GDPR – One Year On

GDPR – One Year On

May 25 marks the first anniversary since the European Union’s General Data Protection Regulation (GDPR) came into force. After a two-year preparation process, the regulation came into effect a year ago tomorrow, harmonizing data security, data protection, data retention and data usage laws across the
/
Announcing the preview of Windows Server containers support in Azure Kubernetes Service

Announcing the preview of Windows Server containers support in Azure Kubernetes Service

Kubernetes is taking the app development world by storm. Earlier this month, we shared that the Azure Kubernetes Service (AKS) was the fastest growing compute service in Azure’s history. Customers like Siemens Healthineers, Finastra, Maersk, and Hafslund are realizing the benefits of using AKS to easily deploy,
/

Cloud Communications Security

Don’t count on cloud providers to provide all your UCaaS security

It’s official: Unified Communications-as-a-Service (UCaaS) has arrived as a mainstream technology, with one prominent analyst firm (IDC) going so far as to call 2017 “the year of UCaaS.” But before the industry signs off on that title, there are still some pressing security questions to answer, starting with “whose job is it to secure UCaaS, anyway?”

Let’s be clear: security isn’t a reason not to move UC into the cloud. The rise in mobile communications and remote workers—and the unstoppable demographic and market factors behind that rise—demand the kind of communication and collaboration experiences that only UC can deliver. The cloud enables enterprises to deploy communications applications quickly and consistently, scale them easily and upgrade them regularly. It can also wrap security around those applications, provided enterprises understand how much and what kind of security they’re getting with their service.

Security is everybody’s business

One of the biggest mistakes enterprises make with UCaaS is the assumption that security is already bundled into the service. Even when the provider says as much in writing, UC security needs to be a shared responsibility; there’s simply too much at stake to leave it to a third party. And while the UC applications reside in the cloud, your network, the endpoints, call flows and media do not, so your cloud provider can’t be expected to protect them.

Enterprises should work together with their UCaaS provider to create a plan that determines who is securing what. That plan should detail how the provider and enterprise will protect endpoints and secure the connection between the enterprise network and the cloud.

Get real about real-time communications today

 

Moving UC into the cloud doesn’t take your enterprise network out of the equation. It does, however, move the perimeter out to the cloud and make it more porous – thus increasing attack vectors. Voice and video calls, for example, will still need to pass from the cloud through your network and vice versa. Remote workers won’t be in your network when making a call using the UC service, however, their media and signaling flows will most likely still traverse your network at some point. And even if your UCaaS provider has encrypted all the media and signaling (some do this for all flows), there may still be issues.

Most enterprise networks, however, are designed to secure incoming and outgoing data communications and not real-time communications. Real-time communication applications, such as UC, differ from purely data-based applications because they use the IP-based Session Initiation Protocol (SIP). Unsecure SIP increases an enterprise’s risk by introducing data exfiltration, Denial of Service (DoS), telephony Denial of Service (TDoS) and even eavesdropping into the equation. But the problem is, while they do an excellent job of protecting data, stand-alone firewalls aren’t adequate to protect SIP-based applications. In many cases, you must turn off specific firewall functions in order to get your voice and video to work.

So, if you try to transmit a voice or video call through a standard data firewall, you’ll likely have turned off the firewall’s SIP application layer gateway (ALG) functionality. Unfortunately, doing that creates a security hole through which cybercriminals can steal data or direct DDoS attacks.

If enterprises want truly secure cloud communications, they need to add a session border controller (SBC) to their network. An SBC serves as a SIP firewall that not only protects and encrypts real-time communications such as voice and video, but can also provide valuable services including quality of service (QoS) assurance, media transcoding and signaling interworking.

Approach cloud communications security intelligently in the future

In a world where nearly one million new malware threats are released each day, protecting against known threats isn’t much protection at all. For this reason, many enterprises are turning to advanced security analytics to help them detect and mitigate against new attacks more effectively. Of course, this security information needs to be shared throughout the enterprise and even with cloud service partners to be truly effective.

As an example, imagine if an SBC and a firewall were both targeted with a new attack within moments of each other. The SBC might analyze the attack signature, determine it is potentially dangerous and block the SIP related traffic from entering the network. If the SBC doesn’t share that intelligence with the firewall, however, the attack may go through and the localized benefit of analytics is meaningless. As such, integrating security intelligence across devices and brokering this intelligence between applications to disseminate it in real-time will be a key component of cloud security in the future.

To that end, here are three things that enterprises can do right now to secure their cloud UC services:

  1. Establish a joint security plan with your UCaaS provider and make sure that each party’s responsibilities are clearly delineated and understood.
  2. Secure your softphones and other endpoints by keeping them up to date on patches.
  3. Get serious about adding an SBC at every site that will connect to the cloud. An SBC not only secures SIP call flows, but will ensure that your UCaaS experience delivers higher quality voice and video to everyone.

Security shouldn’t be a barrier to the cloud. Think of it as more of a speed bump; you need to slow down, think about it in order to plan and proceed with caution.

By Mykola Konrad

Myk Konrad

As Vice President of Product Management and Marketing, Myk Konrad leads Sonus' global product, channel and corporate marketing initiatives. Mykola has more than 17 years of technology development and product management experience, most recently serving as Director of Product Management at Sonus. Prior to Sonus, he served as Senior Product Manager at Microsoft; Product Manager at Avaya; Software Developer at Panasonic and Software Developer at Ariel Corporation. Mykola holds an M.B.A from New York University's Leonard N. Stern School of Business and a bachelor's degree in electrical engineering from the University of Pennsylvania.

View Website
Avoiding the IOT ‘Twister’ Business Strategy

Avoiding the IOT ‘Twister’ Business Strategy

IOT ‘Twister’ Most organizations’ ‪ IOT Strategy look like a game of ‪ ‘Twister’ with progress across important IOT capabilities such as architecture, technology, ...
Data Visualization 101: How, What, Why?

Data Visualization 101: How, What, Why?

Data Visualization 101 “A picture is worth a thousand words.” This old, English idiom could not ring more true than ...
Using the Digital Transformation Journey Workbook to Deliver “Smart” Spaces

Using the Digital Transformation Journey Workbook to Deliver “Smart” Spaces

Key points of this blog include: Digital Transformation sweeps aside traditional industry borders to create new sources of customer and ...
How artificial intelligence and analytics helps in crime prevention

How artificial intelligence and analytics helps in crime prevention

How Artificial Intelligence Helps Crime Prevention According to a study released by FBI, there is an annual increase of 4.1% ...