The biggest challenge to unified communications security starts and ends with one word: unified. UC systems combine functions that began life separately, such as voice and video, and present them to users as features of a single, unified application. Each function, however, has unique security needs and presents a separate attack interface. It's challenging to provide unified security for UC, because the requirements of each component application differ significantly.
Three goals for effective unified communications security
Organizations must recognize that security is multifaceted. They may value certain security aspects more than others, but three common facets of security should be considered by any business.
- Content security. Prevent content theft by using encryption options and even VPNs to make your content invisible or undecipherable should anyone intercept your traffic.
- Secure your environment from attack. Beyond credential theft, which is more than just a UC security concern, a likely security threat is denial of service (DoS). Over the years, DoS attacks have gotten more sophisticated and can target specific IP ports related to UC services.
- Protect against service hijacking. Years ago, hackers would use backdoors into company telephone systems and sell codes to allow free calls courtesy of the hacked company. Most UC systems today have a usage-based component that can be abused the same way as old phone systems. If a hacker can crack the code and start selling access to your system's voice-over-IP trunks, your UC costs could skyrocket.
Multifunction vs. specialized unified communications security
In the days before UC, the access router was discussed as an early multifunction security offering. Many vendors started building firewalls, VPNs and other security offerings as part of their integrated services routers. Essentially, UC vendors started to compete with stand-alone security vendors. The question was whether integrated, multifunction devices or specialized security devices, such as stand-alone firewalls, were needed to provide enterprise-class security.
Depending upon how crucial your UC system is to your business, you may want to pose a similar question. Don't forget to consider external security devices that sit at the perimeter of the system and provide an additional layer of security in front of your UC environment.
Dig Deeper on Unified Communications Security
Related Q&A from Kevin Tolly
Many elements can put your UC network at risk, from unsecured information to DoS attacks. Learn five ways to thwart would-be attacks and protect your... Continue Reading
Porting business phone numbers to your UCaaS provider may be more complicated than you realize. Learn three ways you can prepare your organization ... Continue Reading
The rise of private cloud is changing how some vendors approach UC services. Find out the benefits of UCaaS and which vendors offer UCaaS in a ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.