AWS connect documentation change
Summary
Renamed 'Amazon Connect' to 'Connect Customer' throughout the document and updated related service references (e.g., 'Amazon Connect Voice ID' to 'Connect Customer Voice ID'). Security mechanisms and data handling practices remain unchanged.
Security assessment
The changes are purely branding/naming updates without modifications to security controls, encryption methods, access mechanisms, or vulnerability disclosures. All security-related descriptions (encryption at rest, segregation by account/instance, access controls) retain their original technical substance with only service name replacements.
Diff
diff --git a/connect/latest/adminguide/data-handled-by-connect.md b/connect/latest/adminguide/data-handled-by-connect.md index d55751778..acf04ac17 100644 --- a//connect/latest/adminguide/data-handled-by-connect.md +++ b//connect/latest/adminguide/data-handled-by-connect.md @@ -9 +9 @@ External application dataPhone call mediaCall recordings and screen recordingsCo -# Data handled by Amazon Connect +# Data handled by Connect Customer @@ -11 +11 @@ External application dataPhone call mediaCall recordings and screen recordingsCo -Data held within Amazon Connect is segregated by the AWS account ID and the Amazon Connect instance ID. This ensures that data can be accessed only by the authorized users of a specific Amazon Connect instance. +Data held within Connect Customer is segregated by the AWS account ID and the Connect Customer instance ID. This ensures that data can be accessed only by the authorized users of a specific Connect Customer instance. @@ -13 +13 @@ Data held within Amazon Connect is segregated by the AWS account ID and the Amaz -Amazon Connect handles a variety of data related to the contact center, including but not limited to the following categories. +Connect Customer handles a variety of data related to the contact center, including but not limited to the following categories. @@ -33 +33 @@ Amazon Connect handles a variety of data related to the contact center, includin - * **Voiceprints** – When Amazon Connect Voice ID is enabled, a voiceprint is created from the customer's voice for future authentication. Similarly, a voiceprint is created while registering a fraudster in the Voice ID system for future fraud detection. + * **Voiceprints** – When Connect Customer Voice ID is enabled, a voiceprint is created from the customer's voice for future authentication. Similarly, a voiceprint is created while registering a fraudster in the Voice ID system for future fraud detection. @@ -35 +35 @@ Amazon Connect handles a variety of data related to the contact center, includin - * **Speaker and Fraudster Audio** – When Amazon Connect Voice ID is enabled, the audio used for enrolling speakers and registering fraudsters is stored so that Voice ID can re-enroll and reregister them in future when there is a need to do so. + * **Speaker and Fraudster Audio** – When Connect Customer Voice ID is enabled, the audio used for enrolling speakers and registering fraudsters is stored so that Voice ID can re-enroll and reregister them in future when there is a need to do so. @@ -42 +42 @@ Amazon Connect handles a variety of data related to the contact center, includin -Amazon Connect stores the following Personally Identifiable Information (PII) data related to your customers: +Connect Customer stores the following Personally Identifiable Information (PII) data related to your customers: @@ -46 +46 @@ Amazon Connect stores the following Personally Identifiable Information (PII) da - * If you are using Amazon Connect Customer Profiles, all this data could potentially be PII. This data is always encrypted at rest using either a customer managed key or an AWS owned key. The Amazon Connect Customer Profiles data is segregated by the AWS account ID and the domain. Multiple Amazon Connect instances can share a single Customer Profiles domain. + * If you are using Connect Customer Customer Profiles, all this data could potentially be PII. This data is always encrypted at rest using either a customer managed key or an AWS owned key. The Connect Customer Customer Profiles data is segregated by the AWS account ID and the domain. Multiple Connect Customer instances can share a single Customer Profiles domain. @@ -48 +48 @@ Amazon Connect stores the following Personally Identifiable Information (PII) da - * For outbound campaigns, Amazon Pinpoint passes customer phone numbers and relevant attributes to Amazon Connect. On the Amazon Connect side, these are always encrypted at rest using either a customer managed key or an AWS owned key. The outbound campaigns data is segregated by the Amazon Connect instance ID and are encrypted by instance-specific keys. + * For outbound campaigns, Amazon Pinpoint passes customer phone numbers and relevant attributes to Connect Customer. On the Connect Customer side, these are always encrypted at rest using either a customer managed key or an AWS owned key. The outbound campaigns data is segregated by the Connect Customer instance ID and are encrypted by instance-specific