[cisco-voip] Nuance And Their Lack of Enterprise Security
Jason Aarons (AM)
jason.aarons at dimensiondata.com
Tue Nov 10 16:49:26 EST 2015
Did you put out an Enterprise RFP and require HTTPS in the design phase ☺
I would recommend you submit a product enhancement request to the Nuance Account Manager and involve them. I’m sure it’s on a list somewhere to-do you just need to give them a business reason that is 7 figure. A Enterprise CIE telling them you’re putting it on hold and stopping payments usually gets noticed.
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Jon Shay
Sent: Tuesday, November 10, 2015 1:16 PM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Nuance And Their Lack of Enterprise Security
Anyone use Nuance in their Contact Center(s)? We have been for a handful of years between two different ACDs. We're in a current project moving from one ACD to a new ACD vendor and an interesting tid-bit came out during a security vulnerability scan.
Most if not all of the interfaces to their applications are web-based and the scan identified one of their products using HTTP instead of HTTPS. We asked them to secure it and here is what they said - "No. It is designed that way. If you want security put it behind a firewall to properly secure it." Whaaaat?
So they are charging enterprise pricing for this application (7 figures) but they tell us to take a hike and use a FW to make up for lack of programming skills.
Has anyone else had issues similar to this with Nuance? Did you have a means to resolve it without legal action? Do you recommend any other speech vendors that understand enterprise security?
itevomcid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20151110/76404749/attachment.html>
More information about the cisco-voip
mailing list