The biggest challenge to unified communications security starts and ends with one word: unified. UC systems combine functions that began life separately, such as voice and video, and present them to users as features of a single, unified application. Each function, however, has unique security needs and presents a separate attack interface. It's challenging to provide unified security for UC, because the requirements of each component application differ significantly.
Three goals for effective unified communications security
Organizations must recognize that security is multifaceted. They may value certain security aspects more than others, but three common facets of security should be considered by any business.
- Content security. Prevent content theft by using encryption options and even VPNs to make your content invisible or undecipherable should anyone intercept your traffic.
- Secure your environment from attack. Beyond credential theft, which is more than just a UC security concern, a likely security threat is denial of service (DoS). Over the years, DoS attacks have gotten more sophisticated and can target specific IP ports related to UC services.
- Protect against service hijacking. Years ago, hackers would use backdoors into company telephone systems and sell codes to allow free calls courtesy of the hacked company. Most UC systems today have a usage-based component that can be abused the same way as old phone systems. If a hacker can crack the code and start selling access to your system's voice-over-IP trunks, your UC costs could skyrocket.
Multifunction vs. specialized unified communications security
In the days before UC, the access router was discussed as an early multifunction security offering. Many vendors started building firewalls, VPNs and other security offerings as part of their integrated services routers. Essentially, UC vendors started to compete with stand-alone security vendors. The question was whether integrated, multifunction devices or specialized security devices, such as stand-alone firewalls, were needed to provide enterprise-class security.
Depending upon how crucial your UC system is to your business, you may want to pose a similar question. Don't forget to consider external security devices that sit at the perimeter of the system and provide an additional layer of security in front of your UC environment.
Dig Deeper on Unified Communications Security
Related Q&A from Kevin Tolly
5G VoIP will have some noticeable benefits over its earlier 4G iteration. Learn how 5G rollouts could improve the VoIP experience with high capacity ... Continue Reading
Organizations have much to consider when evaluating Cisco vs. HPE Aruba switches, such as device architecture, Opex, Capex and analytics capabilities. Continue Reading
UC analytics can be the first warning that your UC system's security has been breached. Comparing statistics month to month can help identify ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.