1. What are the security advantages of UCaaS platforms?
Samuel Tourbot, Head of Cloud Business Engine at Alcatel-Lucent Enterprise: “It mostly depends on the deployment model, but the advantages are manyfold.
“If you’re looking to go with a public approach, you’ll be hosted on a shared cloud instance, which means the security measures in place have to be top-notch as a lot of different organisations are using one instance.
“It’s also about sharing the load, meaning that high-tier security measures become cheaper that way. If you’re aiming at a private deployment, then security mostly depends on you, although private deployments are usually the most secure of all, as the data is stored either in a private cloud or on-premises. This allows for flexibility in deciding on which security measures you’d like to put in place and how much effort you’re willing to spend on them.”
Sanjay Macwan, CIO & CISO for Vonage: “UCaaS platforms are built on cloud-native modern infrastructure and deliver communication services to business customers where customers are relieved from the complexity of managing on-prem solutions including security challenges of on-prem solutions.
“As a cloud-native architecture, key security measures such as zero-trust micro-segmentation architecture, secure software development life cycle (SDLC), modern identity and access management controls, encryption of data at rest and in transit as applicable etc. are embedded in UCaaS platforms and offer business customers key security advantages.
“Additionally, by delivering the UC experience from the cloud, UCaaS providers can effectively force conversion en-masse across the entire user community anytime a security threat arises, and new software has been made available.”
Roman Tobe, Director of Product Marketing at RingCentral:
“There are many security benefits to using a UCaaS provider, with the most obvious being an IT department’s risk surface is minimized as a result of using a unified vendor for all of their communications needs.
“This eliminates the need for multiple applications, whether they are sanctioned or unsanctioned operating as shadow IT, operating under one organization but with their data in multiple locations and tenants. The next would be the cloud-based nature of UCaaS.
“It’s more secure, easier to address vulnerabilities that arise and easier to implement the latest security technologies and push that out quickly is a major benefit to UCaaS platforms vs. legacy systems.
“Also, from our perspective, having an open dialogue on these issues is a major advantage for our customers. We’re customer obsessed, and when we hear of security and privacy requests from our customers, we prioritize those and make good on those initiatives.”
2. What are the latest UCaaS security strategies?
Samuel Tourbot, Head of Cloud Business Engine at Alcatel-Lucent Enterprise: “There are many trends when it comes to security so we should focus on the ones making the most sense and having the most realistic chance of long-term viability.
“Apart from AI and IoT playing a huge impact on UCaaS in general, providing both new security measures and potential security breaches, biometrics is gaining validity by the day.
“Multi-factor authentication is currently the most reliable way of protecting your data and combined with biometrical data locks, might just be enough to make sure your data is untampered with and untouchable.
“At least for the time being. As AI becomes smarter and more versatile, I can see it taking a more leading role in securing one’s data by adapting to user behaviour, personal routines or even the personality of your staff.”
Sanjay Macwan, CIO & CISO for Vonage: “In a globally connected world, now more than ever, businesses need to ensure their UCaaS solutions are able to support communications and collaboration needs of their remote and hybrid global workforce and deliver world-class employee experience while providing the highest levels of security and privacy posture.
“Modern UCaaS solutions embed security, privacy, trust, and compliance by design and not as an afterthought. Security constructs are embedded in the entire software development lifecycle and in the underlying cloud-native infrastructures which, in conjunction with privacy-centred operational policies, offer the best security and privacy posture for customers.
“As the UCaaS platform and its provider deliver consistent security and privacy posture, it earns the trust of its users. And thus, the best security, privacy, and trust elements lead to strong compliance with all global and industry-specific compliance needs such as GDPR, HIPAA, PCI, SOC2 Type 1 and Type 2 etc.”
Roman Tobe, Director of Product Marketing at RingCentral: “First, end-to-end encryption (E2EE) is a powerful security and privacy control, as it prevents any unauthorized third party–including the UCaaS solution–from accessing communication data.
“Introducing E2EE into UCaaS deployments not only allows for the most confidential and private conversations possible but also serves as an important security measure, protecting organizations from risk exposure should host UCaaS solution suffer data breaches.
“Second, mobile application management makes it easy for IT to monitor and enforce security policies across company-owned and bring-your-own-device (BYOD) environments. Today’s work environment is more mobile than ever, which means UCaaS solutions must meet the needs of an increasingly hybrid and remote workforce.
“Lastly, compliant archiving and content supervision is a critical component in today’s UCaaS environment for regulated industries. These integrations are key to automatically detecting conduct risks and sensitive data exposure.”
