’s so special about today?” The growing trends toward consolidation, automation, and standardization are what make today’s cloud computing so interesting. Computing and application power are being consolidated into central data centers. Automation provides timesaving and self-service technologies. And standardization enables all vendors to work together. These trends bring us the robust solutions we’ve come to know as cloud computing.

The NIST definition goes on to outline five essential characteristics of the cloud: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Let’s talk briefly about each of these.

1) On-Demand Self-Service: When one thinks of on-demand self-service, Dropbox and OneDrive usually come to mind. Both are excellent services. Before the cloud, when we needed additional storage we contacted our provider, got a quote, negotiated contracts, attended to other time-consuming details, and eventually ordered and installed the hardware. Not today. With the cloud, adding additional storage is accomplished quickly through a self-service cloud portal. Gone are the red tape and administrative headaches. Although, let’s be clear, there are still contracts and legal agreements with ample fine print to read before signing up.

2) Broad Network Access: This leads into the next characteristic, which is broad network access. What good is my additional storage if it is not able to be accessed by a variety of devices? It is important to have access to these resources anytime and anywhere, assuming this is appropriate for your business. After all, you might be running a private cloud to which access is limited by design. Otherwise it is important to allow access from multiple devices including smartphones, tablet computers, desktop computers, and even game consoles such as Xbox. Using OneDrive, for example, I can access my shared storage resource from all of these devices without issue. I can access this storage from my office, my home, and even my local Dunkin’ Donuts.

3) Resource Pooling: Next on the list is the concept of resource pooling. One way to look at resource pooling is to think about the massive data centers built or being built around the country by folks such as AWS, Microsoft, and Google. Inside each of these data centers lives equipment from Cisco, VMware, NetApp, EMC, and Red Hat to name a few. All this technology works together to provide a multi-tenant environment for many different customers with many different needs. Resources, both physical and virtual, are pooled within these data centers and assigned dynamically to customers. In fact, customers often don’t know exactly where their resources exist, nor do resources of one customer interact with those of another. While a customer can usually pick a general location for their resources – the U.S. Northeast, for example – even within this area one doesn’t really know exactly where everything is coming from.

4) Rapid Elasticity: Rapid elasticity means that cloud capabilities can be dynamically provisioned and released. The best way to visualize this concept is to imagine a small start-up business that needs a website. The website is up, customers begin to arrive, and the business starts to grow. As news travels, the business grows more rapidly. Additional computing power is needed to meet these growing needs. A slump occurs, fewer resources are required, then growth returns, and so on. This ever-changing atmosphere helps to illustrate the elastic needs of many organizations. Cloud technologies satisfy these dynamic raw resource needs by easily adjusting both physically and financially to the ever-changing needs of a growing business.

5) Measured Service: Elasticity goes hand in hand with the final characteristic: measured service. Cloud providers can automatically control and optimize resources based on the type of service or resource. Back to the OneDrive example, Microsoft will meter storage usage, provide reports, and maintain a consistent and optimized solution. This provides transparency for both the user and the provider.

So there you have it: the five cloud characteristics as defined by NIST. They are an important part of today’s fundamental cloud-technology blueprint.

Kevin Mahoney is a hospital- and healthcare-related account advocate and sales engineer at Amtelco, a manufacturer and supplier of call center solutions located in McFarland, Wisconsin. Contact him at kmahoney@amtelco.com.

Cloud System Technology 101

By Wayne Scaggs

Has a salesperson ever said to you, “If you use the Internet with VoIP calls, your call quality will be bad, your Internet will go down, and you will lose customers?” It’s time to take the fear out of this statement and empower you with the knowledge to make an informed decision that is best for your business, not best for the salesperson.

We will start with a question: Who owns the Internet? While no one owns the Internet everyone owns an individual piece of the Internet. Owners such as AT&T, Verizon, Level3, and Time Warner are some of the bigger players, with massive amounts of infrastructure in place. Most everyone who reads this article is a stakeholder in the Internet. There are multiple Internets, too – the public Internet, the military Internet, the telephone companies’ private Internet for voice traffic, and a number of other private Internets with restricted access.

The Internet is a powerful and essential tool of modern day life. Without it our way of life would cease. Trillions of pieces of data travel over the Internet hourly. Our goal is to get our information to its destination on time and securely.

Not all the data on the Internet is equal. In our case, voice data is more critical than the visual screen data we work with. Voice is sampled, encoded at a high rate, and converted into data. That data is sent to a destination end point where the data is converted back to voice. The data packets must stay essentially in the same sequential order and flow rate as when the data left the originating point. If the data is out of sequence, the ear hears distorted sounds, and the voice may not be understandable. When things are not understood or are improperly implemented, unwanted results are the result, and the door is open for fear to step in and distort the truth.

The technical issues of a cloud system have three major components: 1) the servers, datacenter, and surrounding infrastructure; 2) the data transmission from the instant the data enters the Internet backbone to the instant the data leaves it; 3) the company’s infrastructure, which extends out to the provider.

