IT professionals today already know the benefits of the cloud and the security concerns many business leaders share.
In practice, assuring the security of an integrated voice and data network like cloud-based unified communications as a service (UCaaS) takes a robust, hardened infrastructure housing the core technology. These physical protections need to be combined with deep expertise in not only IP telephony and UC but also numerous security disciplines, including regulatory compliance and cybersecurity.
This can be done by controlling a global network, which includes implementing a comprehensive security framework that assures not only the safety of customers’ critical data and voice communications but also adheres to strict government and industry privacy compliance regulations.
Here is a comprehensive approach to cloud security which are the seven key questions to ask when considering a cloud UCaaS provider:
1) What Level Of Security Does Your Data Center Have?
All technology infrastructure should be housed in facilities with strong physical protections, redundant power, and tested disaster recovery (DR) procedures. Without this type of comprehensive and certified security in place, your organization would risk the loss of valuable competitive information or the significant consequences of non-compliance with state, federal, and industry privacy regulations.
The highest levels of security and reliability should be backed by independent certifications. The cloud service provider you choose should be able to show you evidence of verification and frequent validation by independent auditors. Security includes encrypted data transfer, comprehensive digital tracking with clear audit trails, and secure file storage.
2) What Level Of Security Does Your Voice Have?
Eavesdropping on phone calls offers a lucrative target for hackers as it can compromise everything – from competitive business information, protected patient, or personal financial data.
But with IP telephony—whether cloud VoIP or an on-premise IP-PBX system—calls travel as data packets over the internet, making them susceptible to all the attacks that occur on public networks.
For modern businesses, the preferred option is that all voice traffic within your corporate phone system should be encrypted to prevent eavesdropping on voice calls. Your provider can address these vulnerabilities by safeguarding voice communications with secure voice technology that prevents eavesdropping on calls or tampering with audio streams between all endpoints.
3) How Do You Handle Data Encryption?
To ensure your business maintains the safety of confidential information, all data — including competitive proposals, private patient information, or smartphone screenshots — should be encrypted in transit and at rest. Numerous state, federal, and industry regulations regarding customer/patient privacy mandate encryption of data and auditable record-keeping and reporting. The mandates cover everything from physical protection at data centers to encrypted storage to comprehensive digital tracking with clear audit trails. Your UCaaS provider should be able to walk you through the mandates applicable to your industry and demonstrate to your IT leaders the level encryptions provided with their service.
4) How Do You Manage User Access Controls?
To ensure only authorized users have access to cloud communications accounts and services, the vendor should implement, at a minimum, a strong password policy; ideally, two-factor authentication and single sign-on to avoid log in fatigue. While single sign-on is convenient for users, it presents new security challenges. For example, if a user’s primary password is compromised, attackers may be able to gain access to across multiple resources.
Admins should also define policies to enforce unique controls for each individual single sign-on application. This entails checking the user, device, and network against an application’s policy before allowing access to the application.
Other user controls your VoIP or UCaaS provider can walk you through are the front-end settings that you control to manage your internal policies and end users. These settings include: adding/removing extensions, setting user permission levels, managing extension PINs, enabling/disabling international calling, allowing specific international call destinations, and blocking inbound caller IDs.
5) How Will I Be Protected From Fraud?
Toll fraud, healthcare fraud, and credentials theft represent significant financial and legal risks for businesses. Your service provider should have protections built into the service layer and should conduct continuous monitoring for dangerous anomalies or other indicators of fraud. The provider should also offer guidance on best practices to eliminate the human factor in lowering fraud risk.
6) How Much Control Over Account Management Does My Administration Team Have?
Whether it concerns control over sales staff, a key finance employee, or virtual contact center employees, enterprise-grade security for your business requires methods to prevent insider threats or data loss, which include enabling administrators to revoke the user rights of former employees.
Some cloud services include front-end settings that customers control to manage their policies and end users. These settings include: adding/removing extensions, setting user permission levels, managing extension PINs, enabling/disabling international calling, allowing specific international call destinations, and blocking inbound caller IDs.
Your UCaaS provider should also give your administrators robust control of mobile apps. Administrators can instantly revoke the remote user’s access to the cloud network—and thereby to customer contacts, CRM info, and other corporate information—and almost no data resides on the device itself.
7) How Robust Is Your Network Security?
In addition to all the defenses that organizations typically put in place at the network perimeter to safeguard data, the UCaaS vendor must now add unique protections designed to prevent attacks on the voice infrastructure.
The defenses from your provider should continuously monitor systems for anomalies, help to prevent service disruption, data breaches, fraud, and service high-jacking. In addition, intrusion prevention technologies protect against malformed packets and fuzzing techniques, which can be used to confuse or overwhelm border controllers resulting in service disruption, system restart interruption, and endpoint resets.
To learn more about the impact of securing your modern communications system – UCaaS, contact our team of advisors. We’ll match your business with the best Unified Communications solution for your current and future needs.