Unified communications platforms are becoming more open, as vendors integrate their communications capabilities with other software applications. But organizations should heed potential pitfalls of open UC platforms as they enter uncharted security waters.
Companies can integrate communications with business applications -- such as Salesforce, Box and Zendesk -- by using communications platform as a service (CPaaS) or APIs. UC vendors make these tools available through their developer platforms. The finished, integrated apps are available in UC vendor app stores, such as RingCentral App Gallery, Cisco Webex App Hub and the Microsoft Teams app store.
"CPaaS is calling attention to the fact that communication is part of the workflow," said Frost & Sullivan analyst Michael Brandenburg. "Even Cisco and Microsoft have to admit UC and collaboration is not an island anymore."
Brandenburg said the cloud has become an equalizer in which organizations can build integrations through APIs and partnerships. Companies no longer have to stitch together integrations on their own. Even integrations or new capabilities that would normally take UC vendors several years to develop and add to a platform can now be done almost instantly through APIs.
However, most organizations are not taking advantage of APIs just yet. According to Nemertes Research, 13% of organizations are using APIs to embed communications capabilities into their business apps. Another 19% are evaluating APIs, and 25% are planning to use them by the end of 2019.
Potential risks of open UC platforms
Michael Brandenburganalyst at Frost & Sullivan
While APIs and open UC platforms can streamline communications, questions arise over their security and privacy controls. As an example, the recent Facebook and Cambridge Analytica scandal underscored the responsible -- or irresponsible -- use of APIs. Facebook's API was used to harvest data on millions of Facebook users. Reportedly, the user data was improperly shared with Cambridge Analytica.
In a way, organizations face similar risks when they use CPaaS or APIs to connect their UC platforms to business applications, because the path connecting the two sides lacks clear visibility, said Irwin Lazar, analyst at Nemertes Research in Mokena, Ill. The API could have a vulnerability, and organizations may not know it. They must rely on the API vendor to find and notify organizations of security issues.
However, Brandenburg said user information is not likely at risk with API UC integrations. Part of the Cambridge Analytica scandal was Facebook was lax with who was accessing its APIs. But APIs that connect UC platforms and business apps are not public in the same way as Facebook's APIs.
"There's a difference between open and throwing the barn door wide open," he said.
Yet, organizations can take certain steps to protect data shared by APIs. And an integration can be quickly revoked if an API vulnerability is discovered, Brandenburg said.
"The second you open one app to another, the security team should be involved," he said.
In addition, Lazar said, organizations should pay attention to patch management as API and CPaaS vendors patch flaws within their offerings. However, he added, security monitoring tools cannot yet track app integrations and detect potential anomalies, such as an overactive API that's part of a distributed denial-of-service attack.
The unified communications benefits of integrating with business apps
Despite some security concerns, open UC platforms offer two major benefits: contextual communication and enhanced workflows.
Contextual communication is especially helpful in certain departments -- such as sales, customer support and HR -- so workers don't need to leave the app they're in to make calls. Employees can communicate in the context of their business app.
The benefit of improving workflows depends on an organization's digital transformation strategy, Lazar said. Some organizations embed communications into a business app to simplify the user environment, while others use APIs or CPaaS to create customized communication workflows.
Open UC platforms can also provide interoperability between services. For example, Cisco has demonstrated the ability to connect Webex Teams to Microsoft Dynamics 365 using Microsoft Flow.
Lazar said Microsoft and Cisco share customers who have been frustrated with trying to get the competing UC platforms to work together. Customers and partners can use APIs to get Microsoft services, such as Teams or Skype for Business, to federate with Webex Teams or Cisco phones.
"Anytime those APIs are available, people will take advantage of them," he said.