Securing Unified Communications

Authors

Sorell Slaymaker- Principal Consulting Analyst

Abstract

Unified Communications combines telephony, video, chat, email and presence together into one unified communications system. As the technology has become more complex and more accessible through the public Internet, the security threat has increased. In many ways it’s easier than ever to attack business communications. Companies must be diligent in protecting their Unified Communication services as they are vital to business operations.

Unified Communications (UC) applications can be the hardest to secure within an enterprise. UC clients, APIs, and services need a full security suite to ensure an enterprise stays secure. Too many enterprises attempt to apply standard application security measures to UC applications, which limit what users can do and still leaves enterprises exposed to the complex UC security challenges. Security managers and architects understand standard web applications, but not all the nuances of UC, and UC managers and architects lack sophisticated security knowledge.

Conventional IP security products (such as firewalls and intrusion detection and prevention systems) were not designed with these kinds of real-time communications in mind—leaving organizations vulnerable to security threats.

In this report we’ll describe the basics of UC security, the risks associated with poor UC security and how challenging UC security really is. We’ll then describe how the NIST Cybersecurity Framework can be applied to UC security and how to apply a tiered approach and advanced techniques for securing UC communications. We’ll highlight a few vendors that worth considering in this space and provide summary recommendations.