They’re Baaack! Smile you are on Camera – Everywhere!

They’re Baaack! Smile you are on Camera – Everywhere!

Remember Google glasses? Better yet, remember glassholes? It all came and went in just a flash as society reacted to nerds wearing pretentious and creepily intrusive face gear. Well beware, they are back and with a vengeance. It seemed so cool and with so much
How Theranos Hurt the Entire Medical Tech Industry

How Theranos Hurt the Entire Medical Tech Industry

Medical Tech Industry The medical field is no stranger to fraud. With so much money changing hands on a daily basis, there are bound to be a few individuals who try to take advantage of the situation. But one of the most recent developments, involving

CONTRIBUTORS

Key Cloud Office Trends Of The Future

Key Cloud Office Trends Of The Future

Cloud Office Trends The mass migration to the cloud is well under way and will only accelerate. Two giants continue ...
Rainmaking From The Cloud - CIOs Struggle To Keep Pace With IT Demands

Rainmaking From The Cloud – CIOs Struggle To Keep Pace With IT Demands

Rainmaking from the Cloud In the digital era, where customers can select virtually anything with a click of a button, ...
Secure Business Agility

Contrary to popular belief, a pro-privacy stance is good for business

Pro-Privacy Stance Right now privacy is a hot topic on LinkedIn posts, especially as it pertains to compliance with the ...
Leveraging Carrier Ethernet To Connect To The Cloud

Leveraging Carrier Ethernet To Connect To The Cloud

Connecting To The Cloud Determining the Best Cloud Connectivity Solution With the Cloud only being as good as employees’ ability ...
The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” ...
Four Recurring Revenue Imperatives

Four Recurring Revenue Imperatives

Revenue Imperatives “Follow the money” is always a good piece of advice, but in today’s recurring revenue-driven market, “follow the ...
Apcela

Direct Connect To Cloud: Solving For Performance, But At What Cost?

Direct Cloud Connect Executives embarking on the journey to becoming a digital enterprise are essentially asking IT to enable the ...
The Lighter Side Of The Cloud - The Backup Reminder
Mykola Konrad

Cloud Communications Security: Whose Business Is It, Anyway?

Cloud Communications Security

Don’t count on cloud providers to provide all your UCaaS security

It’s official: Unified Communications-as-a-Service (UCaaS) has arrived as a mainstream technology, with one prominent analyst firm (IDC) going so far as to call 2017 “the year of UCaaS.” But before the industry signs off on that title, there are still some pressing security questions to answer, starting with “whose job is it to secure UCaaS, anyway?”

Let’s be clear: security isn’t a reason not to move UC into the cloud. The rise in mobile communications and remote workers—and the unstoppable demographic and market factors behind that rise—demand the kind of communication and collaboration experiences that only UC can deliver. The cloud enables enterprises to deploy communications applications quickly and consistently, scale them easily and upgrade them regularly. It can also wrap security around those applications, provided enterprises understand how much and what kind of security they’re getting with their service.

Security is everybody’s business

One of the biggest mistakes enterprises make with UCaaS is the assumption that security is already bundled into the service. Even when the provider says as much in writing, UC security needs to be a shared responsibility; there’s simply too much at stake to leave it to a third party. And while the UC applications reside in the cloud, your network, the endpoints, call flows and media do not, so your cloud provider can’t be expected to protect them.

Enterprises should work together with their UCaaS provider to create a plan that determines who is securing what. That plan should detail how the provider and enterprise will protect endpoints and secure the connection between the enterprise network and the cloud.

Get real about real-time communications today

Cloud Communications

Moving UC into the cloud doesn’t take your enterprise network out of the equation. It does, however, move the perimeter out to the cloud and make it more porous – thus increasing attack vectors. Voice and video calls, for example, will still need to pass from the cloud through your network and vice versa. Remote workers won’t be in your network when making a call using the UC service, however, their media and signaling flows will most likely still traverse your network at some point. And even if your UCaaS provider has encrypted all the media and signaling (some do this for all flows), there may still be issues.

Most enterprise networks, however, are designed to secure incoming and outgoing data communications and not real-time communications. Real-time communication applications, such as UC, differ from purely data-based applications because they use the IP-based Session Initiation Protocol (SIP). Unsecure SIP increases an enterprise’s risk by introducing data exfiltration, Denial of Service (DoS), telephony Denial of Service (TDoS) and even eavesdropping into the equation. But the problem is, while they do an excellent job of protecting data, stand-alone firewalls aren’t adequate to protect SIP-based applications. In many cases, you must turn off specific firewall functions in order to get your voice and video to work.

So, if you try to transmit a voice or video call through a standard data firewall, you’ll likely have turned off the firewall’s SIP application layer gateway (ALG) functionality. Unfortunately, doing that creates a security hole through which cybercriminals can steal data or direct DDoS attacks.

If enterprises want truly secure cloud communications, they need to add a session border controller (SBC) to their network. An SBC serves as a SIP firewall that not only protects and encrypts real-time communications such as voice and video, but can also provide valuable services including quality of service (QoS) assurance, media transcoding and signaling interworking.

Approach cloud communications security intelligently in the future

In a world where nearly one million new malware threats are released each day, protecting against known threats isn’t much protection at all. For this reason, many enterprises are turning to advanced security analytics to help them detect and mitigate against new attacks more effectively. Of course, this security information needs to be shared throughout the enterprise and even with cloud service partners to be truly effective.

As an example, imagine if an SBC and a firewall were both targeted with a new attack within moments of each other. The SBC might analyze the attack signature, determine it is potentially dangerous and block the SIP related traffic from entering the network. If the SBC doesn’t share that intelligence with the firewall, however, the attack may go through and the localized benefit of analytics is meaningless. As such, integrating security intelligence across devices and brokering this intelligence between applications to disseminate it in real-time will be a key component of cloud security in the future.

To that end, here are three things that enterprises can do right now to secure their cloud UC services:

  1. Establish a joint security plan with your UCaaS provider and make sure that each party’s responsibilities are clearly delineated and understood.
  2. Secure your softphones and other endpoints by keeping them up to date on patches.
  3. Get serious about adding an SBC at every site that will connect to the cloud. An SBC not only secures SIP call flows, but will ensure that your UCaaS experience delivers higher quality voice and video to everyone.

Security shouldn’t be a barrier to the cloud. Think of it as more of a speed bump; you need to slow down, think about it in order to plan and proceed with caution.

By Mykola Konrad

Myk Konrad

As Vice President of Product Management and Marketing, Myk Konrad leads Sonus' global product, channel and corporate marketing initiatives. Mykola has more than 17 years of technology development and product management experience, most recently serving as Director of Product Management at Sonus. Prior to Sonus, he served as Senior Product Manager at Microsoft; Product Manager at Avaya; Software Developer at Panasonic and Software Developer at Ariel Corporation. Mykola holds an M.B.A from New York University's Leonard N. Stern School of Business and a bachelor's degree in electrical engineering from the University of Pennsylvania.

View Website

CLOUDTWEAKS COMMUNITY PARTNERS

Each year we provide a number of highly customized branded programs to community support partners and going into our 10th year at CloudTweaks is no different. Sponsorship opportunities will be available for all budgets and sizes including the (premium) thought leadership exposure program or the webinar, podcast, white paper or explainer video lead generation programs.  Contact us for more information on these opportunities.

Cloud Community Supporters

(ISC)²
Cisco
SAP
CA Technologies
Dropbox

Cloud community support comes from (paid) sponsorship or (no cost) collaborative network partnership initiatives.