The biggest challenge to unified communications security starts and ends with one word: unified. UC systems combine functions that began life separately, such as voice and video, and present them to users as features of a single, unified application. Each function, however, has unique security needs and presents a separate attack interface. It's challenging to provide unified security for UC, because the requirements of each component application differ significantly.
Three goals for effective unified communications security
Organizations must recognize that security is multifaceted. They may value certain security aspects more than others, but three common facets of security should be considered by any business.
- Content security. Prevent content theft by using encryption options and even VPNs to make your content invisible or undecipherable should anyone intercept your traffic.
- Secure your environment from attack. Beyond credential theft, which is more than just a UC security concern, a likely security threat is denial of service (DoS). Over the years, DoS attacks have gotten more sophisticated and can target specific IP ports related to UC services.
- Protect against service hijacking. Years ago, hackers would use backdoors into company telephone systems and sell codes to allow free calls courtesy of the hacked company. Most UC systems today have a usage-based component that can be abused the same way as old phone systems. If a hacker can crack the code and start selling access to your system's voice-over-IP trunks, your UC costs could skyrocket.
Multifunction vs. specialized unified communications security
In the days before UC, the access router was discussed as an early multifunction security offering. Many vendors started building firewalls, VPNs and other security offerings as part of their integrated services routers. Essentially, UC vendors started to compete with stand-alone security vendors. The question was whether integrated, multifunction devices or specialized security devices, such as stand-alone firewalls, were needed to provide enterprise-class security.
Depending upon how crucial your UC system is to your business, you may want to pose a similar question. Don't forget to consider external security devices that sit at the perimeter of the system and provide an additional layer of security in front of your UC environment.
Dig Deeper on Unified Communications Security
Related Q&A from Kevin Tolly
More efficient management and lower costs are just some of the advantages of centralized SIP trunking. Find out why it's better to place trunking ... Continue Reading
A virtual session border controller can help companies meet increased demands without requiring the installation of costly and dedicated hardware. Continue Reading
What's the best way to accurately measure jitter? There are a variety of tools, but it's important to pick the one that's right for you. Continue Reading