It’s Not Digital Transformation; It’s Digital “Business” Transformation – Part III

It’s Not Digital Transformation; It’s Digital “Business” Transformation – Part III

Digital “Business” Transformation This is the third part of the series on the “Customer Journey Digital Transformation” methodology for helping organizations to become more effective at leveraging their digital assets to disrupt traditional business models and disintermediate customer relationships. As defined in the blog “What
The Cloud Reveals a Future of Work That May Be Scary to Some

The Cloud Reveals a Future of Work That May Be Scary to Some

The Future of Work May Be Scary to Some Anyone paying attention to the world of work over the past 10 years or so has noticed the profound changes. Whether client-facing or internal, the cloud and its attendant technologies — such as AI — are
Mykola Konrad

Cloud Communications Security: Whose Business Is It, Anyway?

Cloud Communications Security

Don’t count on cloud providers to provide all your UCaaS security

It’s official: Unified Communications-as-a-Service (UCaaS) has arrived as a mainstream technology, with one prominent analyst firm (IDC) going so far as to call 2017 “the year of UCaaS.” But before the industry signs off on that title, there are still some pressing security questions to answer, starting with “whose job is it to secure UCaaS, anyway?”

Let’s be clear: security isn’t a reason not to move UC into the cloud. The rise in mobile communications and remote workers—and the unstoppable demographic and market factors behind that rise—demand the kind of communication and collaboration experiences that only UC can deliver. The cloud enables enterprises to deploy communications applications quickly and consistently, scale them easily and upgrade them regularly. It can also wrap security around those applications, provided enterprises understand how much and what kind of security they’re getting with their service.

Security is everybody’s business

One of the biggest mistakes enterprises make with UCaaS is the assumption that security is already bundled into the service. Even when the provider says as much in writing, UC security needs to be a shared responsibility; there’s simply too much at stake to leave it to a third party. And while the UC applications reside in the cloud, your network, the endpoints, call flows and media do not, so your cloud provider can’t be expected to protect them.

Enterprises should work together with their UCaaS provider to create a plan that determines who is securing what. That plan should detail how the provider and enterprise will protect endpoints and secure the connection between the enterprise network and the cloud.

Get real about real-time communications today

 

Moving UC into the cloud doesn’t take your enterprise network out of the equation. It does, however, move the perimeter out to the cloud and make it more porous – thus increasing attack vectors. Voice and video calls, for example, will still need to pass from the cloud through your network and vice versa. Remote workers won’t be in your network when making a call using the UC service, however, their media and signaling flows will most likely still traverse your network at some point. And even if your UCaaS provider has encrypted all the media and signaling (some do this for all flows), there may still be issues.

Most enterprise networks, however, are designed to secure incoming and outgoing data communications and not real-time communications. Real-time communication applications, such as UC, differ from purely data-based applications because they use the IP-based Session Initiation Protocol (SIP). Unsecure SIP increases an enterprise’s risk by introducing data exfiltration, Denial of Service (DoS), telephony Denial of Service (TDoS) and even eavesdropping into the equation. But the problem is, while they do an excellent job of protecting data, stand-alone firewalls aren’t adequate to protect SIP-based applications. In many cases, you must turn off specific firewall functions in order to get your voice and video to work.

So, if you try to transmit a voice or video call through a standard data firewall, you’ll likely have turned off the firewall’s SIP application layer gateway (ALG) functionality. Unfortunately, doing that creates a security hole through which cybercriminals can steal data or direct DDoS attacks.

If enterprises want truly secure cloud communications, they need to add a session border controller (SBC) to their network. An SBC serves as a SIP firewall that not only protects and encrypts real-time communications such as voice and video, but can also provide valuable services including quality of service (QoS) assurance, media transcoding and signaling interworking.

Approach cloud communications security intelligently in the future

In a world where nearly one million new malware threats are released each day, protecting against known threats isn’t much protection at all. For this reason, many enterprises are turning to advanced security analytics to help them detect and mitigate against new attacks more effectively. Of course, this security information needs to be shared throughout the enterprise and even with cloud service partners to be truly effective.

As an example, imagine if an SBC and a firewall were both targeted with a new attack within moments of each other. The SBC might analyze the attack signature, determine it is potentially dangerous and block the SIP related traffic from entering the network. If the SBC doesn’t share that intelligence with the firewall, however, the attack may go through and the localized benefit of analytics is meaningless. As such, integrating security intelligence across devices and brokering this intelligence between applications to disseminate it in real-time will be a key component of cloud security in the future.

To that end, here are three things that enterprises can do right now to secure their cloud UC services:

  1. Establish a joint security plan with your UCaaS provider and make sure that each party’s responsibilities are clearly delineated and understood.
  2. Secure your softphones and other endpoints by keeping them up to date on patches.
  3. Get serious about adding an SBC at every site that will connect to the cloud. An SBC not only secures SIP call flows, but will ensure that your UCaaS experience delivers higher quality voice and video to everyone.

Security shouldn’t be a barrier to the cloud. Think of it as more of a speed bump; you need to slow down, think about it in order to plan and proceed with caution.

By Mykola Konrad

Myk Konrad

As Vice President of Product Management and Marketing, Myk Konrad leads Sonus' global product, channel and corporate marketing initiatives. Mykola has more than 17 years of technology development and product management experience, most recently serving as Director of Product Management at Sonus. Prior to Sonus, he served as Senior Product Manager at Microsoft; Product Manager at Avaya; Software Developer at Panasonic and Software Developer at Ariel Corporation. Mykola holds an M.B.A from New York University's Leonard N. Stern School of Business and a bachelor's degree in electrical engineering from the University of Pennsylvania.

View Website

TOP ARCHIVES

Chris

How to Avoid Becoming Another Cloud Security Statistic

Cloud Security Statistic Last year, Gartner predicted that, by 2020, 95 percent of all cloud security failures will be caused ...
How IoT and OT collaborate to usher in the data-driven factory of the future

How IoT and OT collaborate to usher in the data-driven factory of the future

The Data-driven Factory The next BriefingsDirect Internet of Things (IoT) technology trends interview explores how innovation is impacting modern factories and supply chains ...
ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

Designing Enterprise Software around People Looking back, business owners talked to their customers and employees in person or by phone ...
Infosec thought leaders

How a Connection Broker Manages Complexity and Remote Access in Hyperconverged and Hybrid Environments

Hyperconverged and Hybrid Environments Consolidating desktop workloads in the datacenter using hyperconverged infrastructure and virtualization optimizes resources, reduces power consumption, ...
Impact of AI and 5G on the Possibilities of Data

Impact of AI and 5G on the Possibilities of Data

Impact of AI and 5G This blog post was made in collaboration with Intel. A smarter world is now a ...