keys. @@ -55 +55 @@ Amazon Connect stores the following Personally Identifiable Information (PII) da -Amazon AppIntegrations enables you to integrate with external applications. It stores references to other AWS resources and client-service specified metadata. No data is stored other than incidentally while being processed. When syncing data periodically with an Amazon Connect service, data is encrypted using a customer managed key and stored temporarily for one month. +Amazon AppIntegrations enables you to integrate with external applications. It stores references to other AWS resources and client-service specified metadata. No data is stored other than incidentally while being processed. When syncing data periodically with an Connect Customer service, data is encrypted using a customer managed key and stored temporarily for one month. @@ -59 +59 @@ Amazon AppIntegrations enables you to integrate with external applications. It s -Amazon Connect is in the audio path for calls handled by the service. It is therefore responsible for relaying the call’s media stream between participants. This can include the audio between a customer and a flow / IVR, the audio between a customer and an agent, or mixing the audio between multiple parties in a conference or during a transfer. There are two types of phone calls: +Connect Customer is in the audio path for calls handled by the service. It is therefore responsible for relaying the call’s media stream between participants. This can include the audio between a customer and a flow / IVR, the audio between a customer and an agent, or mixing the audio between multiple parties in a conference or during a transfer. There are two types of phone calls: @@ -68 +68 @@ Amazon Connect is in the audio path for calls handled by the service. It is ther -PSTN calls are connected between Amazon Connect and various telecommunications carriers using either private circuits maintained between Amazon Connect and our providers or existing AWS internet connectivity. For PSTN calls routed over the public internet, signaling is encrypted with TLS and the audio media is encrypted with SRTP. +PSTN calls are connected between Connect Customer and various telecommunications carriers using either private circuits maintained between Connect Customer and our providers or existing AWS internet connectivity. For PSTN calls routed over the public internet, signaling is encrypted with TLS and the audio media is encrypted with SRTP. @@ -82 +82 @@ Note the following behavior for call recordings: - * Agent audio is NOT transmitted to Amazon Connect when the agent is not on a call. On November 9, 2023, Amazon Connect deployed an optimization to improve agent productivity that pre-configures the microphone media stream of the agent's browser before the contact arrives. This reduces setup time for both incoming and outgoing calls. As a result, the microphone icon in the agent's browser appears to be on, even when the agent is not on a call. + * Agent audio is NOT transmitted to Connect Customer when the agent is not on a call. On November 9, 2023, Connect Customer deployed an optimization to improve agent productivity that pre-configures the microphone media stream of the agent's browser before the contact arrives. This reduces setup time for both incoming and outgoing calls. As a result, the microphone icon in the agent's browser appears to be on, even when the agent is not on a call. @@ -103 +103 @@ During a video call or screen sharing session, agents are able to see the custom -You can limit access to the call and screen recordings based on user permissions. Recordings can be searched and played back within the Amazon Connect admin website. +You can limit access to the call and screen recordings based on user permissions. Recordings can be searched and played back within the Connect Customer admin website. @@ -109 +109 @@ Call and screen recordings are stored in two phases: - * Recordings intermediately held within Amazon Connect during and after the contact, but before delivery. + * Recordings intermediately held within Connect Customer during and after the contact, but before delivery. @@ -122 +122 @@ At all times, you maintain full control over the security of call recordings del -You can search for and listen to call recordings or view screen recordings in Amazon Connect. To determine which users can do this, assign them the appropriate permissions in their security profile. If AWS CloudTrail is enabled, access to specific recordings by Amazon Connect users is captured in CloudTrail. +You can search for and listen to call recordings or view screen recordings in Connect Customer. To determine which users can do this, assign them the appropriate permissions in their security profile. If AWS CloudTrail is enabled, access to specific recordings by Connect Customer users is captured in CloudTrail. @@ -128 +128 @@ The capabilities of Amazon S3, AWS KMS, and IAM put you in full control of who h -Amazon Connect stores metadata related to contacts that flow through the system and allows authorized users to access this