Last month, more than 1000 voice recordings captured by Google Assistant were leaked without users’ knowledge, each one allegedly containing personal data, private conversations and identifying features about the voices thereon. The fault allegedly lies with a contracted language expert who was hired to improve the AI assistant’s understanding of natural human language, but who breached security protocols instead.
Unique as it may be, Google’s case has cast a spotlight on the security of voice recording storage and access protocols across the world. Voice recordings are becoming increasingly integral to business operations today - whether you’re capturing voice data for regulatory reasons, to track down an incident or breach in contract, or to build AI applications and measure your customer sentiment. But while capturing human conversation has never been more essential, it can be detrimental if it finds its way into the wrong hands.
Most Australian and global businesses store voice data in their own data centres or in an on-premises setup. Historically, this was the way to capture voice data - where it was recorded. But in the cloud age, it’s fascinating to see so many companies - whether SMBs or enterprises - clinging on to legacy practices despite the security benefits of cloud storage proving vast. Well-designed cloud boasts more stringent features and protocols than any traditional on-premises data centre, and voice data captured by call recording need to be included in the migration:
Physical security of cloud data centres is paramount. With geographically redundant sites, cloud providers such as AWS do not publicise the location of their data centres. Access to these data centres is strictly regulated, with limited access to anyone outside of the handful of staff (of which most are security) on-site to manage these sites.
By comparison, in any large enterprise’s server rooms, multiple employees need access to the physical infrastructure, and consequently the data therein. Recorded calls downloaded to local storage are therefore much more vulnerable to theft, damage, or tampering than those stored in the cloud.
What’s the worst-case scenario? Individuals with malicious intent can literally walk in and out with hard drives. Physical protection of files in on-premises data centres is therefore not guaranteed, especially if not encrypted correctly by in-house IT teams. Should someone get access to an on-premises server, it is quite possible to download entire volumes of data, including mp3s of recorded phone calls, in no time at all, increasing the number of people potentially impacted in a breach. Cloud platforms like AWS have much stricter access protocols that prevent any large-scale tampering.
Technical data loss
On-premises setups typically don’t have strong processes in place to prevent technical data loss in the same way that a large-scale public cloud server would. For example, having only one on-premises server means that fire, natural disaster or power shortages could destroy all recordings. And you’ve got far more chance of a backup going missing or an upgrade being neglected in an on-premises data centre if you’re relying on IT teams to expand and troubleshoot your entire customer base’s data.
Off-premises data centres that underpin cloud services are cost-effective, scalable and practical, taking care of technological concerns for you. You also get unlimited storage, eliminating the risks, stress and costs involved with physically adding a terabyte of storage to your infrastructure if needed.
Most enterprises don’t have a formalised plan of attack when it comes to giving people access to on-premises files or software. There are usually multiple administrators looking after multiple devices and folders, and it’s not uncommon for IT staff to log in to software consoles undetected in order to perform an update or expansion in a hurry. Unless all access activity is being collated, tracked and timestamped, you might not even know what’s happened before it’s too late. Without these stringent access protocols or proper audit trails, there is a higher risk of the wrong people entering the system and causing havoc.
With public cloud storage, you automatically get to leverage security compliance certifications in different regions that a company alone wouldn’t be able to achieve in their own data centre. In fact, one of the key drivers for cloud migration is that voice data stored on-premises rarely qualify for the compliance certifications you’d need as a major company. Some of the largest enterprises in Australia are struggling to gain certification with on-premises data centres, as regulation is just so subjective and processes in each company so unique.
Security does not start at home
To ensure customers feel that voice data is secure, and also to comply with changing regulations like the GDPR, businesses need to examine their voice data storage. In the past, many organisations saw on-site storage as the best option, but the rise of the cloud has shown the benefits of cloud storage over on-premises solutions.
With the above concerns in mind, on-premises legacy platforms need to be rolled into cloud migration strategies, and new tech platforms must be explored to keep customer’s voices heard - by intended ears only.