Custom Storage Locations

CXone Cloud Storage is another storage option you can use with CXone. It is a good option if you want to save files to your own storage location instead of using CXone default storage for compliance reasons. Contact your CXone Account Representative to find out more about whether using custom storage is the right storage method for your organization.

Cloud Storage Services supports using your own Amazon Web Services (AWS) or Microsoft Azure location for cloud storage. If you're setting up custom storage for the first time, you can use either option. If you already use AWS for custom storage, you cannot switch to Azure. There are differences in feature availability when you use a custom storage location with Cloud Storage Services. These differences are shown in the following table.

Feature

CXone Cloud Storage

Custom Storage with AWS

Custom Storage with Microsoft Azure

File names include contact ID Yes No No
TTL and other Life Cycle Management rules managed in Cloud Storage Services Yes No No
Playback of files in CXone Yes Yes, exclusively Yes, exclusively
Use of Cloud Storage Services Secure External Access (SEA) Yes No No
Stored files are encrypted Yes Yes Yes (You are responsible for encryption if you use Azure)
Ability to hold and release files Yes No No

Before Setting Up Custom Storage

Before enabling custom storage, you need to set up and configure the location where you intend to save interactions. This can be an AWS S3 bucket or Microsoft Azure storage location. Microsoft Azure is only available if you are setting up custom storage for Cloud Storage Services for the first time.

If you're storing call recordings in custom storage, your custom S3 bucket must be configured with some required policies. The policies must allow CXone files to be stored and accessed in your custom bucket using Cloud Storage APIs. Contact your CXone Account Representative for more information about the required policies.

Do not modify the IAM bucket-level policy. Changes to the IAM policy may result in CXone failing to save files to your custom storage location.

You can set up custom storage in an AWS region that differs from your CXone hosted region. However, if you use FedRAMP, you should create your custom storage location in the same region as your CXone hosted region to comply with the regulatory requirements.

In case of failures when sending files to Azure, files are stored in CXoneCloud Storage as a backup. In this case, the backup files may be stored in a different region from the files stored in Azure.

You cannot use custom storage and custom KMS together.

Encryption of Stored Files

Files stored in custom storage locations are encrypted. This provides higher security. However, it means that you cannot access or play the files directly in the AWS or Azure environment. You must use CXone to access or play back the files.

If you use an AWS custom storage location, the encryption is done using an AWS KMS managed by NICE CXone. If you use an Azure custom storage location, you're responsible for the encryption and security of your files and the access keys used to encrypt them.

File Names When Using Custom Storage

Custom storage and the default Cloud Storage locations results in different file names. Files stored in the default Cloud Storage location are named following a convention that uses identifying information such as the creation date, agent, contact ID, and so on.

Custom storage doesn't support this convention. This is because file names are encrypted as part of the process of moving to custom storage. Encrypted file names cannot be matched to specific contact IDs. They may not provide useful information related to the contents of the files. If you need file names that include the contact ID, consider using Secure External Access (SEA) instead of custom storage.

Key Facts about Custom Storage

  • You can set up custom storage in an AWS region that differs from your CXone hosted region. However, if you use FedRAMP, you should create your custom storage location in the same region as your CXone hosted region to comply with the regulatory requirements.

  • You cannot use custom storage and custom KMS together.

  • When you use a custom storage location, you're responsible for the setup, maintenance, and operation of your AWS S3 bucket or Microsoft Azure. This includes your Microsoft Azure account and your access keys. Additionally, you're responsible for the encryption and security of the at-rest files for Azure custom storage. Make sure that you enable the latest access credentials for Azure custom storage in case it has updates after your initial configuration.
  • All files created after you enable custom storage are stored in your custom location. If at any point you disable custom storage, all files created from that point on are stored in the default cloud location.
  • Files cannot move between custom storage and Cloud Storage. This includes files in active and long-term Cloud Storage. When you change your storage location to custom storage or back to Cloud Storage, files stay in the location where they were saved. Because of this, you may have files stored in different locations.
  • After you enable custom storage, you cannot modify the Life Cycle Management rules for CXoneCloud Storage unless you first disable custom storage. If you have files currently in active or long-term Cloud Storage, ensure that the rules you have in place to manage those files in the way you need them to before enabling custom storage.

  • Historical files from the CXone file server or Cloud Storage cannot be moved to your custom storage location.