Cloud Infrastructure: The servers, datacenter, and surrounding infrastructure refer to the datacenter with all the proper redundancies required. This should be as close to the Internet backbone as possible. It connects directly to VoIP calls through SIP ports. The datacenter is on the Internet backbone with multiple Internet providers and has backup power in the form of UPS and generators. The datacenter is accessible twenty-four hours a day, seven days a week, and strict security is enforced.

Data Transmission: Data transmission occurs from the instant the data enters the Internet backbone to the instant it leaves. This component has a major influence on the quality of the voice call center agents and callers hear. By far, the vast majority of voice connections are above acceptable quality for telephone conversation. So what happens when you have a bad call? One or more of the following three things likely caused it:

Delay (latency) happens when the callers seem to be talking over each other; the voice is so delayed that the other person has started to talk before all the voice data packets have reached the listener. Sometimes it’s similar to talking on a walkie-talkie because the delay is so bad. End-to-end delay must not exceed 230 milliseconds. Performing a ping test determines the extent of the delay. It is not the physical distance that matters as much as the latency of the data.

Jitter occurs when the voice data packets are not in the correct order or not flowing in a consistent manner, and the voice gateway is unable to correct for the flow of misaligned voice data packets. The resulting call, or portions of the call, will sound garbled; speech will be incomprehensible or choppy.

Voice data packet loss happens when a portion of the call data is lost. The caller might experience dead air, or the call will sound choppy. Data loss in one direction will cause one of the parties not to hear the other. Data loss must not exceed 10 percent to be considered an acceptable call.

These are the three key quality factors. However, they are not the only causes. Additional contributors to poor quality calls are:

  • The codec selected (G.711 to G.729) – a codec determines how much the voice is compressed
  • Insufficient bandwidth for both uploads and downloads
  • QoS (Quality of Service) required when bandwidth is marginal
  • An excessive number of hops in the signal path

Company Infrastructure: If you do not ask, you may not get the Internet service you require. You should ask your Internet provider to reveal the upload speed of the service. Internet providers advertise the download speed, but the upload speed is often considerably less. If the upload speed is not enough, the caller may not hear your voice. Internet service is often advertised as “up to” a certain speed, which means that if you get half of the advertised speed, the provider has delivered the service you bought. Instead always ask for dedicated or guaranteed speeds.

The information in this article is intended to inform you and help you make informed decisions regarding your business. The information not only applies to your call center system; it may also apply to any Internet connection you have. Underline what is important to you, and keep this article for future reference.

Wayne Scaggs is president of Alston Tascom, Inc., which offers premised-based and hosted contact center solutions.

[From Connection Magazine – January/February 2016]

A Complete Call Center System in the Cloud

By Wayne Scaggs

The purpose of a call center system in the cloud is providing a more efficient method of receiving raw data, processing that data into value-added information, and delivering the valuable information to customers in a timely manner.

Why use the cloud? First, if you accept the premise that the call center industry is not an island and that technology influences how our customers expect information to be processed and delivered, think “cloud.” When competitors move to the cloud because it is more efficient and then come after your customers with new and cost-effective solutions, how will you keep your customers with your cost-intensive hardware-based system? Cloud systems are here to stay because efficiency always trumps “but we have always done it this way.”

I consistently receive two types of inquiry calls:

The first type of caller asks, “How can paying a monthly recurring fee be cheaper than buying a system that will be paid off at some point?” What these callers do not yet realize is that the hardware system in their equipment room continually costs them money. Start with the cost of the system and then add the interest on a loan (or a lease with built-in interest). Then consider the cost of getting the system shipped to one’s office; installation and training are often in addition to the system price. Plus the system is usually a balance sheet debt, limiting future borrowing power.

T1 or PRI costs will continue to rise, and the last mile is a big part of the bill. How much more are you paying due to the way the phone company charges you for a full PRI, the per-minute cost, and long contracts? What about the service they provide?

You also need a technician to maintain the system. Or are you a do-it-yourself owner? If you are, how do you value your time? How are you paying yourself? You are probably the most valuable person in your company, so working on your equipment is not the best use of your time. You also need supporting hardware: network, network cables, and switching hub, along with the labor to install your network. After your warranty expires you will have maintenance and service fees for as long as you have the system.

Did you include the cost of an UPS and generator backup into your calculations? Another consideration is that your UPS batteries may only last for a few years before needing to be replaced. About six years into the life of your system when things have finally settled down, you’ll need a major upgrade. Whether hardware, software, or both, you are looking at 35 to 50 percent of the original system cost just to keep up with the changes in technology and customers’ demands.

Utility expenses include electricity and air-conditioning for your equipment. Other facility costs include the equipment room itself; the floor space costs something. The equipment has to be insured; this is part of owing your own hardware.

In contrast the second type of caller says answering calls is how he or she makes money; costly equipment is a major business distraction. This caller asks, “What does it take to go on the cloud system?” These callers understand the value of cloud technology so they can concentrate on their business.

