As more businesses move toward unified communications in the cloud, securing sensitive information becomes a primary concern. Several security threats exist including call fraud, phreaking, malware, and denial of service attacks to name a few. Though the cloud communication service provider offers security protection as part of its services, enterprises must also take measures to ensure data and information are secure.
SECURITY MEASURES PROVIDED BY THE CLOUD
Often, your cloud communications provider will offer security measures such as data encryption authentication protocols to help secure your voice communication in the cloud. A virtual private network (VPN) is often used to achieve this encryption. A VPN also helps protect the authentication process as the username and password may not be sufficiently encrypted or disguised before moving across the one Internet.
ADDITIONAL MEASURES TO ENSURE CLOUD SECURITY
Cloud protection is not network protection
A common misconception is that cloud-based service providers offer complete security measures for cloud communications. While this may be true for the applications residing in the cloud, it does not apply to your network, call flows, media, or endpoints not in the cloud. When deploying cloud communications, enterprises must determine what is secured by the service provider and what must be secured on the business end.
Real-time security for your network
Most companies deploy firewalls to protect their data; however, this is not in real time. IP-based Session Initiation Protocol (SIP), which is used on VoIP based communication, operates in real-time passing both voice and video between the cloud and the network. Not implementing security measures to handle your unsecured SIP communications increases the risk of real-time VoIP based attacks, such as Denial of Service (DoS) and eavesdropping. While your firewall will protect data flow, it is not adequate to protect VoIP communication because you may have to turn off firewall features to get your voice and video communications to work; thus, opening your network up to potential attacks.
Adding a session border controller (SBC) to the servers that come in contact with the cloud will significantly increase your cloud communication security on the network element end. The SBC is a SIP firewall that protects and encrypts real-time communication by:
Protecting Denial of Service Attacks
DoS attacks overwhelm the network with malicious traffic in an attempt to look for weakness in the VoIP system. An SBC will protect your network by separating VoIP traffic from malicious activity and protecting it from any degradation in quality that frequently occurs during a DOS attack.
SBCs use secure real-time encryption, making communication invisible to hackers.
IP traffic management
An SBC can mitigate voice traffic on a network; thus, limiting the number of allowable sessions that can take place at the same time. This is similar to DoS protection, and it helps ensure Quality of Service.
Toll fraud protection
Many hackers only break into a VoIP system just to make person toll calls, but an SBC can deny secondary dial tones and prevent this type of attack.
ACHIEVING SECURITY WITH CLOUD COMMUNICATIONS
When using a cloud communications service provider, you should develop a security plan and determine your responsibilities versus the cloud communication provider’s responsibilities. A joint security plan will ensure you cover all your bases. Also, don’t forget to use and update your virus protection and malware software locally as well as updating your softphones and other endpoints. Finally, adding SBCs at all sites that connect to the cloud will not only protect the SIP call flow but ensures high-quality voice and video is delivered.
It is important to understand that a secure transmission is not the only factor in IP-based communications. While your cloud communications partner can offer secure transmissions, you must also protect your endpoints and network to achieve complete security.