Data Flow in Eleveo - Security by Design

This page describes how data flows through Eleveo products and what security is provided by the Platform. This page will be of interest to Compliance Analysts as it details where and how data is stored within Eleveo products and how it is secured.

Imported Data

Data is imported to Call Recording via the following methods:

1. Eleveo protocol drivers record information that the Unified Communications / Contact Center shares with the endpoints. (This may include IP telephony data, signaling, and media streams.) 

2. External data generated by third-party call control system is captured by the recording solution and saved to Eleveo.

3. External data passed by agent action using Eleveo API's.
   

Three sets of Metadata are available:

1. Basic Call-Related Data (Dialed number / IP addresses, dialing number / IP addresses)

2. Call-Related User Data

   1. Names

   2. E-mails

   3. Chats

   4. Recorded Audio and Video, Voice Recognition Data and associated Meta Data

3. Agent-Related Configuration Data.

The following external metadata are collected and stored (in addition to the call itself):

• Who handled the contact: Agent ID, Agent Name

• The selected skill group to which the call will be routed

• Which Service has been requested by the customer

• Additional call-related properties: Call Variables, Wrapup data, Entered digits

• Other call identification properties: Call ID, ANI, DNIS, Peripheral IDs

• Data generated by managers when scoring or evaluating agents, performing surveys or gathering feedback

• Comments appended to calls directly within Call Recording.

For further information on the integration available see Integration with Contact Centers. Links are provided for platform-specific documentation.

Data Export

Data can be exported from the solution through the following primary methods. Although individual calls or recordings can be replayed, exported and tagged within the solution bulk export is only possible through the following methods:

1. API access is provided by Eleveo (see API Developer Guide)

2. Manual export through the command line. (Server-level access and advanced knowledge of Linux commands required- for examples see Strategy for Regular Backup and Disaster Recovery and Backup Tasks for Kubernetes and Legacy Applications)

3. Manual export from within the Web User Interface (User permission dependent). Encrypted data will be decrypted automatically before being exported.

4. Automatic Archiving processes may also result in data being sent to external storage. (Archived data remains encrypted) 

5. Emails: It is possible to send recordings as an email from within the WebUI. (Administrators should ensure that the email servers are configured to use secure channels and that Users are aware of the risks associated with sending data outside of the organization.) User Groups can have permission to send emails revoked by following the steps described under Managing user groups.

The API is not outward-facing, that is to say, its availability is currently limited to specific features such as Finesse Gadgets which utilize the API.

What PII is Collected and Where Is It Stored

Personally Identifiable Information (PII) stored within the Suite of products is highly dependent on the data available in supported platforms. Each vendor has different data models.  Available data may include agent names, contact details, emails, user management data, the content of calls, chats, emails, video recording, and more.  It is the customer's responsibility to have awareness of the standard and custom data imported into the Platform. In addition to the structured data provided by third-party vendor solutions, omni-channel interactions (webchat, email, voice, etc.) and screen recording may also contain PII data.

By default Eleveo collects:

• Agent Names

• Client email

• Client phone numbers

• Additional metadata provided as call attached data

The data is stored within the Eleveo database with limited access. Media files encrypted by the Key Manager remain encrypted even if archived by the Archive Tool. The specific installation and configuration utilized at deployment will affect where the PII data is stored. For an overview of the default architecture, see Supported Deployments.

Data Flow Within the Products

The following paragraphs briefly describe where and how data is stored and/or transmitted through the architecture.

Data at Rest

Signaling and RTP streams are processed by the Protocol Adapters or the Call Center Integration (the Capture Layer) after which all data is sent to the core. Call Data (audio and video) is stored on a mounted file system with the exception of archived files that may be stored on a mounted file system or S3. From the perspective of data protection it is recommended that administrators implement transparent data encryption and ensure that the system is protected against unauthorized access.

Metadata, emails, and chats are stored in PostgreSQL and Apache SOLR.

