unified communications

Being Secure on the Super-Highway to
Enterprise Collaboration

Being Secure on the Super-Highway to Enterprise Collaboration

  • Dietmar Kraume
  • Managed Security, Unified Communications
  • Cyber-Security, EnterpriseVoice, Cyber-Threats

Unified Communications (UC) has quickly become a staple of modern business culture. When an organization uses UC to remove barriers between communication channels, everything from conferencing to content sharing runs better. An added plus, UC actually reduces costs due to streamlined management and deployment.

The downside to all this, however, is that lock-tight security may be harder to achieve with UC. Or, at the least, it comes as an afterthought. The tools that enable Unified Communications can present numerous Cyber-Security vulnerabilities that could put an organization at serious risk. The savviest organizations are learning about these risks, then implementing their UC initiatives along with powerful protection measures.

This begs the questions:

  • What types of threats and vulnerabilities do UC tools bring to an organization’s network?
  • What, exactly, are those “powerful protection measures” shielding the network from?
  • What do UC Cyber-Security measures entail?

Learn how organizations can stay safe as they head into the deeper waters of full-scale, modern enterprise collaboration.

How Unified Communications Tools Put Organizations at Risk

As corporate communications have continued to move to the cloud and the multitude of devices used in the workplace has exploded, security management has become more complex. Apps, software, and hardware – even your telephony hardware – can all be used by attackers to access networks.

Application Vulnerabilities

Enterprise apps are a fast-growing segment that accounted for just over half of revenue share of the market in 2018. In the race to create and deploy products quickly, application vulnerabilities can sneak through.

Since SaaS applications that enable communication are not typically designed with security in mind, increasing your organization’s use of them can introduce vulnerabilities and create holes in an organization’s security defenses. Applications are a leading cause of data breach, especially when users ignore or don’t understand security best practices, like updating apps for patches and bug fixes on a regular basis.

Insider Threats

Employees can be some of the biggest threats to an organization, whether intentional or accidentally. If an employee uses the same devices for UC tools as they do other apps, the corporate data stored within the UC program could be at risk. Malicious apps can gain access to trusted apps on a mobile device without a user even knowing it, resulting in data leakage or enabling an environment where malicious programs can move laterally across the network. Applications don’t need to bet infected with malware to be used for malicious intent, either - they can come with default privacy settings that expose the user (and the company) to risk. With access to contacts, a malicious app can steal personal information, corporate information, and more.

Hardware Vulnerabilities

UC tools introduce hardware vulnerabilities, too. For example, deploying VoIP in a unified communications environment opens up new areas of attack. A common risk there is Toll Fraud, which is when unauthorized users are able to infiltrate an enterprise telephone system and make long distance phone calls, also known as toll calls. Hackers may even re-sell the toll calls on the open market for profit, causing UC costs to balloon out of control.

Denial of Service is another security risk that can accompany today’s UC solutions. Securing your environment has always been a priority but over the years, attackers have learned to exploit the vulnerabilities of the UC environment in particular by targeting certain IP ports used in Unified Communications deployments.

What do Organizations Need to do to Minimize These Risks?

Securing your cloud environment (i.e. your Unified Communications network) takes a comprehensive approach that covers these three steps:

1. Minimize Shadow IT

Software-as-a-Service (SaaS) has opened up new doors everywhere for organizations as they seek new ways to improve their business processes. But the very things that make SaaS perfect for business – easy integration, low initial cost, scalability, and hassle-free upgrades – are also what makes SaaS a security nightmare for IT.

It’s a widespread problem – most employees admit they’ve used non-approved SaaS applications while on the job. When they bypass IT to procure/install/configure/maintain their own applications, they create shadow IT. To minimize shadow IT, organizations can make sure employees are not deploying their own UC tools without IT’s knowledge by running a Shadow IT Assessment.

2. Implement the Right Tools

Good IT asset management is also important here, ensuring IT teams have consistent visibility into which programs are running on the network. Managing an ever-expanding unified communications ecosystem is a complex operation. Be sure to augment these tools with security solutions that minimize risk, such as access management tools that ensure only authorized users can access your corporate UC infrastructure as well as web application security tools to reduce vulnerabilities. Also, conduct security and compliance assessments regularly to ensure there are no vulnerabilities that could result in non-compliance or a data breech.

3. Practice Ongoing Security Management

Proper vetting and configuration of third-party tools is a good start. Using the right tools is essential, but managers need to think proactively in order to protect their assets in a cloud-based world.

Ongoing security management means conducting compliance checks on third-party tools, internal systems, and hardware that enables the UC environment. In addition, it means actively monitoring all enterprise applications with an eye toward updating them as often as necessary.

Cyber-Security Best Practice Awareness

UC networks are the basis for business innovation and the agility that modern organizations need in order to stay viable in a fast, global marketplace. However, collaboration and communication mustn’t come at the expense of security. Staying secure means not just implementing the IT initiatives mentioned here, but also getting everyone involved in keeping company assets protected. This brings us to the icing on the security cake: spreading best practice awareness.

Cyber-Security best practice awareness can help organizations change their “security culture” to prevent security risks that stem from user negligence. And, at the top levels, management can follow Cyber-Security best practices as well. This calls for proactive solutions like creating a Cyber-Security policy, identifying company assets, using risk assessment tools, and actively managing Cyber-Security with tools that prioritize unified communications along with other security concerns.

Protecting your business from today’s Cyber-Threats is an ongoing struggle, especially as more devices and applications are added to your network. Being aware of the risks these tools can bring and how to minimize them ensures your business reaps all of the benefits of unified communications without sacrificing data security.

Stay Efficient, Stay Secure

Make life easier with our Managed Security Services. In the cloud-first era, we can help you identify your risks, protect your assets, and stay ahead of security threats and compliance in a unified world.

Read more
  • Thursday 03 October 2019

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Dietmar Kraume, Authro SoftwareONE Blog

Dietmar Kraume Director UC Technology & Presales

Unified Communications & Collaboration

Related Articles

cloud-video-conferencing
  • 06 November 2019
  • Mischa Sturzenegger
  • Unified Communications, User Productivity
  • Video Conferencing, Cloud

Are You Ready to Adopt Cloud Video Conferencing?

Before deploying cloud video conferencing solutions, organizations need to examine their existing IT infrastructure. Take a closer look at how to find your organization’s best option.

achieving-an-agnostic-approach-to-cybersecurity
  • 29 October 2019
  • Bala Sethunathan
  • Managed Security
  • Cyber-Security, Security, Cloud

Achieving a Holistic Approach to Cyber-Security

Experts are recommending organizations to take a holistic approach to cyber-security. Learn about the specific controls you can put in place to protect your business in the new era of threats

How to Prepare for Exchange 2010 End of Support
  • 24 October 2019
  • Dan Ortman
  • Publisher Advisory, Managed Security
  • Office 365

How to Prepare for Exchange 2010 End of Support

Exchange 2010’s end of support is occurring on October 13th, 2020. Learn more about your organization’s best possible options for upgrade today.