Securing unified communications in the cloud – top tips for businesses of all sizes
The arrival of Generations Y and Z into the workforce has opened up demand for smarter and more intuitive ways of working. Providing a platform that enables people to connect with colleagues easily, regardless of time zone or location, is now non-negotiable. As a result, organisations are adopting Unified Communications (UC) – a combination of voice, video and messaging platforms around a shared IP-based infrastructure – to boost productivity and enhance collaboration.
According to research by MarketsandMarkets, the Unified Communications as a Service (UCaaS) market will grow from $17.35 Billion in 2016 to $28.69 billion by 2021. Cloud providers are the preferred choice for businesses looking for flexibility and cost-efficiency that can easily be integrated into the workplace. But UC, and particularly UC in the cloud, is a rapidly evolving area in which new security threats are emerging and trends are evolving. Understanding its nuances has never been more vital.
How is the Unified Communications in cloud currently being secured?
In the introduction to their book ‘Hacking Exposed: Unified Communications and VOIP’, Mark Collier and David Endler explain the reasons behind the rising security issues: “In terms of threats, UC has made many attacks easier. Attackers target VoIP and UC for the same reasons they attacked legacy voice – to steal service, to harass and disrupt, to sell unwanted products and services, to steal money and information and to eavesdrop on conversations.”
The biggest threat to a company’s security in Unified Communications is failing to have the safeguards and systems in place. Without investment in data protection systems, tailored security, and education for employees, a company is open to attack.
UC growth means that IT teams who have traditionally focused solely on securing data, infrastructure and communications networks must now expand their expertise across voice, video, messaging and collaboration platforms.
Even in a seemingly iron-clad environment, security can be breached if teams don’t act quickly to rebuff new threats as they surface and protect the vulnerabilities of real-time communications. Thinly spread expertise is a risk factor in securing Unified Communications as a Service (UCaaS), and improving it requires unified collaboration across teams.
Understanding the security threats to UCaaS in cloud
Hackers prey on vulnerabilities that grow from a lack of understanding. Whether an organisation is creating its own internal solution or working with an external provider, there are significant threats that need to be understood to ensure the full potential is reached for UC in the cloud. Firstly, teams need inside-out knowledge of these security issues, including where they come from, why they’re dangerous, and what can be done to tackle them.
1) Data centre vulnerability. Most UCs rely on data centers for service and storage, but if they’re not strictly controlled if natural disaster or equipment failure strike, the business in question could be put out of compliance, and business continuity may be affected.
2) Network flexibility. How will employees use the UC system on other networks? With the rise of remote and flexible working, it’s likely they won’t always be relying on the in-house network. It is vital to protect against the inherent risks of external networks when employees are mobile.
3) Human error and vulnerability. Simple human error can be equally to blame for security breaches, for example when employees choose weak passwords or succumb to phishing schemes. The best way to do something about this? Invest in educating employees.
4) Poor data encryption. If an organisation is using a third-party vendor, that vendor’s approach to protecting data can have an impact on how open to risks the organisation is. Data transmitted through a UC vendor’s network should be encrypted.
5) Poor data integrations. Understanding how a new UC tool integrates with current applications is crucial to ensure a seamless implementation and happy end users. Leading UC platform options offer built-in integrations with many of the most common business apps.
How can the threats be dealt with?
Securing UC starts at the network layer and extends through to educating employees. It’s not one or the other: for organisations to successfully protect themselves from possible threats, they need to take a holistic approach and address both the human and technological aspects of security.
1) Start at the network layer
There is no better point from which to enforce security than within the network. Essential features like session encryption and spam blocking are easily managed in the network, along with the ability to trace and grant or deny access to threats in real-time.
Organisations should decide which cloud architecture – multi-tenant or private – suits their needs. A multi-tenant architecture is cheaper than a private architecture, but offers less control to organisations. In terms of network services, organisations must choose whether to offload all their services to a provider, or keep some services in-house.
2) Think about IT staffing
A dramatic shift is underway in both the way organisations strategically manage collaboration applications and in the tactical way they are structured to operations, according to Nemertes Research Group Inc.'s ‘Unified Communications and Collaboration: 2018-19’ study.
The study found that approximately 64% of businesses today have converged their various collaboration and communications groups into a single, unified collaboration planning and structure. This structure typically includes sub-teams responsible for technology platforms, including calling, meeting and messaging platforms and services. Additional teams support mail, calendaring and file management, while larger organisations might also have functions responsible for portal; AV, including rooms systems; streaming video and broadcast platforms; and social platforms.
“The key feature of this converged structure is integration of strategy to ensure that different teams are aligned and are able to take advantage of rapidly converging products that combine collaboration technologies.” wrote Irwin Lazar. The study also proved that organisations with a unified collaboration team are 17% more successful in their ability to meet identified collaboration requirements.
3) Establish a security-first culture
Having the right IT framework in place is not enough. Establishing a security-first culture throughout an organisation is essential for ensuring the digital workplace remains secure, especially in an age of flexible working and BYOD.
Organisations should invest in training employees on the consequences of data breaches, through either in-house or web-based tutorials. The rise of remote and mobile working brings with it additional security threats to UCs, so it’s essential for organisations to establish a clear digital policy on what employees can and cannot do.
To discover more about securing UC in the cloud, why not Register your interest for UC EXPO here?