[cisco-voip] Nuance And Their Lack of Enterprise Security

Jon Shay tucsonwireless at gmail.com
Fri Nov 13 18:38:11 EST 2015 

Sorry for the late reply.

The requirements were stated in writing and an SOW was created out of that
but the requirements were missing (and we missed it wasn't in there at
signing). The security scan is what reminded us to put on the defect
tracker. However, had it been in there they would had shot it down because
they are refusing to adhere to modern day security practices. Their words
not mine. I'd cut and paste what they stated word for word and include the
person's name and e-mail but I think that would be going too far.

We were already contracted with their services before this project to move
to UCCE so we really didn't have a choice but use them regardless of their
stance on security. Once the contract expires we'll be looking at whether
speech enablement and and their our services are truly needed going forward.

I'll start a new thread but I'm wonder what everyone's take is on speech
enabling their IVR and if the juice is worth the squeeze.


On Tue, Nov 10, 2015 at 2:49 PM, Jason Aarons (AM) <
jason.aarons at dimensiondata.com> wrote:

> Did you put out an Enterprise RFP and require HTTPS in the design phase J
>
>
>
> I would recommend you submit a product enhancement request to the Nuance
> Account Manager and involve them.  I’m sure it’s on a list somewhere to-do
> you just need to give them a business reason that is 7 figure.  A
> Enterprise CIE telling them you’re putting it on hold and stopping payments
> usually gets noticed.
>
>
>
> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf
> Of *Jon Shay
> *Sent:* Tuesday, November 10, 2015 1:16 PM
> *To:* cisco-voip at puck.nether.net
> *Subject:* [cisco-voip] Nuance And Their Lack of Enterprise Security
>
>
>
>
>
> Anyone use Nuance in their Contact Center(s)? We have been for a handful
> of years between two different ACDs. We're in a current project moving from
> one ACD to a new ACD vendor and an interesting tid-bit came out during a
> security vulnerability scan.
>
>
>
> Most if not all of the interfaces to their applications are web-based and
> the scan identified one of their products using HTTP instead of HTTPS. We
> asked them to secure it and here is what they said - "No. It is designed
> that way. If you want security put it behind a firewall to properly secure
> it." Whaaaat?
>
>
>
> So they are charging enterprise pricing for this application (7 figures)
> but they tell us to take a hike and use a FW to make up for lack of
> programming skills.
>
>
>
> Has anyone else had issues similar to this with Nuance? Did you have a
> means to resolve it without legal action? Do you recommend any other speech
> vendors that understand enterprise security?
>
>
>
>
>
>
>
> itevomcid
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20151113/1588740d/attachment.html>

More information about the cisco-voip mailing list