Q
Problem solve Get help with specific problems with your technologies, process and projects.

How should organizations evaluate UC cloud app security providers?

Security is a priority when moving communications to the cloud. Organizations must do their due diligence when evaluating cloud providers' UC security expertise.

Cloud app security may seem like an oxymoron, but security in the cloud is actually quite mature. While initial...

cloud offerings had some issues, these have largely been sorted over the years, and players that were "not ready for prime time" have been weeded out. 

In fact, cloud has become the great equalizer for smaller businesses to be able to take advantage of mature and secure apps they may not have the resources to support in-house. Businesses can rely on the expertise of cloud providers and piggyback on their security knowledge without having to hire security internally. Hiring security staff in-house can be a risk, because they may not have proven expertise and will only be as good as the services and systems they know. 

Cloud-based unified communications (UC) is no exception for the need of an experienced security provider. Some forms of communication will be more sensitive than others, but as a whole, it's best to treat all communications as sensitive material that needs to be secure.

Businesses have homework to do to ensure a provider will meet their cloud app security needs. Make sure the provider has been in business for a while and can verify success with other companies like yours. You wouldn't want to be a provider's first healthcare customer and hope it understands the Health Insurance Portability and Accountability Act, for example. In your request-for-proposal document, ask for references for long-term customers. Definitely call the references, and be sure to ask about any cloud app security breaches.

Make sure the provider has obtained the proper certifications, such as HIPAA and SSAE 16. This shows a commitment to physical security and supporting security within the site. 

Evaluate any contract with a cloud provider carefully to make sure it meets your business requirements and understand all the hands that will touch the communications data path. Cloud app security isn't just between the organization and provider. Many cloud providers offer a best-effort service for cloud app security, as they do not control the physical infrastructure that powers and cools their equipment, for example.

That control often lies with a colocation provider, which makes it difficult to figure out what caused a security problem and ensure it won't happen again. If your business can handle best-effort service and a little downtime, this is an acceptable risk. If not, your business needs a provider that will make better than best-effort guarantees for cloud UC security. 

Do you have a question for Carrie Higbie Goetz or any other experts? Ask your enterprise-specific questions today! All questions are treated anonymously.

Next Steps

Cloud UC security concerns hold back enterprise adoption

Preparing for cloud app security challenges

How rugged DevOps boosts cloud app security

This was last published in February 2017

Dig Deeper on Developing a UC Strategy

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How do you maintain cloud UC security in your organization?
Cancel

-ADS BY GOOGLE

SearchCRM

SearchNetworking

SearchSDN

SearchTelecom

SearchITChannel

Close