Teleperformance Gains Competitive Edge and Comprehensive Regulatory Compliance with Vormetric Data Security
Teleperformance is a globally recognized outsourced CRM services, contact center solutions, debt collection and social media company. With revenues approaching $3 billion, the Paris-headquartered group’s 135,000 employees operate over 260 contact centers spread across 49 countries.
The large number of diverse applications and associated data – including call recording systems and CRM packages from multiple vendors, as well as Oracle and Microsoft SQL Server repositories – created significant obstacles in many areas, including data integrity and security.
Christian Muus, director of security for Teleperformance EMEA, commented, “We considered using the native encryption capabilities included in each of our applications but quickly saw that this would be unreasonably expensive and too complicated to manage given the number of different servers and applications. The result would have been added complexity and administration overhead requiring us to hire new people with the appropriate expertise, or greatly extend the training for our existing application teams to create internal experts in each area.”
“The need for robust encryption was being driven by our clients and also regulatory standards like HIPAA-HITECH, PCI DSS, ISO 27001 as well as European Union and country specific data protection requirements,” recalled Muus. “Sensitive end-user data, such as but not limited to credit card details and personal identifiable information, are collected in so many of our applications that we made a decision to encrypt all of our clients’ applications and databases.”
The scale and pace of Teleperformance’s operations dictated the need for an easy-to-manage, agile encryption and key management solution.
Teleperformance originally used the native encryption capabilities available from its Microsoft SQL Server and Oracle Enterprise environments but the overhead associated with implementations – including data structure considerations, defining key and certificate management strategies, setting administrative rights, etc. – was becoming unacceptable. Every new instance required additional design and operational discussions.
Following a detailed analysis of viable options, Muus and his team made the decision to implement Encryption and Key Management solutions from Thales eSecurity, purchased though Thales eSecurity channel partner SHI International Corporation.
He stated, “We were excited when we found the Thales eSecurity solution; it gives us a consistent view of all encryption across the company, and allows us to encrypt information without having to be concerned about the application associated with the data or change business processes.
“We are continually rolling out new servers and applications, so ease of deployment is very important. It turned out that implementing Thales eSecurity was simple, and since the solution is transparent to applications, installation was easy and straightforward.”
Cost justification for the investment in Thales eSecurity proved to be equally clear-cut. Muus reflected,” We did a cost comparison for just one system – a call recording package – and found that if we had purchased the application-specific encryption add-on from the vendor, it would have been more expensive than buying Thales eSecurity for our whole environment. So, not only did we save money by buying Thales eSecurity to protect that single application, we can use it to protect everything else too!
“We’ve also saved money and increased reliability by reducing the overall complexity of encryption and key management, and by being able to administer the whole environment centrally. The interface is so intuitive that it is extremely easy to quickly become proficient.”
Teleperformance takes great pride in ensuring that its infrastructure exceeds stringent regulatory and information security management system requirements. The Thales eSecurity solution provides the company with a critical capability to secure and protect its massive amount of diverse data. Muus stated, “Our external regulatory auditors are big fans of Thales eSecurity; they always are impressed with the comprehensive access control-based separation of duties that Thales eSecurity provides.
Across the whole company we only have three people with access to our encryption keys; even application administrators cannot access the application’s data despite having administrative rights for the whole server. And furthermore, the three people that are sanctioned to access our encryption keys don’t have access to the systems or applications. This is exactly the separation of duties required by standards like PCI DSS.”
Encryption technologies have traditionally imposed a discernible load on system performance. Muus initially shared this concern but when asked to quantify the impact of implementing Thales eSecurity his succinct reply was, “None!”
He elaborated, “From a performance perspective, our users are completely unaware that encryption is taking place. This was our biggest concern, and in the end, it turned out to not even be an issue.”
Teleperformance’s IT environment is structured to provide each country with unified central services as well as country-specific decentralized local services. “The Thales eSecurity solution is flexible enough to allow us to have one centrally managed Thales eSecurity system and still meet each country’s specific requirement for protecting applications and data. Thales eSecurity enables encryption to run smoothly,” explained Muus.
“The Thales eSecurity solution is so impressive that in addition to client and customer data we now use it to encrypt our own critical internal data.” He concluded, “ Thales eSecurity gives us the performance, scalability and flexibility we need to stay ahead of our competition.”