SECURITY

Best Practices for Ensuring Cloud-based UC Security in the Enterprise

By TMCnet Special Guest
Charles Studt
  |  September 09, 2013

As businesses try to consolidate their enterprises and streamline processes to be more competitive in today’s market, one of their most popular options has been to update and upgrade their communications systems. Within the past year, many enterprises have transitioned to unified communications connected with hosted SIP trunking connections to replace legacy PBXs connected via the PSTN – to enable new productivity and collaboration features, saving money and lowering maintenance and infrastructure costs.

Projected cost savings represent just one of the reasons that the unified communications as a service market is expected to grow from $2.52 billion in 2013, to $7.62 billion in 2018 – an increase of more than 300 percent over the next five years.

UC connected via SIP trunking isn’t just cheaper. Recent innovations have yielded new capabilities that far exceed legacy networks and on-premises equipment, while sparing businesses the up-front capital costs associated with a communications systems upgrade. These new UC systems can include HD voice, HD video, direct-inward-dialing, presence, videoconferencing and generally more efficient service in a simple, hosted, plug-and-play package. Yet all these new capabilities require SIP trunking connections that support these features.

While the value proposition for UC connected with SIP trunking is compelling, there are complications and concerns related to these new communications services. One critical concern for enterprises includes questions related to security and privacy of IP-based communications.

A security option that many organizations have selected to protect their SIP trunking connections has been subscribing to a second, dedicated T1 or fiber connection reserved for UC and SIP trunking. Isolating these communications on a separate, dedicated network significantly increases message and system security and privacy.

Many organizations are subject to compliance audits for regulations ranging from Sarbanes-Oxley, HIPAA, PCI (News - Alert)-DSS and other government or industry-mandated requirements. While security constraints may not be mandated by the regulation, satisfying auditors often includes security measures to protect regulated communications.

Yet the cost of a second, dedicated T1 connection dramatically erodes many of the cost advantages that UC and hosted SIP trunking can provide. Particularly for distributed enterprises that support multiple locations, the need to install and pay for a second dedicated connection can quickly mushroom. 

With sufficient bandwidth, it’s certainly possible to support UC and SIP trunking connections over the main broadband connection. But the deployment of communications over the same connection as the main Internet connection could expose the system to the potential for security and privacy breaches.

The other main option for securing communications connections is by encrypting communications, both the real-time communications media as well as the call signaling information, to protect them from security breaches, preventing eavesdropping on privileged or private conversations for reasons ranging from criminal theft to corporate espionage.

For encryption to work as part of a comprehensive UC and SIP trunking communications system, it must meet the following requirements:

* It should include the strongest possible encryption that is commercially available, which is currently four kilobit public key encryption.

* Encryption should support standard protocols, such as transport layer security and secure real-time transport protocol.

* The security should protect multimedia content and signaling as well as the communication integrity of the SIP trunks.

* Security measures should be simple to use and implement for enterprise IT administrators. It must be able to work across multiple UC systems, allowing for interoperability with Microsoft (News - Alert) Lync, Avaya and other UC vendors.

* It should be managed by the UCaaS provider, releasing the client from responsibility of troubleshooting the encryption should something malfunction. This follows the service mentality and is a mark of quality when a service provider is willing to support its own product.

As companies look to upgrade and streamline communications capabilities while reducing operating costs, adoption of UC coupled with SIP trunking will continue to increase and even accelerate.

Yet as enterprises embrace cloud-based IP communications, it’s important for them to secure and protect vital communications from hacking, eavesdropping and other vulnerabilities.

While subscribing to a dedicated communications line can improve security, it is a costly approach compared to using the organization’s main Internet connection.

SIP trunking encryption offers a cost-effective alternative, as long as the encryption meets the key requirements for a successful communications system.  

Charles Studt (News - Alert) is vice president of product management and marketing at IntelePeer

(www.IntelePeer.com).




Edited by Stefania Viscusi