nobeastsofierce - Fotolia
How should organizations evaluate UC cloud app security providers?
Security is a priority when moving communications to the cloud. Organizations must do their due diligence when evaluating cloud providers' UC security expertise.
Cloud app security may seem like an oxymoron, but security in the cloud is actually quite mature. While initial cloud offerings had some issues, these have largely been sorted over the years, and players that were "not ready for prime time" have been weeded out.
In fact, cloud has become the great equalizer for smaller businesses to be able to take advantage of mature and secure apps they may not have the resources to support in-house. Businesses can rely on the expertise of cloud providers and piggyback on their security knowledge without having to hire security internally. Hiring security staff in-house can be a risk, because they may not have proven expertise and will only be as good as the services and systems they know.
Cloud-based unified communications (UC) is no exception for the need of an experienced security provider. Some forms of communication will be more sensitive than others, but as a whole, it's best to treat all communications as sensitive material that needs to be secure.
Businesses have homework to do to ensure a provider will meet their cloud app security needs. Make sure the provider has been in business for a while and can verify success with other companies like yours. You wouldn't want to be a provider's first healthcare customer and hope it understands the Health Insurance Portability and Accountability Act, for example. In your request-for-proposal document, ask for references for long-term customers. Definitely call the references, and be sure to ask about any cloud app security breaches.
Make sure the provider has obtained the proper certifications, such as HIPAA and SSAE 16. This shows a commitment to physical security and supporting security within the site.
Evaluate any contract with a cloud provider carefully to make sure it meets your business requirements and understand all the hands that will touch the communications data path. Cloud app security isn't just between the organization and provider. Many cloud providers offer a best-effort service for cloud app security, as they do not control the physical infrastructure that powers and cools their equipment, for example.
That control often lies with a colocation provider, which makes it difficult to figure out what caused a security problem and ensure it won't happen again. If your business can handle best-effort service and a little downtime, this is an acceptable risk. If not, your business needs a provider that will make better than best-effort guarantees for cloud UC security.
Do you have a question for Carrie Higbie Goetz or any other experts? Ask your enterprise-specific questions today! All questions are treated anonymously.