Data Protection, Privacy, and Compliance in the Cloud

Maya Middlemiss

Embedding a privacy mindset at the platform level protects all users

Data Protection, Privacy, and Compliance in the Cloud

For NICE CXone’s customers to trust the platform with their customers’ personal data, it’s reassuring to learn about the considerations and approaches which underpin the interface – so it becomes one less thing for them to worry about, being fully outsourced on a subscription basis.

As Allon Rodin, Principal Sales Engineer at NICE CXone, explained, “customers take comfort in the fact that we are so focused on security and compliance, that they know it’s taken care of.”

“This includes aspects like physical security, the actual hosting platform, and our geographically diverse data centres, and compute and storage – microservice architecture, and serverless capabilities.”

Secure by Design

This approach to information security has enabled NICE CXone to achieve external standards too, for the reassurance of all users.  This includes FedRAMP in the US – a government-wide program that provides a standardised approach to security assessment, authorisation, and continuous monitoring for cloud products and services. 

“I believe we’re the only native cloud contact centre solution that’s presently FedRAMP authorised,” Rodin explained, “and that means we’re externally audited annually for baseline compliance, enabling us to strive for continual improvement in that area.

“It speaks to the maturity of the processes and mechanisms that we’ve developed, and the way we continue to refine these, to maintain this authorisation.

“This means we can provide reassurance that we’re focused on security and compliance from multiple perspectives. As well as compute and storage, we’re looking at our network and ensuring everything is encrypted, both in transit and at rest. Security management operates 365, 24/7. And there are further layers like role-based access and multifactor authentication.”

Access controls like this are increasingly vital, now that contact centres are truly decentralised work-from-anywhere activities. “Data breaches are top of people’s minds today, and customer service is a global activity – so we have to support our clients to comply with GDPR in Europe (including the ‘right to be forgotten’), as well as different standards in the US, especially California. My impression is that these kinds of requirements are becoming better understood, not just by organisations but by their customers and data subjects, who are sharing all kinds of information digitally now – so for example, to serve the needs of our customers in the medical profession/industry, we need to help ensure HIPAA compliance. NICE CXone is not a system of record, we don’t hold that data, but we provide the system of engagement – which makes our compliance critical as a platform.

Compliance for Continuity

Granular role-based access to the platform also supports business resilience and robustness, enabling NICE CXone to offer industry-leading levels of security, uptime and availability – also in line with changed user expectations, for access to brands and businesses on their own preferred schedule.  

“We leverage DevOps and fault-tolerant architecture, so if there’s an outage in one area we automatically failover to another route where the application is running,” Rodin explained. “We’re architected in such a way that, for example, if someone is using REST API calls to reach into our platform, which is stateless by nature, our implementation maintains the appropriate back-end state that is persistent in any failover, providing continuity to the client.” 

“We’ve really invested a lot of money, time and effort in developing a platform that is extremely robust, highly resilient, and fault-tolerant – which reflects user expectations in today’s work paradigm,” he concluded.

For more information on CXone security and compliance, visit:



Join our Weekly Newsletter