Editor's Note: This podcast originally appeared on the Aragon Research website.
Jim Lundy: Hi, this is Jim Lundy, Founder, CEO and Lead Analyst at Aragon Research. Today we are talking about a critical item that is often overlooked in Communications and Collaboration I’m talking about Security in UCC. Joining me is Eric Hanson, Head of Global Marketing at Fuze and the CIO of Fuze, Chris Conry. Eric and Chris, great to have you join us today.
Eric: Great to be here, Jim.
Chris: Yes, glad to be here with you, Jim.
Jim: So Fuze has been in the Communications and Collaboration market for a long time and you have some very large customers. Eric, can you provide a quick overview of Fuze, so the audience knows who you are?
Eric: Sure Jim. Fuze is all about communication and collaboration. We were originally known as Thinking Phones. We acquired a video conferencing and collaboration company called Fuze in 2015. We then assumed their brand. In 2016 we delivered the first unified app and platform experience uniting cloud telephony, meetings, and team collaboration and have been recognized as a leader in UCaaS and UCC. We are a global company that services medium to large enterprises that tend to have an eclectic mix of legacy infrastructure in place, which they have accumulated over decades, globally. We partner with them to deliver and enable a more modern cloud platform which gives them greater flexibility and business agility. All things that are pretty relevant right now around the world.
Jim: Let's dive into our topic for today of Security. There has been a lot of press lately about risks and vulnerabilities of various tools out there. How does Fuze approach this topic of security?
Eric: Thanks Jim. you are right we do serve some large organizations - our largest has more than 30K users across 62 countries. They count us for high quality and stringent security. We started in the enterprise so thinking about security and global scalability is in our DNA. We believe that security is a team sport which requires much more than just a list of certifications. It means you have to have a level of transparency, honesty and accountability to earn and maintain trust. Given that the pandemic that has hit all of us, we are now seeing both IT and business users starting to look more closely at the issue of security and reevaluate whatever bandaid they may have put in place to get through the first phase of the crisis.
Jim: Chris what are you hearing from your customers regarding Security?
Chris: Yes, security and data privacy is of the utmost concern to our customers.
Our security team is regularly fielding inquiries from them on our operational readiness and security posture…not just at the time of purchase, but throughout the life of the customer relationship. What they’re telling us is that we have passed their reviews, often very rigorous security requirements, and they are pleased with our transparency.
Jim: Ok so what are some of the things you see them asking about.
Chris: Well, as you know, communications security is multi-faceted. There are a number of topics that come up.
Jim: Well I’m sure that encryption is one of them – what is Fuze doing there?
Eric: Jim, yes we encrypt our call, meetings and message data at rest and in transit. Control over data from a security perspective is one of the huge benefits of owning your own IP in a unified platform that includes audio, video, and chat.
Jim: Ok Chris, what else comes up?
Jim: Chris, that is great. Eric, a question for you. Do you think that enterprises have paid close enough attention to security?
Eric: Often security is assumed – but as you pointed out many buyers don’t look at security up front and they assume every vendor has strong security. We see this as being a huge issue especially with vendors that started with a consumer or smb product and offer a free solution that may over rely on virality or integrations with other consumer apps for authentication. But overall, one of the reasons we are winning new clients is the fact that we work closely with buyers to understand their most important requirements and then test each of their use cases in their environment, across primary locations, through our implementation team. This really helps them build confidence with the Fuze team in addition to getting comfortable with the platform, before moving forward with a purchase - this includes addressing any questions or requirements specific to security.
Jim: Ok got it. So how does Fuze help here? How do you educate buyers on security and how do you approach it with a customer?
Eric: I will defer to Chris but first let me just say that we believe in transparency and provide access to all sorts of documentation that help educate our buyers.
Chris: Jim, as a member of the Cloud Security Alliance, we publish our responses to over 300 security-related questions for anyone who wishes to understand our system. We also took the additional step to have an independent 3rd party validate and certify that questionnaire. Similarly, we’re happy to share 3rd party attestations of our compliance with SOC1, SOC2, HIPAA and HiTRUST, as well as our certification to ISO 27001. Upon request, we’ll provide evidence of the 3rd party penetrations tests that are regularly performed on our platform. We are keen to earn and maintain our customers’ trust and these materials help validate our total approach to security with buyers and customers.
Jim: Ok great. Chris, what about privacy? How do you deal with privacy since that has also been an issue we have seen of late – where some providers were allowing Facebook to invade users’ systems and spy on them.
Chris: Yes, privacy is a big issue and one that our clients care a lot about too. All data created in the Fuze platform belongs to our customers. Under no circumstances does Fuze sell this data to third parties. We make this clear in the product privacy statement published on our website and in our customers’ service agreements. We’ve also taken great care to ensure compliance with GDPR for our global and European-based clients, as well as the new California privacy law. Further, we have certified our adherence to the Privacy Shield framework for the transfer of data between the E.U. and U.S. Our diligence around these data privacy regulations and standards is one of the reasons we are winning in Europe.
Jim: Eric, what’s coming up on the roadmap for Fuze? Anything you’d like to share?
Eric: Jim, thanks. Yes, we have been really busy.
In the last two weeks we announced and began shipping our next generation contact center product and this quarter we will be releasing some additional enhancements to it. This product is totally integrated into our UCaaS experience really reducing the amount of context switching contact center agents need to do, switching between interactions with the coworkers and supporting customers. This really complements what we have been doing with our partners Five9 and inContact. We also just released enhancements to our co-existence experience expanding our integrations with Slack and Teams. In the next month we will be making some announcements around our meetings and rooms offerings, our developer platform, and our core client experience on mobile, desktop, and browser.
Jim: Chris what is coming on the security front?
Chris: Jim, we’re in the midst of the annual independent audit of our system against the SOC, ISO, HIPAA, and HiTRUST standards and expect to reaffirm compliance for all in the Q3 timeframe. At the same time, the security team and I are staying alert for new trends, attack vectors, and threats impacting us and our customers. The pandemic, as is customary any time there is general public uncertainty and anxiety, has introduced a new wave of campaigns that seek to compromise data and/or profit from the unrest. We are continuously focused on strengthening our internal awareness, education and defenses around these threats, and working with our customers and partners to do the same. As Eric stated earlier, security effectiveness is very much a team sport.
Jim: Ok well this has been great. For more information, people can go to both fuze.com and Aragonresearch.com to find more information about the Communication and Collaboration market.
Chris: Thanks Jim.
Eric: Yes, thanks for this, Jim.