Mykola Konrad

Cloud Communications Security: Whose Business Is It, Anyway?

Cloud Communications Security

Don’t count on cloud providers to provide all your UCaaS security

It’s official: Unified Communications-as-a-Service (UCaaS) has arrived as a mainstream technology, with one prominent analyst firm (IDC) going so far as to call 2017 “the year of UCaaS.” But before the industry signs off on that title, there are still some pressing security questions to answer, starting with “whose job is it to secure UCaaS, anyway?”

Let’s be clear: security isn’t a reason not to move UC into the cloud. The rise in mobile communications and remote workers—and the unstoppable demographic and market factors behind that rise—demand the kind of communication and collaboration experiences that only UC can deliver. The cloud enables enterprises to deploy communications applications quickly and consistently, scale them easily and upgrade them regularly. It can also wrap security around those applications, provided enterprises understand how much and what kind of security they’re getting with their service.

Security is everybody’s business

One of the biggest mistakes enterprises make with UCaaS is the assumption that security is already bundled into the service. Even when the provider says as much in writing, UC security needs to be a shared responsibility; there’s simply too much at stake to leave it to a third party. And while the UC applications reside in the cloud, your network, the endpoints, call flows and media do not, so your cloud provider can’t be expected to protect them.

Enterprises should work together with their UCaaS provider to create a plan that determines who is securing what. That plan should detail how the provider and enterprise will protect endpoints and secure the connection between the enterprise network and the cloud.

Get real about real-time communications today

Cloud Communications

Moving UC into the cloud doesn’t take your enterprise network out of the equation. It does, however, move the perimeter out to the cloud and make it more porous – thus increasing attack vectors. Voice and video calls, for example, will still need to pass from the cloud through your network and vice versa. Remote workers won’t be in your network when making a call using the UC service, however, their media and signaling flows will most likely still traverse your network at some point. And even if your UCaaS provider has encrypted all the media and signaling (some do this for all flows), there may still be issues.

Most enterprise networks, however, are designed to secure incoming and outgoing data communications and not real-time communications. Real-time communication applications, such as UC, differ from purely data-based applications because they use the IP-based Session Initiation Protocol (SIP). Unsecure SIP increases an enterprise’s risk by introducing data exfiltration, Denial of Service (DoS), telephony Denial of Service (TDoS) and even eavesdropping into the equation. But the problem is, while they do an excellent job of protecting data, stand-alone firewalls aren’t adequate to protect SIP-based applications. In many cases, you must turn off specific firewall functions in order to get your voice and video to work.

So, if you try to transmit a voice or video call through a standard data firewall, you’ll likely have turned off the firewall’s SIP application layer gateway (ALG) functionality. Unfortunately, doing that creates a security hole through which cybercriminals can steal data or direct DDoS attacks.

If enterprises want truly secure cloud communications, they need to add a session border controller (SBC) to their network. An SBC serves as a SIP firewall that not only protects and encrypts real-time communications such as voice and video, but can also provide valuable services including quality of service (QoS) assurance, media transcoding and signaling interworking.

Approach cloud communications security intelligently in the future

In a world where nearly one million new malware threats are released each day, protecting against known threats isn’t much protection at all. For this reason, many enterprises are turning to advanced security analytics to help them detect and mitigate against new attacks more effectively. Of course, this security information needs to be shared throughout the enterprise and even with cloud service partners to be truly effective.

As an example, imagine if an SBC and a firewall were both targeted with a new attack within moments of each other. The SBC might analyze the attack signature, determine it is potentially dangerous and block the SIP related traffic from entering the network. If the SBC doesn’t share that intelligence with the firewall, however, the attack may go through and the localized benefit of analytics is meaningless. As such, integrating security intelligence across devices and brokering this intelligence between applications to disseminate it in real-time will be a key component of cloud security in the future.