information. The Contact Search feature allows you to search and view contact data, such as origination phone numbers or other attributes set by the flow, that are associated with a contact for diagnostics or reporting purposes. +Connect Customer stores metadata related to contacts that flow through the system and allows authorized users to access this information. The Contact Search feature allows you to search and view contact data, such as origination phone numbers or other attributes set by the flow, that are associated with a contact for diagnostics or reporting purposes. @@ -130 +130 @@ Amazon Connect stores metadata related to contacts that flow through the system -Contact data classified as PII that is stored by Amazon Connect is encrypted at rest using a key that is time-limited and specific to the Amazon Connect instance. Specifically, the customer origination phone number is cryptographically hashed with a key that is specific to the instance to allow for use in contact search. For contact search, the encryption key is not time-sensitive. +Contact data classified as PII that is stored by Connect Customer is encrypted at rest using a key that is time-limited and specific to the Connect Customer instance. Specifically, the customer origination phone number is cryptographically hashed with a key that is specific to the instance to allow for use in contact search. For contact search, the encryption key is not time-sensitive. @@ -132 +132 @@ Contact data classified as PII that is stored by Amazon Connect is encrypted at -The following data stored by Amazon Connect is treated as sensitive: +The following data stored by Connect Customer is treated as sensitive: @@ -157 +157 @@ Content processed by Contact Lens in real-time is encrypted at rest and in trans -Contact Lens persists data (transcript, category names, etc.) on the Amazon Connect side for a short period of time. This is to ensure that the API serves data continuously, for up to 24h after contact terminates. +Contact Lens persists data (transcript, category names, etc.) on the Connect Customer side for a short period of time. This is to ensure that the API serves data continuously, for up to 24h after contact terminates. @@ -161 +161 @@ Contact Lens persists data (transcript, category names, etc.) on the Amazon Conn -When you enable Amazon Connect Voice ID, it computes voiceprints out of your customer's speech for authenticating them in future, and stores the data. Similarly, when you enable fraud detection, it stores the voiceprint for each fraudster registered in Voice ID. +When you enable Connect Customer Voice ID, it computes voiceprints out of your customer's speech for authenticating them in future, and stores the data. Similarly, when you enable fraud detection, it stores the voiceprint for each fraudster registered in Voice ID. @@ -167 +167 @@ While enrolling a customer into Voice ID for authentication and fraud detection, -When you enable Amazon Connect Voice ID, it stores a compacted version of the audio (called utterances) that it aggregated while enrolling a speaker or registering a fraudster. This audio is used in the future whenever the voiceprints for the speakers and fraudsters need to be regenerated. The data is retained until the speaker/fraudster is deleted. The original audio used for enrollment or evaluation is deleted after a 24 hour retention period. +When you enable Connect Customer Voice ID, it stores a compacted version of the audio (called utterances) that it aggregated while enrolling a speaker or registering a fraudster. This audio is used in the future whenever the voiceprints for the speakers and fraudsters need to be regenerated. The data is retained until the speaker/fraudster is deleted. The original audio used for enrollment or evaluation is deleted after a 24 hour retention period. @@ -173 +173 @@ The data is retained until the speaker/fraudster is deleted or opted out. -For outbound campaigns, Amazon Pinpoint passes customer phone numbers and relevant attributes to Amazon Connect. On Amazon Connect, these are always encrypted at rest using either a customer managed key or an AWS owned key. The outbound campaigns data is segregated by the Amazon Connect instance ID and are encrypted by instance specific keys. +For outbound campaigns, Amazon Pinpoint passes customer phone numbers and relevant attributes to Connect Customer. On Connect Customer, these are always encrypted at rest using either a customer managed key or an AWS owned key. The outbound campaigns data is segregated by the Connect Customer instance ID and are encrypted by instance specific keys. @@ -177 +177 @@ For outbound campaigns, Amazon Pinpoint passes customer phone numbers and releva -Any processing of task template resources in Amazon Connect is encrypted at rest and in transit. Data is encrypted with an AWS KMS key. +Any processing of task template resources in Connect Customer is encrypted at rest and in transit. Data is encrypted with an AWS KMS key. @@ -191 +191 @@ Data protection -Encryption at rest in Amazon Connect +Encryption at rest in Connect Customer