Security Importance Q & A with Solution Engineer, Ken March 23, 2021 AMC knows trust and security are some of the biggest considerations when choosing a contact center solution. I caught up with one of our solution engineers, Ken Rush who has helped lead recent security efforts at AMC. It is definitely worth the read to understand how and what AMC does to exceed modern technology standards and make customers trust DaVinci. How does AMC exceed security standards for DaVinci? It starts at the top with a commitment to security. We secure our business processes in every phase of development and operation. Securing Cloud solutions such as DaVinci is a corporate-wide effort. In traditional premise deployments, security was incumbent on the customer. It meant building walls and motes around the corporate IT center. Today, when going to the Cloud, security is the responsibility of the solution provider, and due to the scope and magnitude of Internet security risks, security must be integral to every business activity. Then security is accomplished through our solution approach and architecture. DaVinci has a minimal cloud information and activity footprint. The smaller the footprint, the less exposure, and the less risk. DaVinci does not process or maintain any end-customer information in the Cloud. As a XiPaaS all information the integrated contact channels business application are the information sources and repositories. Once the user is logged in and working, all DaVinci information is processed within the user’s browser session, and never leaves the enterprise. DaVinci only stores customer configuration profiles and agent (user) accounts in the Cloud. User accounts can be structured so they do not hold any PII (personal identification information). What does the STAR 1 Certification mean for AMC? Star Certification provides transparency and assures our customers that AMC has followed and is complaint with industry security standards. They can quickly assess AMC’s software, DevOps and business security compliance, and be confident in the security of our solutions. The Star Certification assessment (CAIQ – pronounced “cake”) is our guide, roadmap and template in properly securing our solution and business processes. We already had processes in place to and met essential security needs, but Star Certification brought organization, discipline and rigor to our security efforts. What did we have to do in order to receive the STAR 1 Certification from CSA? It was a company-wide effort: literally every person at AMC played an important role in examining in detail product and business security. At the end of this team effort we all share a common security knowledge and understanding, and we all share a deep commitment to security. What are the next immediate steps in our security program? There are three immediate steps to our security program: There are on-going security efforts in all teams that we address each Sprint and each quarter. Each Sprint we review our Azure DevOps security score and make sure we keep it above 95%. Microsoft is always updating the security factors, and we keep up every Sprint. We also conduct quarterly security audits to make sure that we keep our security processes up-to-date with changing environments, products and business processes. There are a set of technical enhancements we know we are implementing to meet future security requirements. The biggest is the ability to deploy DaVinci Cloud to different Azure regions. Although no end-customer information is handled in the Cloud, many regions have requirements to run Cloud services locally. And we will meet that obligation. Updating the CAIQ on an annual basis. After just one quarter our CAIQ filing is already out-of-date as we have addressed some a few gaps and changed some procedures. In your own words, why is AMC a secure product? Eternal vigilance. AMC solutions are secure because security is engrained in ourselves and everything they do. We are very aware of the security needs of our customers and our products. What are the biggest questions and answers you receive about AMC’s security? We start our sales presentations with security discussions, because we know that this is and should be the number one concern of all Cloud customers. All customers ask about their customer data security and privacy. As I’ve mentioned, this is easy because DaVinci does not process or store any end-customer information in the Cloud. (Just the configuration profiles and agent user accounts.) Everything is either handled outside Davinci, within the integrated systems, the contact channels or the CRM application, or within DaVinci agent browser session – so it never leaves the enterprise. Large enterprises have security groups within their IT departments, and they require a thorough vetting of AMC’s security approach. They usually are more concerned with how we will integrate AMC’s security processes with their internal processes. Typically they have their own questionnaire that is similar to the CAIQ, and it takes about two, three, four or more meetings to get the security green light. Smaller organizations are more agile in their approach. We have similar discussions, but they are not necessarily as structured. What makes you most excited about our security standards? Personally, security has been an incredible professional growth area over the last year. I was honored to be chosen by Tony last year to kick off the review and write up our current security state and research the certification process. I went from having a general fear of the Internet to having a rational fear of the Internet, to being able to rest more peaceful at night. How would you explain to an intern that DaVinci is a secure product? That is actually something I get to do. I tell them as I’ve said here that security is the most important thing for any Cloud application. Even more important than the features and functions of the solution! As they are brought onboard, every employee, interns included, has to take a third-party course in Internet and Cloud security, and then we conduct an internal training session on AMC’s approach to security. There are two key points: 1) the Cloud changes the security responsibilities, we as the Cloud iPaaS must provide a secure solution to our customers; and 2) for everything they learn and program DaVinci apps, they need to understand the security risks and requirements, so that what they develop will maintain the security perimeter. Why is security such an essential consideration for organizations today? Organizations that use Cloud applications have no control over the security of their solution. The Cloud provisioner and the application providers are responsible for securing their information. So every organization when it goes to purchase Cloud services needs to do due diligence to confirm the security and the on-going security approach of their suppliers. That is why all of our sales begin with a security discussion, and why AMC is transparent and keeps our certification up-to-date. Ken Rush has a longstanding history at AMC and is actually a boomerang employee who returned to AMC after taking a few years off. Who says you only live once? He’s worked at enterprises, start-ups and SMB in a variety of technical roles including development, documentation, QA, training, product release, sales, support, implementation and product management. He shares, “There is little need left to stroke my ego, I work only for product success. I love the contact center problem space, love solving problems and growing new corn in fields old and new. Thus, I truly enjoy the mix of roles the solution engineer gets to play, and the excitement of working for a startup-spirited company.” Ken’s Hero: Ulyses S. Grant. And my anti-hero is Lyndon Johnson. Two men of polar opposite characters who championed equality and opportunity. Grant was pure but ineffective; Johnson: corrupt and effective. AMC Technology meets and exceeds modern technology standards for our DaVinci platform, applications and operations against unforeseen circumstances. With regular audits of our security implementation internally and through vendor certifications, strong encryption protocols and the maintaining of industry standards, we give organizations confidence in trusting us to manage their contact center’s security. For more details about DaVinci’s security, please visit our Trust and Security Page, here: https://www.amctechnology.com/trust-security/ Mariah MaysMariah spends her days in Illustrator and marketing stat spreadsheets at AMC Technology. She enjoys summer days outdoors, exploring the food scene in RVA and spending time with her husband, son and dog.