3. What are the key security considerations to look for in a UCaaS vendor?
Samuel Tourbot, Head of Cloud Business Engine at Alcatel-Lucent Enterprise: “There are always three main layers to consider and inspect for potential discrepancies or faults.
“The first layer is the infrastructure of a UCaaS provider. You must make sure that the servers your future communications platform will be run on are meticulously groomed and fully secure. You’ll also want to make sure the servers are truly sovereign, so no outside laws can impact your data.
“The second layer is about the architecture or the platform itself. Is the solution vendor a trusted provider? Is the platform developed with security embedded into its every fibre? Are the latest encryption mechanisms being leveraged and the latest security measures being deployed? Is the provider compliant with all protocols and regulations? Can the vendor display relevant certifications? On top of that, the vendor should also be fully sovereign.
“The last layer is the actual deployment. Make sure that, if you’re not getting the solution directly from the source, meaning there is a third party in between, such as a business partner or re-seller, they are regulatory compliant, also sovereign, and the data is handled in the proper way.”
Sanjay Macwan, CIO & CISO for Vonage: “Customers should look for the following key security considerations in a UCaaS vendor.
“First, security and privacy by design should include secure architectural principles of zero trust and micro-segmentation, robust identity and access management, secure software development lifecycle, and strong data protection mechanisms such as encryption at rest and in transit and comprehensive data regionalization strategies.
“Second, robust security testing, monitoring, and incident response processes.
“Third, independent and ongoing third-party monitoring of attack surface and security posture of the UCaaS Platform.
“Lastly, customers should ensure the encryption of all customer messages, video meeting chats and recordings.”
Roman Tobe, Director of Product Marketing at RingCentral: “A UCaaS vendor’s security infrastructure is an extension of your business environment, with both financial and brand implications on the line. A UCaaS vendor must be ready to demonstrate their strong commitment to security and provide details across several areas.
“First, information security protection: from the business infrastructure to the design and processes used for the UCaaS platform itself, a UCaaS vendor must apply airtight security best practices that are always on to provide the peace of mind that customer data is safe from compromise.
“Second, data privacy and compliance management: a UCaaS vendor should employ an exhaustive system to prevent the inadvertent or intentional compromise of protected data, and they should be transparent about how data is collected and used. This is imperative to establish trust in a vendor’s data practices and to validate they’re respecting your company’s data privacy.
“Lastly, security and administrative policy controls: from waiting rooms to meeting passwords, UCaaS platforms should include comprehensive security capabilities to protect the platform and user experience.
“Administrative options, such as requiring authentication for meeting attendees, controls on who can enable screen sharing, and requiring waiting rooms to authorize attendees to join safeguard an organization from data loss and bad actors.”
4. Which aspects of UCaaS security will be the biggest focal points of 2023?
Samuel Tourbot, Head of Cloud Business Engine at Alcatel-Lucent Enterprise: “What will mostly drive UCaaS security in 2023 and moving forward will most probably be biometrics and AI.
“Biometrics because it’s the most unique data tied to a single individual one can produce and leverage to guarantee data integrity and protection, while AI takes care of making the processes run smoother, identify potential identity theft or compromises and automating processes in a meaningful way.”
Sanjay Macwan, CIO & CISO for Vonage:
“UCaaS will continue and even accelerate powering the digital workflows for many global customers across all industries in 2023 and beyond and deliver richer communications and collaborations for employees and customers alike.
“Additionally, trust in UCaaS platforms earned through strong security, privacy, and compliance posture will be key expectations of customers globally and key business differentiators for the UCaaS Platform providers. Customers will also expect easy, secure, and scalable integrations of UCaaS solutions in their various digital workflows.
“Lastly, moving into 2023 customers will expect data analytics to understand how their UCaaS-powered workflows are serving the needs of their employees and customers and help them develop newer strategies to meet ever-evolving expectations.”
Roman Tobe, Director of Product Marketing at RingCentral: “Employing a zero-trust approach to security will continue to be the prevailing focal point for UCaaS security in 2023.
“Not only for internal controls for the solution providers but also extending that zero-trust for customers and allowing them to decide how much data and access they should extend to their UCaaS vendor of choice. This is especially true with E2EE technology that prevents any unauthorized third party, including the UCaaS solution, from accessing communication data.
“Only an organization’s IT administrators have access to the encryption keys, and the hosting provider simply distributes the encrypted keys to the endpoint devices. This is, in a sense, a zero-trust model that the customer can choose to have with their solution of choice when turning E2EE on for their organization.”
