Mykola Konrad

Cloud Communications Security: Whose Business Is It, Anyway?

Cloud Communications Security

Don’t count on cloud providers to provide all your UCaaS security

It’s official: Unified Communications-as-a-Service (UCaaS) has arrived as a mainstream technology, with one prominent analyst firm (IDC) going so far as to call 2017 “the year of UCaaS.” But before the industry signs off on that title, there are still some pressing security questions to answer, starting with “whose job is it to secure UCaaS, anyway?”

Let’s be clear: security isn’t a reason not to move UC into the cloud. The rise in mobile communications and remote workers—and the unstoppable demographic and market factors behind that rise—demand the kind of communication and collaboration experiences that only UC can deliver. The cloud enables enterprises to deploy communications applications quickly and consistently, scale them easily and upgrade them regularly. It can also wrap security around those applications, provided enterprises understand how much and what kind of security they’re getting with their service.

Security is everybody’s business

One of the biggest mistakes enterprises make with UCaaS is the assumption that security is already bundled into the service. Even when the provider says as much in writing, UC security needs to be a shared responsibility; there’s simply too much at stake to leave it to a third party. And while the UC applications reside in the cloud, your network, the endpoints, call flows and media do not, so your cloud provider can’t be expected to protect them.

Enterprises should work together with their UCaaS provider to create a plan that determines who is securing what. That plan should detail how the provider and enterprise will protect endpoints and secure the connection between the enterprise network and the cloud.

Get real about real-time communications today

Cloud Communications

Moving UC into the cloud doesn’t take your enterprise network out of the equation. It does, however, move the perimeter out to the cloud and make it more porous – thus increasing attack vectors. Voice and video calls, for example, will still need to pass from the cloud through your network and vice versa. Remote workers won’t be in your network when making a call using the UC service, however, their media and signaling flows will most likely still traverse your network at some point. And even if your UCaaS provider has encrypted all the media and signaling (some do this for all flows), there may still be issues.

Most enterprise networks, however, are designed to secure incoming and outgoing data communications and not real-time communications. Real-time communication applications, such as UC, differ from purely data-based applications because they use the IP-based Session Initiation Protocol (SIP). Unsecure SIP increases an enterprise’s risk by introducing data exfiltration, Denial of Service (DoS), telephony Denial of Service (TDoS) and even eavesdropping into the equation. But the problem is, while they do an excellent job of protecting data, stand-alone firewalls aren’t adequate to protect SIP-based applications. In many cases, you must turn off specific firewall functions in order to get your voice and video to work.

So, if you try to transmit a voice or video call through a standard data firewall, you’ll likely have turned off the firewall’s SIP application layer gateway (ALG) functionality. Unfortunately, doing that creates a security hole through which cybercriminals can steal data or direct DDoS attacks.

If enterprises want truly secure cloud communications, they need to add a session border controller (SBC) to their network. An SBC serves as a SIP firewall that not only protects and encrypts real-time communications such as voice and video, but can also provide valuable services including quality of service (QoS) assurance, media transcoding and signaling interworking.

Approach cloud communications security intelligently in the future

In a world where nearly one million new malware threats are released each day, protecting against known threats isn’t much protection at all. For this reason, many enterprises are turning to advanced security analytics to help them detect and mitigate against new attacks more effectively. Of course, this security information needs to be shared throughout the enterprise and even with cloud service partners to be truly effective.

As an example, imagine if an SBC and a firewall were both targeted with a new attack within moments of each other. The SBC might analyze the attack signature, determine it is potentially dangerous and block the SIP related traffic from entering the network. If the SBC doesn’t share that intelligence with the firewall, however, the attack may go through and the localized benefit of analytics is meaningless. As such, integrating security intelligence across devices and brokering this intelligence between applications to disseminate it in real-time will be a key component of cloud security in the future.

To that end, here are three things that enterprises can do right now to secure their cloud UC services:

  1. Establish a joint security plan with your UCaaS provider and make sure that each party’s responsibilities are clearly delineated and understood.
  2. Secure your softphones and other endpoints by keeping them up to date on patches.
  3. Get serious about adding an SBC at every site that will connect to the cloud. An SBC not only secures SIP call flows, but will ensure that your UCaaS experience delivers higher quality voice and video to everyone.

Security shouldn’t be a barrier to the cloud. Think of it as more of a speed bump; you need to slow down, think about it in order to plan and proceed with caution.

By Mykola Konrad

Myk Konrad

As Vice President of Product Management and Marketing, Myk Konrad leads Sonus’ global product, channel and corporate marketing initiatives. Mykola has more than 17 years of technology development and product management experience, most recently serving as Director of Product Management at Sonus. Prior to Sonus, he served as Senior Product Manager at Microsoft; Product Manager at Avaya; Software Developer at Panasonic and Software Developer at Ariel Corporation. Mykola holds an M.B.A from New York University’s Leonard N. Stern School of Business and a bachelor’s degree in electrical engineering from the University of Pennsylvania.

View Website

CONTRIBUTORS

Two 2017 Trends From A Galaxy Far, Far Away

Two 2017 Trends From A Galaxy Far, Far Away

Reaching For The Stars People who know me know that I’m a huge Star Wars fan. I recently had the ...
Chris Gerva

Why Containers Can’t Solve All Your Problems In The Cloud

Containers and the cloud Docker and other container services are appealing for a good reason - they are lightweight and ...
Cyber Security Tips For Digital Collaboration

Cyber Security Tips For Digital Collaboration

Cyber Security Tips October is National Cyber Security Awareness Month – a joint effort by the Department of Homeland Security ...
The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the ...
Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and ...
AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility Earlier this week, AWS S3 had to fight its way back to ...
Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in ...
Why ‘Data Hoarding’ Increases Cybersecurity Risk

Why ‘Data Hoarding’ Increases Cybersecurity Risk

Data Hoarding The proliferation of data and constant growth of content saved on premise, in cloud storage, or a non-integrated ...
What Futuristic Transportation Will Look Like In Your Lifetime

What Futuristic Transportation Will Look Like In Your Lifetime

Futuristic Transportation Being stuck in traffic or late for work because of a hold up on the dreaded commute could ...
What is shadow IT?

How to Make the Move to the Cloud Securely

Move to the Cloud Securely The 2016 Enterprise Cloud Computing Survey from IDG offers multiple interesting insights concerning the state ...

NEWS

email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...
Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...
Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...