Best Practice on Securing Voice Assist

Disclaimer

The Best practice on securing Mitel Voice Assist section is provided "As Is" and without warranty. In no event will Mitel Networks Corporation or its affiliates have any liability whatsoever arising from in connection with this document. You acknowledge and agree that you are solely responsible to comply with any and all laws and regulations in association with your use of CloudLink and/or other Mitel products and solutions including without limitation, laws and regulations related to call recording and data privacy. The information contained in this document is not, and should not be construed as, legal advice. Should further analysis or explanation of the subject matter be required, please contact an attorney.

Introduction

Mitel Voice Assist is a managed cloud service built on the robust and secure CloudLink Platform. A shared responsibility model exists when operating in Cloud and Mitel will handle the security responsibilities of the infrastructure, however, the customer is responsible for the administration and customization of the services and applications they use. The proceeding sub-sections will provide references to security and privacy related documentation for the CloudLink Platform, what is the customer's responsibility, what data is being captured by Voice Assist, and provide some best practices on how the customer can handle their security responsibilities.

CloudLink Documentation

The following links provides details around the security and privacy topic for the CloudLink Platform:

Customer's Responsibility

In the Cloud, the customer is responsible for managing their own accounts and users and ensure their users have the appropriate permissions assigned to them. Any customer managed data (data which the customer inputs to the system) is the customer's responsibility to ensure the information is entered with privacy in mind and conforms to any regulatory and regional laws. In addition, the customer is responsible for any local networking configuration (typically firewall rules) to ensure network connectivity between their users and CloudLink.

The Mitel Voice Assistant customer responsibility include:
  • Proper administration of their users and the user's permissions from the Mitel Administration. Mitel Voice Assistant administration access requires a local administrator role or higher.
  • Local firewall configuration to ensure the administrator can access the Mitel Administration:
  • Proper configuration of routing, integrations, and numbers in a secure, private, and compliant manner if the customer must adhere to compliance requirements.

What Data is Being Collected with Mitel Voice Assistant

Mitel does not perform analytics or use the data for alternate use on the customer managed data related to Mitel Voice Assist. The Mitel Voice Assist solution does collect logs which the system generates for the purpose of security, maintenance, product improvement and troubleshooting. More details are presented in the Mitel Global Terms of Service around data collection and usage.

Best Practices for Administering Voice Assistant in a Secure, Private, and Compliant Manner:

  1. Assigning users with the appropriate role, only enable users as Account Admin role to those users that are required to modify Voice Assist configuration as they will be allowed to perform Add/Edit and Delete Routes.
  2. Name the activities in the Route->Workflow Editor appropriately, do not name the branches activity with privacy information.
  3. Do not share credentials as each modification to the flow will display who updated the flow, this will provide a view on who made the last change.