Fotolia
What are the challenges of unified communications security?
Unified communications security can be disjointed, as different apps are open to different attacks. A strong UC security roadmap should address three areas.
The biggest challenge to unified communications security starts and ends with one word: unified. UC systems combine functions that began life separately, such as voice and video, and present them to users as features of a single, unified application. Each function, however, has unique security needs and presents a separate attack interface. It's challenging to provide unified security for UC, because the requirements of each component application differ significantly.
Three goals for effective unified communications security
Organizations must recognize that security is multifaceted. They may value certain security aspects more than others, but three common facets of security should be considered by any business.
- Content security. Prevent content theft by using encryption options and even VPNs to make your content invisible or undecipherable should anyone intercept your traffic.
- Secure your environment from attack. Beyond credential theft, which is more than just a UC security concern, a likely security threat is denial of service (DoS). Over the years, DoS attacks have gotten more sophisticated and can target specific IP ports related to UC services.
- Protect against service hijacking. Years ago, hackers would use backdoors into company telephone systems and sell codes to allow free calls courtesy of the hacked company. Most UC systems today have a usage-based component that can be abused the same way as old phone systems. If a hacker can crack the code and start selling access to your system's voice-over-IP trunks, your UC costs could skyrocket.
Multifunction vs. specialized unified communications security
In the days before UC, the access router was discussed as an early multifunction security offering. Many vendors started building firewalls, VPNs and other security offerings as part of their integrated services routers. Essentially, UC vendors started to compete with stand-alone security vendors. The question was whether integrated, multifunction devices or specialized security devices, such as stand-alone firewalls, were needed to provide enterprise-class security.
Depending upon how crucial your UC system is to your business, you may want to pose a similar question. Don't forget to consider external security devices that sit at the perimeter of the system and provide an additional layer of security in front of your UC environment.