Remote worker connectivity — what’s legal in the new OSP regime?

Photo by Ali Yahya on Unsplash

Ever since the Indian government issued new guidelines for OSPs, there has been a lot of optimism in the industry, along with a little confusion. This article focuses on resolving one point of confusion: the question of how remote workers can connect to your communication networks.

Background:

Before the year of Covid, sometimes called 2020, we had a situation were remote working was almost impossible in India. The requirements were so tough (PPVPN, keeping records of IP addresses of agents and so on) that literally no agents were working from home. Then Covid came along.

With everyone expected to be at home, the DoT recognised that a loosening of the policy on WFH for remote agents was needed and after a few clarifications, the overall policy ended up with the following salient aspects:

1. Remote agents could connect to the company’s communication infrastructure by any means possible.
2. Companies needed to track the agents login ID and map it to the IP address of the agent.
3. The agents ID-home address-IP address mapping table was to be regularly shared with the DoT TERM cell.

There are some details that I am skipping over, but the broad strokes are as mentioned above. There was also a requirement that you must use VPN for connectivity, but in practise, it was more of a guideline than a mandate — as long as you addressed the points above, DoT was willing to overlook if you used technologies other than VPN.

The ‘New Normal’

On Nov 5, 2020, the Government of India eased the requirements for OSPs — with the hope that this will give a much needed fillip to the BPO sector and spur new growth (and employment) in an industry that has been facing severe competition from other countries. And one of the key points it addressed was remote working.

The key points that they mentioned w.r.t. remote working are as follows:

1. Agents are allowed to work from anywhere in India.
   This means agents can work from coffee shops, home, co-working spaces, internet cafes and so on, as long as they are working in India.
2. Agents who work from home/work from anywhere shall be treated as Extended Agents.
3. OSP shall be responsible for toll-bypass.
   It is the company’s responsibility to ensure that agents connect in a manner that avoids toll bypass. Structurally, one simple way to achieve this is to ensure that all agents connect to the company’s systems via IP systems (softphones).

And this leads us to the question that everyone has been asking:

Does the remote agent have to connect via VPN only or can they use other mechanisms?

The new guidelines are remarkable in their brevity — just 7 well-spaced pages. But this conciseness also forces a radical simplification in the guidelines For remote working systems, its simple — there is ZERO mention of the connection mechanism that companies need to use!

What this means is that, as long as you are able to ensure that

• toll bypass is prevented,
• CDRs and system logs are stored in India and accessible on demand,
• it is possible to trace the origins of any calls of unauthorised, obnoxious, malicious, illegal, copyright-infringing, intellectual-property infringing, or obscene nature,

you can use any mechanism you want for remote connectivity. This includes PSTN, VPN, or SBCs. Our informed opinion is that:

• PSTN is on its way out and agent connectivity over PSTN can be iffy.
• VPNs are actually quite a poor mechanism for voice calls — its difficult to ensure quality of service for real-time communications over VPN and often, sound becomes choppy, unless you are willing to ridiculously overinvest in VPN infra.
• Far better to use SBCs — they ensure great security, but combine it with the ability to ensure QoS. They are simply the right tool for the job.

Want to know more? Learn about the specific impact of the change in regulation for your company — drop in an email at rupali@assertion.cloud and we will guide you on how to move over to the new world of light-touch OSP regulation! Contact us today!

— — -

ASSERTION© is a world leader in automated security for collaboration systems. Our Cybersecurity and compliance solutions for UC and CC systems have been deployed at some of the largest financial institutions in the world, securing their systems from data breaches, toll fraud, and internal threats. For more information, please visit www.assertion.cloud.