Thursday, August 23, 2018

UCaaS security framework

Cloud UCaaS (Unified Communications as a Service) needs a security framework to make it secure and reliable in the cloud for Meetings, Phone and Chat.

1) Secure data center
UCaaS provider (vendor) needs facilities with strong physical protections, redundant power, and tested disaster recovery procedures.

2) Robust network security
UCaaS vendor must add unique protections designed to prevent attacks on the infrastructure, preventing service disruption, data breaches, fraud, and service high-jacking. Also needs to resolve firewall traversal problems in VoIP systems with network address translation (NAT) support for static IP configuration and “Keep-Alive” SIP signaling.

3) Secure voice
All voice traffic within cloud phone system should be encrypted to prevent eavesdropping on voice calls.  Provide additional security for IP phone calls using SIP over TLS and SRTP encryption.

4) Data encryption
All data should be encrypted in transit and at rest, with audit-able record-keeping and reporting. It includes everything from physical protections at data centers to encrypted storage to comprehensive digital tracking with clear audit trails.

5) Fraud prevention
The service provider should have protections built in to the service layer and should conduct continuous monitoring for dangerous anomalies or other indicators of toll fraud and service abuse.

6) User access controls
To ensure only authorized users access cloud communications accounts and services, the vendor should implement at a minimum strong password policies and ideally two-factor authentication as well as single sign-on (SSO).

7) Account management and administration
Administrators can instantly revoke the remote user’s access to the cloud network—and thereby to customer contacts, CRM info, and other corporate information—and almost no data resides on the device itself.

No comments:

Post a Comment