CTI servers send very sensitive data collected during IVR interaction with the customer. Most of the time this is account numbers, pin numbers or other data items that are used for authenticating the caller. In this day and age we cannot transmit this data unencrypted. Any one can snif the credentials or the account number data off the wire.
Cisco must enhance GED-188 protocol to support encryption. We looked at custom solutions such as host to host vpn or proxy based solutions. These solutions are one off and introduce their own vulnerabilities. Additionally in high available architecture in which CTI operates there are multiple hosts making the one-off solution very complex. Also every CTI application inside our organization has to implement a custom solution to remove the risk. This makes it very expensive and quite impractical.
I would think this is a problem for any bank, insurance or retailer. Cisco should seriously consider supporting SSL on top of GED-188.
Please sign in to leave a comment.