When Cloud technology first burst onto the scene, there was one major question mark which made business users hesitant to jump straight in – security.
As was true in most technology sectors, the benefits of the Cloud were quickly apparent in telecoms. Flexible, hassle-free deployment, high levels of scalability, increased mobility, reduced costs and speedier access to upgrades and new platforms all made a strong case to adopt cloud communications.
But concerns over security were genuine and enduring. With compliance issues over data protection and privacy high on the agenda of customer-facing operations, many enterprises felt uneasy about passing control of their critical communications infrastructure to a third party.
And how secure was the Cloud, anyway? Being built on the internet was hardly a ringing endorsement, not with the multi-billion dollar cybercrime industry which feeds on the web’s vulnerabilities achieving such a high profile. Surely moving your communications onto the Cloud would just expose you to the risks of hacking, identity theft, DDoS attacks, malware and eavesdropping?
Cloud communications has come a long way since those early days, and one of its most significant areas of technological development has been in devising enterprise-class security protections designed to counter those risks. Nowadays, most analysts agree that a hosted cloud service is just as secure, if not more so, than any private IT and comms network linked to the internet.
As part of our Technology Track series, we thought we’d take a closer look at how far /unified-communications/ucaas has come, and what technologies keep cloud communications secure these days.
Session Border Control
One of the main security challenges cloud communications vendors had to overcome was the fact that the standard buffers used to protect a networked system – firewalls – were not designed for communications data. This meant if you wanted to use a cloud-based UC solution for external communications, for example a hosted PBX, you had a problem – it would create vulnerabilities in your entire network.
This goes back to something fundamental about the way the internet was designed. The internet works by breaking data down into manageable packets at source and then reconfiguring them in their original form at destination. There is always a slight delay in this process, barely perceptible with a good CPU, but a delay nonetheless.
For the data the internet was designed to carry – text, images – this slight delay does not matter. But for real-time voice and video communication, it becomes noticeable. It affects the quality of audio and picture definition, and if it builds up can cause buffering.
The answer came in the form of Session Initiation Protocol (SIP), which sits on top of standard IP and allows real-time communication to happen fluidly and with no loss in quality. However, the arrival of SIP created a security problem. Standard firewalls are not designed to work with it.
So in a modern, integrated UCaaS system, where you run your business comms through your main IP network and connect to external telephone lines via a SIP trunk, a standard firewall would not keep your system safe. In fact, as UCaaS systems usually use multiple ports to share multiple types of communication via multiple types of network connection, you actually create numerous holes in your network security.
The answer is Session Border Control. Designed to work with SIP, a Session Border Controller (SBC) manages the flow of all types of communication on an IP network, and therefore everything on a UCaaS solution. It effectively acts as a SIP firewall, controlling what comes in and out of your network, and therefore resolving many of the early security issues surrounding cloud communications.
SBCs should be added at every individual site within a network to provide comprehensive security.
Multi-tenancy and Encryption
Another characteristic of cloud solutions which has made business owners uneasy is multi-tenancy. Multi-tenancy refers to the fact that, instead of running an IT network or comms system through your own in-house data centre or hardware, you hire space on a shared server managed by a third party.
This raises a few questions. How separate is my section of the server from other users? Is it secure? Are they able to see what I do, get access to my data, eavesdrop on my conversations?
All Cloud service providers should use hypervisor technology, which divides physical server space up into isolated virtual packets. These operate as if they were physically separate from one another, so the there is no crossover from one to another.
However, for absolute peace of mind on security, ask for your cloud service provider’s policy on ‘end-to-end encryption’. This basically means that your communications data is always encrypted no matter what point of the journey it is on, whether it is in the data centre, in transit, or being processed in the end user’s devices. End-to-end encryption doesn’t just stop people accessing your data or eavesdropping on conversations as they pass through your provider’s data centre, it offers protection at all points in the system.
Combating Malware
Computer viruses can be transmitted through any internet-based connection, through SIP-based communications traffic as well as through standard IP. An SBC will do a good job identifying and blocking potential threats from entering your UCaaS network on the premises they are installed in.
But what about mobile? What about remote workers? One of the big benefits of cloud communications is that it increases mobility, allowing anyone to connect to a UCaaS network from anywhere, as long as they have an internet connection. But that extends the borders of your network way out beyond your premises, and way out beyond the jurisdiction of your SBC.
Another issue is BYOD. The Cloud makes it easy for staff to use their own devices to work on the company network in the office as well as at home. But what if their device is carrying a virus? Bringing it into the workplace and plugging it in instantly makes any firewall or SBC redundant.
The only answers for mobile working and BYOD are vigilance, training and a robust policy on keeping anti-virus protections up to date and fit for purpose. If you want the company culture to move towards flexibility and mobility, it also has to become security first in outlook.
This article is part of the July Series of the Technology Track on Cloud Communications, follow the link to see all published and planned articles.