Data in Transit

Data moves into the system via the Protocol adapters, Call Center Integration or the User interface. In general, the core manages the flow of data between and within the various components. Data will flow from the Recorder and Decoder servers through the core to the Database, as well as Temporary and Permanent File Systems. The core is also responsible for providing APIs for third-party applications. Data can be introduced to the system in various ways, these include:

• HTTP/HTTPS (web interface)

• SIP/SIPS

• RTP/SRTP streams

Internally the system primarily uses the following protocols for moving data:

• HTTP

• RMI (Java Remote Method Invocation)

• JDBC (Java Database Connectivity)

• NFS (Network File Systems) additionally transfer media files between server nodes

The default configuration for internal data in transit anticipates that the system is configured in a secure manner and only authorized individuals have access to the system and its network.

Encryption

To ensure the authenticated and encrypted transmission of data across networks, including within and between clients and servers in distributed systems it is necessary to configure the Key Manager. One of the functions of the Key Manager is to manage this secure transmission, including automatic transparent renewal of authentication certificates when they expire. The encrypt tool can be found at /opt/callrec/bin/encrypt on a default Call Recording server installation is used to encrypt un-encrypted media files or re-encrypt compromised media files (the encryption keys are no longer valid or safe).

Configuring the Key Manager will ensure that all data sent between internal servers remain secure. Encryption and decryption are performed by the Key Manager in conjunction with tools like the Archive, Restore and Synchro Tool to ensure that data remains secure while at rest and while in transit. The encryption of media files, such as MP3s, when in transit between the media server and the replay server is especially important in the event that a deployment has geographically separated servers connected, such as in the case of a Multi-Server or Cluster Configuration but remains important even within a single server deployment. 

On recorder replay architecture where servers are located at more than one geographical location, Eleveo relies on the client's network-level security. When data is sent between locations it is recommended that the connectivity be protected via an encrypted VPN.

It is recommended that a single Key Manager be utilized per cluster. It is necessary that all clusters share the same keys (usually stored in /opt/callrec/keys and in the DB table callrec.managed_keys) otherwise, there will be a problem with the decryption of recorded data across the cluster.

Target Storage

Eleveo recording servers are configurable during setup see Setting up the Eleveo Server Node for detailed steps required during installation.

Please note that the use of Email for exporting recorded data is inherently insecure as it is not always possible to determine how secure the email client is.

Users should be wary when sending recordings via email as such actions are not in compliance with the recommended security policy and therefore the solution would not be GDPR Compliant.

Administrators can disable the sending of emails by following the steps described under Managing user groups. User groups should NOT have permission to Send Calls to Email.

Audit Logs

There are several distinct Audit Logs generated by Eleveo Products. Both Quality Management and Call Recording generate Audit Logs based on user activity. They can be viewed from within the Web UI. Similarly, the Quality Management audit log can be viewed and exported in Excel format. For up to date, detailed descriptions of these Audit Logs please refer to the relevant documentation:

• For more information about the Call Recording Audit logs please refer to Viewing the Call Recording Audit Tab.

• For more information about the Quality Management Audit logs please refer to Audit Log.

Architecture

Depending on the version of Call Recording and Quality Management you have installed your Architecture may vary. This page is not a comprehensive breakdown of the system architecture nor is it intended to be used during security assessments. Please review the relevant documentation related to Supported Deployments for more details. Responsibility for system-wide security remains the responsibility of clients as network security is dependent on the particular configuration utilized on-site. 

Recording Architecture - How It Functions

The architecture is divided into three distinct layers. The Capturing Layer, the Storage layer, the Management layer. Additionally, there are monitoring modules that are somewhat separate from the primary architecture.

• Capturing layer: Responsible for Capturing RTP streams and Meta Data 

• Storage layer: Data is saved to the database (metadata) or media storage (media files)

• Management layer: Provides access to Web UI and Media Lifecycle Management.