How callstats.io Monitors WebRTC Sessions Without Compromising Data Privacy

By Shaohong Li on July 19, 2019
read

Customers occasionally ask how callstats.io protects the privacy of the end-users monitored by our service. This is an obligation that callstats.io takes quite seriously. In this blog I’ll review some of the callstats.io architectural components and data flows, describe the personally identifiable information we collect, and explain how we securely transport and store data throughout its lifecycle. Refer to our Privacy Policy for a complete description of personal information types and protections.

Updated on 7 August, 2019 for clarity.

Two Types of Personally Identifiable Information

First, we must distinguish between two types of personally identifiable information (PII) we collect:

  1. Customer/visitor PII is provided by the employees of organizations that use callstats.io to monitor their communications services and visitors to our website. Customer data is very familiar to anyone who uses software as a service. Examples include employee names and email addresses. In addition, we may collect billing data for the organization that pays for the service, such as credit card data.
  2. End-user PII is data about the end-users whose communications quality are monitored by callstats.io. As explained below, end-users load the customer’s communications application in their browser, which incorporates the callstats.io libraries and instructs the browser to report call quality data to callstats.io. End-user PII examples include IP addresses and other data that the customer’s application may choose to send to callstats.io.

This blog focuses on how we protect End-user PII. Before organizations decide to use callstats.io, they often want to know how we protect their end-user’s PII from disclosure outside their organization. This blog answers that important question. For information about Customer/visitor PII, cookie policies and other topics, please refer to our Privacy Policy.

Multiple Safeguards Protect Personally Identifiable Information

callstats.io does not share End-user PII with third parties under any circumstances. Access to End-user PII is strictly controlled and limited to the customer’s authorized users (internal access) and a limited number of callstats.io employees (external access) for support purposes.

callstats.io is designed from the ground up to safeguard End-user PII and prevent disclosure to unauthorized entities. We logically partition and store data by customer organization using a multi-tenant architecture hosted in the AWS secure virtual private cloud infrastructure. The service is built and managed according to industry standards and AWS best practices. We replicate data across AWS availability zones for resiliency. We use advanced encryption mechanisms, authentication techniques and access control methods to safeguard data confidentiality and integrity while in transit and at rest.

The reference diagram below depicts in purple, the various callstats.io components used to capture, collect and analyze WebRTC service quality statistics.

 

Architecture diagram

Figure: callstats.io architecture

 

callstats.io clients gather WebRTC performance metrics from WebRTC endpoints and intermediary WebRTC elements (e.g. selective forwarding units, multipoint control units), and send them to callstats.io collectors for centralized storage and analysis. Examples of the metrics we collect include WebRTC packet latency, jitter and loss. We do not have access to media packets, nor can we forward them. Customer network administrators and operations personnel access the browser-based callstats.io dashboard to monitor service quality and troubleshoot problems.

The callstats.io service (collectors, dashboard and other core system components not shown in the diagram) is deployed in two distinct AWS Virtual Private Clouds (VPCs) in two distinct AWS regions: us-west-2 and eu-west-1. We replicate data across availability zones within each region for resiliency.

Personally Identifiable Information Received by callstats.io

The personally identifiable information (PII) received and stored by the callstats.io service is largely determined by the WebRTC application. Our client collects the IP address of the end-user (caller, contact center agent, etc.) device. Application developers may configure their software to forward additional information, such as telephone numbers or user IDs processed by the WebRTC application. 

In Amazon Connect contact centers, the callstats.io client can be configured to forward the customer phone number and the agent’s user name.

Multiple Security Mechanisms Prevent Unauthorized Access and Data Disclosure

The underlying physical and virtual infrastructure that powers the callstats.io service is secured by AWS, under its shared security responsibility model. We secure the applications and workloads that are deployed on the AWS infrastructure. To do this, we employ a comprehensive set of industry-standard security methods—protecting all callstats.io data flows, storage repositories and system interfaces—to prevent unauthorized access to the callstats.io service, and to ensure data privacy and integrity. We also adhere to a rigorous internal InfoSec policy; all employees are continuously trained on security threats, trends and best practices ensuring a strong data security mindset across the entire company.

We employ a number of security mechanisms to safeguard End-user PII and enable compliance with data protection regulations, including GDPR.  Specifically, we:

  • Authenticate callstats.io clients to prevent masquerading using JSON Web Tokens.
  • Encrypt data in transit using HTTPS to prevent eavesdropping and man-in-the-middle attacks
  • Encrypt data at rest using 256-bit Synthetic Initialization Vector (SIV) Advanced Encryption Standard (AES) to protect data confidentiality
  • Implement strong access control mechanisms to prevent unauthorized data disclosure

We encrypt data immediately as it enters the processing pipeline, and transmit it over a secure communication channel. Thus, the entire data processing and analytics pipeline operates on encrypted data. Data remains encrypted in storage and is decrypted only before it is sent to the dashboard (also over the secure communication channel). Once the data is decrypted, only authorized dashboard users can view it.

We store encryption keys and access credentials in a centralized, self-contained, HashiCorp Vault for safekeeping. For support purposes, a small number of authorized callstats.io employees can gain temporary read-only access to end-user PII, in encrypted-form only.

The Best of Both Worlds: World-Class Monitoring and Strong Security 

callstats.io understands the trust its customers place in us to protect their end-user’s privacy. We’ve engineered our service to protect end-user PII from unauthorized disclosure and we never share end-user PII with third parties.

The service is built and managed according to security best practices and standards, and leverages a wide range of security measures to protect against a wide array of threats. We implement strong authentication and access controls to safeguard services, and encrypt data at rest and data in transit to protect privacy and prevent unauthorized disclosure.

To learn more about how callstats.io can help you monitor WebRTC service quality without compromising data privacy contact callstats.io sales today.