To that end, here are three things that enterprises can do right now to secure their cloud UC services:

  1. Establish a joint security plan with your UCaaS provider and make sure that each party’s responsibilities are clearly delineated and understood.
  2. Secure your softphones and other endpoints by keeping them up to date on patches.
  3. Get serious about adding an SBC at every site that will connect to the cloud. An SBC not only secures SIP call flows, but will ensure that your UCaaS experience delivers higher quality voice and video to everyone.

Security shouldn’t be a barrier to the cloud. Think of it as more of a speed bump; you need to slow down, think about it in order to plan and proceed with caution.

By Mykola Konrad

Myk Konrad

As Vice President of Product Management and Marketing, Myk Konrad leads Sonus' global product, channel and corporate marketing initiatives. Mykola has more than 17 years of technology development and product management experience, most recently serving as Director of Product Management at Sonus. Prior to Sonus, he served as Senior Product Manager at Microsoft; Product Manager at Avaya; Software Developer at Panasonic and Software Developer at Ariel Corporation. Mykola holds an M.B.A from New York University's Leonard N. Stern School of Business and a bachelor's degree in electrical engineering from the University of Pennsylvania.

View Website


Four FinTech Trends To Look Out For

Four FinTech Trends To Look Out For

FinTech Trends The fintech industry witnessed an enormous growth in 2015. Around $7.6 billion were invested in fintech companies last ...
Built to Last: Choosing the Right Infrastructure Partner for Your Game

Built to Last: Choosing the Right Infrastructure Partner for Your Game

Choosing the Right Infrastructure Partner There are millions of gamers around the globe, and according to gaming market research firm ...
5 Ways New Technology is Having an Impact on the Energy Sector

5 Ways New Technology is Having an Impact on the Energy Sector

Tech Energy Sector We’ve discussed here in the past how cleantech (a blanket term that includes technologies that affect recycling, ...
Protect Against Network Failures

Five Things Organizations Can Do To Protect Against Network Failures

Protect Against Network Failures It is no surprise that whenever there is an outage in a public or private cloud, ...
Secure Business Agility

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or ...
Choice: A Critical Factor For A Successful Business

Choice: A Critical Factor For A Successful Business

A Critical Factor For A Successful Business One of the most valuable business assets a company has today is its ...


Dropbox heads for trading debut after upsized IPO pricing

Dropbox heads for trading debut after upsized IPO pricing

(Reuters) - Having topped expectations with the upsized price of its initial public offering, Dropbox Inc on Friday faces its next big challenge: a successful launch of trading when global stock markets are the defensive ...
IDC Report: Smart Cities Initiatives to Reach $28.3 Billion in 2018

IDC Report: Smart Cities Initiatives to Reach $28.3 Billion in 2018

First-ever IDC Smart Cities Spending Guide Expects Technologies Enabling Smart Cities Initiatives to Reach $28.3 Billion in 2018 SINGAPORE, March 23rd, 2018 – Asia/Pacific (excluding Japan) on the technologies that enable Smart Cities initiatives is expected ...
BMW delays electric car mass production until 2020 for cost reasons

BMW delays electric car mass production until 2020 for cost reasons

FRANKFURT (Reuters) - BMW has held back the mass rollout of electric cars until 2020 because current fourth generation electric car technology is not profitable enough for volume production, Chief Executive Harald Krueger said. “We ...
Rackspace Extends Managed Security to Google Cloud Platform

Rackspace Extends Managed Security to Google Cloud Platform

SAN ANTONIO, March 21, 2018 (GLOBE NEWSWIRE) -- Rackspace® announced today that Managed Security and Compliance Assistance for Google Cloud Platform (GCP) is now available for preview to new and existing customers that use Rackspace Managed Services for GCP ...
Google classroom

Helping G Suite customers stay secure with new proactive phishing protections and management controls

Security tools are only effective at stopping threats if they are deployed and managed at scale, but getting everyone in your organization to adopt these tools ultimately hinges on how easy they are to use ...
Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018

Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018

By 2021, Regulatory Compliance Will Become the Prime Influencer for IoT Security Uptake Internet of Things (IoT)-based attacks are already a reality. A recent CEB, now Gartner, survey found that nearly 20 percent of organizations ...