A cloud system solution has no capital expenditure, no debt on your balance sheet, and no interest to pay. Your cloud system should use SIP channels and therefore be more cost-effective than T1 or PRI. There is no last mile charge every month from your telephone company. All the system maintenance is the responsibility of the vendor as part of your monthly fee. Your local area network (LAN) only needs to accommodate your workstations and the Internet. There is no need for a large UPS that requires a generator. You’ll also avoid an expiring warranty or the need to buy a service plan.

The decision is in your hands. Become the second type of caller.

Wayne Scaggs is president of Alston Tascom, Inc., which offers premised-based and hosted contact center solutions.

[From Connection Magazine – November/December 2015]

Cloud-Based System Economics 101

By Wayne Scaggs

The economic considerations of cloud and hosted systems are more than the cost of a premises system versus the monthly payments for a cloud-based alternative and where they cross the breakeven point. Let’s look at the economics of cloud-based and hosted systems to see the full picture.

In the following examples, we will examine the ongoing month-after-month expenses and then examine the one-time expenses of premise-based systems. Individually the expenses may not be very much; however, over the life of the system, the savings can amount to hundreds of thousands of dollars – all while providing your customers with the same services as you would on a premises system.

Consider the following:

Telephony Costs: In many cases you can reduce your telephone bill by moving to a hosted system. First, you only pay for the trunks you need. For example, if you need thirty trunks, then you pay for thirty trunks. On the other hand, with a premise system for thirty trunks on T1s, you’ll need to pay for two T1s – even if you only use a quarter of the second one. Next, you may not need toll-free numbers or circuits. A cloud or hosted system utilizes native SIP-trunking and local DID numbers throughout the country. Last, you’ll stock only the DID numbers you need because you can order individual numbers as you need them and where you need them. Excess inventory of unused DID numbers for premise-based systems is an added cost and a management issue. Eliminating these is a month-after-month savings for cloud-based and hosted solutions.

Technical Staff: It is possible to reduce or eliminate the need for a technical person. First, there is very little equipment on your site that can go bad: the computer workstations and a printer. Also, the connection you have to the Internet is provided and maintained by your Internet service provider as part of your monthly bill. Last, any system issues are immediately addressed by the cloud system’s technical staff, which is part of your monthly fee. You make a phone call, report the issue, and leave the rest to their professional staff. This is another month-after-month of savings with cloud-based and hosted solutions.

Maintenance: If you believe you are saving costs by doing your own maintenance, consider these questions. Are you fully utilizing your skills, talents, and, most of all, your time, in maintaining your system? Your business is answering the telephone. Who is working to grow your business when you are fixing your equipment? You cannot close an account if you are fixing your equipment; you cannot take a vacation if you are fixing equipment; you cannot spend time with your family if you are fixing equipment. And your equipment seems to have a sixth sense: it will wait until the most inopportune time to act up and demand your attention.

All these disruptions cost you your time. What maintenance issue is more important than your time? This is another month-after-month continuous saving with cloud-based and hosted systems that is more valuable than many realize. You may be able to cover the monthly reoccurring cost of a cloud-based or hosted system with the savings from your telephone bill combined with the savings from your maintenance and support fees.

Electric Bill: You can reduce your electric utility bill when you switch to cloud-based or hosted solutions. Older servers can draw as much as 500 watts each, 24/7. Dissipating the heat generated by these servers puts a load on an air-conditioning system and further runs up your utility bill. Eliminating these servers means less cost and another month-after-month savings.

Other Considerations: Additional ongoing monthly expenses that will not be part of a cloud-based or hosted system but which add up for premise-based systems include support and maintenances fees, equipment insurance, and the cost of floor space. These are monthly expenses for the life of the premise system that add up and come off your bottom line.

Large Expenses: Did you know you could eliminate the need for a large UPS (Uninterruptable Power Supply) and generator? You can remove the racks of batteries and the need to replace them every few years. You can avoid the significant expense of an electrician to wire the backup power system and maintain it. These are lump sum expenses that typically occur once or twice over the lifetime of a premise-based system. With a cloud-based system, you are able to replace an expensive backup power system with affordable, off-the-shelf components (for both a UPS and generator if you need it) from a local retail electronic store.

Additional one-time expenses that are not part of a cloud-based or hosted system are the initial system cost, sales tax, interest or lease expenses, freight cost, and your local in-house network upgrade. Plus, with a premise-based system, in five or six years you should expect to need a major system upgrade of either hardware, software, or both.

Wouldn’t it be spectacular to work on your business and not in your business? With all the savings that come from a cloud-based or hosted system, you can plan on having additional time and energy to maneuver your call center through the pitfalls of your business environment. You will save time and money, with more bottom-line results to show for it.

Alston Tascom is offering a no-charge “True Cost of Ownership” calculator that will compare up to five different buying decisions. Email info@alstontascom.com to request your no-charge calculator.

Wayne Scaggs is president of Alston Tascom, Inc., which offers premised-based and hosted contact center solutions.

[From Connection Magazine Jul/Aug 2015]