Overcoming Security Concerns about UC-as-a-Service


In the previous post, we discussed the key factors to consider when choosing a Unified Communications-as-a-Service (UCaaS) solution and vendor. While organizations are recognizing that UCaaS offers flexibility, infrastructure costs savings, management simplicity, and access to advanced functionality, the inherent complexity of these solutions necessitates significant research and evaluation. Security and compliance have traditionally been at the top of the list of concerns when implementing any cloud-based solution.

When it comes to UCaaS, most security concerns involve multi-tenancy and encryption. In a multi-tenant environment, an organization’s users share a virtual instance of an application that delivers UC services via the Internet. Could one customer’s data be accessed by another UCaaS vendor’s customer, or any other third party in this environment? If a data breach occurs, will encryption prevent the accessed data from being compromised?

These are perfectly legitimate questions that a reputable UCaaS vendor should be able to answer. Find out how the vendor segments and isolates hypervisors and databases. Ask about the vendor’s authentication technology and processes for both vendor employees and customers. Strong, end-to-end encryption should be applied, beginning at the core, to both data in motion and data at rest.

A session border controller (SBC) can provide perimeter protection by distinguishing legitimate data packets from malformed or malicious packets. An SBC can also thwart denial-of-service attacks that target ports used by UC applications. Ideally, your UCaaS vendor will use a dual-SBC strategy that includes both a customer-facing SBC and a carrier-facing SBC. This structure adds a layer of security and provides a backup should one SBC fail.

UCaaS providers must adhere to the same compliance requirements as your organization. Find out how much experience the vendor has in dealing with compliance audits for your industry, and how frequently they perform their own internal security assessments. Ask if you’ll have the opportunity to review data from these audits and assessments.

Will you as a customer have the ability to change user access credentials for UCaaS applications or lock out a user from a mobile device? The ability of a provider to grant this permission to your in-house IT team is important as employee responsibilities change or users leave your company. Any delay can prevent employees from doing their jobs or allow a disgruntled former employee to steal or delete company data.

Although security is a common concern, UCaaS from a reputable vendor is often more secure than an on-premises solution. Providers have enterprise-grade technology and more security and compliance experience than most organizations. Many are subject to audits by regulators and must meet a variety of certification requirements related to security and compliance. Because the vendor’s backbone infrastructure is shared by so many customers, it is extremely difficult for a cybercriminal to target a single organization or user.

ShoreTel Connect CLOUD is managed by a team of engineers and operations professionals who constantly monitor user access, threat information, new compliance requirements, and disaster recovery protocols. ShoreTel Connect provides significant redundancy and call rerouting to prevent service disruption or downtime, and customer configuration data is backed up to a remote site each day.

As a member of ShoreTel’s Champion Partner Circle of Excellence, IPC can optimize the security of your UCaaS environment by properly deploying, configuring and managing the ShoreTel Connect system. Let us show you how ShoreTel delivers on the promise of UCaaS without sacrificing an ounce of security.