Maximize Value and Reduce Operational Risk with Cloud-based Unified Communications

Executive Summary

Today’s instant connection culture means companies are comprised of distributed, agile workforces accustomed to working anywhere, anytime using any device. Forward-thinking IT leaders are meeting this collaboration requirement by equipping their people with Unified Communication as a Service (UCaaS). Delivered in the cloud, UCaaS reduces the cost and complexity of communications and collaboration, while enabling the workforce to be as efficient and effective as possible.
When selecting a UCaaS provider, leaders must ensure the chosen solution is secure and will uphold the confidentiality, integrity, and availability of their data.

Security and privacy requirements are extremely important when it comes to business communications. Unauthorized access or mishandling of information could have a significant negative impact on an organization. For example: a leaked product roadmap or breach of financial, personally identifiable, or health information could cause irreparable damage to a company’s reputation, financial position, and competitive advantage in the marketplace.

IT leaders now can securely enable workforce agility, effectiveness, and efficiency. Read on to find out how YOU can join them.

Understanding Unified Communications as a Service

Significant consolidation of communications technologies is the fusion of voice, video, messaging, and data. When all of this is delivered through the cloud, it is called Unified Communications as a Service or UCaaS.

A UCaaS solution satisfies IT requirements because it is easy to set up, manage, and report on. It also satisfies business requirements, by enabling unprecedented levels of collaboration and productivity across a distributed workforce.

Unified communications enables both individuals and groups of employees by providing the same easy-to-access, always-available tools, that foster collaboration more readily and frequently. This elevates the IT partnership by contributing to organizational agility while eliminating the challenges associated with controlling and managing disparate standalone tools.

Distributed teams are the new norm

“75% of knowledge-based project work in the Global 2000 will be completed by distributed virtual teams by 2015.”¹

“The biggest disruptors to collaboration over the next few years will be distributed teams and distributed collaboration,” said David Coleman, Collaboration Strategies founder.²

¹Gartner, PPM Market Universe: Techniques and Tools for Project Collaboration, June 2011

²GigaOm, Future of Work: Collaboration and the Trust of Teams, May 2014

Moreover, UCaaS solutions that support third-party integrations will allow your organization to realize full value from existing systems. Forrester Research predicts unified communications and collaboration will become a “standard communication infrastructure” by 2018.³

³ Forrester, “Unified Communications and Collaboration is Poised for Growth as Demand Rises”

Unified communications systems can serve as the connective tissue between other key business systems and the high value processes these systems enable.

Risks and Challenges of Unified Communications

Your organization must accommodate the style of collaboration sought by workers who engage via social networks and mobile devices and meet their expectations to instantly connect.

Otherwise, you may see an increase in unauthorized software downloads to accommodate workers who require modern methods of communication in response to business demands. This practice of shadow IT or unauthorized software use compromises enterprise security and data protection. Furthermore, the emergence of Bring Your Own Device (BYOD) can introduce attacks through non-company managed mobile devices.

Previously, enterprise security was thought of in terms of the “safe inside” and “scary outside.” In other words, the world was safe within the physical office and Local Area Network (LAN) with firewalls protecting the perimeter. Everything beyond the perimeter was dangerous. Mobility and cloud services have blurred this distinction.

When you act as a data steward for your customers, you are obliged to protect your customers’ data, for business, security, privacy, and/or regulatory reasons.

IT leaders can now address these concerns by acquiring secure, unified cloud-based communications.

Satisfying Operational Concerns

Not all cloud-based unified communications solutions are created equal. Many cloud vendors focus on a narrow solution, such as team collaboration via text while traditional telephony providers are offering web/video conferencing.

While each vendor has a specialized focus, it’s rare to find one that addresses all communication and collaboration needs with a single robust, high-quality, secure cloud-based tool.

The more unified the UCaaS platform, the fewer apps and exposure points into the platform.

When deciding on a solution that will impact your entire organization, it’s critical to partner with a vendor that has addressed all concerns. To ensure the utmost in productivity and return on your UCaaS investment, you need a solution that provides a consistent and transparent user experience across devices and geographies while delivering:

  • Security
  • Reliability
  • Quality
  • IT Integration and manageability

Security: What to Look for in a UCaaS Vendor

An insecure communications platform deployment and operational plan presents a risk to the confidentiality, availability, and integrity of the platform and the data contained within it. With the continuous risk of internal and external security threats, it’s critical that vendors apply appropriate due diligence to ensure updates to existing systems and software are regularly applied, security controls are evaluated for their effectiveness, and new controls are implemented to address new risks. It is also important to validate that vendors have the necessary security processes and procedures in place to ensure that as its products and services evolve, they do so with the same or greater level of security in place.

Given your organization will largely be putting security in the hands of the UCaaS cloud provider, it is key they are built and protected with enterprise-grade security. You can determine a vendor’s ability to meet your security needs by assessing their security posture. Here are some things you should request from them:

  • Third party assessments or compliance reports, such as SSAE 16 or SOC 2.
  • A security overview session with the vendor’s security leader to gain insight into their security program, controls, operations, and future improvement plans.
  • A completed security questionnaire. This is a pre-defined set of questions you provide that are directly applicable to your company’s business, security, and privacy requirements.

After obtaining details about the vendor’s controls, consider the following to further assess their suitability to be your service provider:

Availability

Any communications platform is an essential business service – especially as your organization adds more remote workers – so it must be available without fail. Even the slightest downtime can greatly impact business operations. When doing business continuity planning, answer the following questions:

  • What are our most critical assets?
  • What would happen if they were down?
  • How would it impact productivity and revenues?

While the answers and threshold for downtime will vary by organization, it’s important to understand what works for your company. This understanding plays an important role in building out an MSA with a cloud provider. You should also confirm that the vendor has the right personnel, resources, and processes to address disaster recovery and business continuity. Adequate controls include business continuity and disaster recovery plans and regularly testing these plans to ensure easy and quick recovery in the event of a disaster.

Data Privacy and Data Protection

Within enterprises, confidential or sensitive data is often discussed and shared when using collaboration and communication tools. For example, more and more calls are being recorded and converted to .WAV file for future playback or simply to create an audit trail. In cases like this, it’s critical to consider.

With that in mind, you should ensure the cloud vendor has established proper data protection controls in place to protect the data:

  • Data Access and Auditability – Who within the vendor’s organization and your organization can access the data? Do controls exist to allow for role based access control of the data? Do logs exist to report on such access?
  • Data Deletion – How long is the data retained by the vendor and when is it deleted from their systems?
  • Data Encryption – Is the data encrypted while in transit over public networks and while at rest within the vendor’s platform?
  • Data Storage – Where is the data stored relative to where it was created?

Compliance

If your organization must comply with any regulations – such as SOC (Service Organization Control), HIPAA (Health Insurance Portability and Accountability Act), or PCI-DSS (Payment Card Industry Data Security Standard) – you want to ensure the UCaaS deployment won’t interfere with compliance. After all, a compliance violation could impact business operations.

Find out how the UCaaS platform deployment impacts the business processes associated with those standards and regulations. For example, if the communications system is deployed in a health clinic, any voicemails or calls between two doctors could contain ePHI (electronic Protected Health Information). As a result, HIPAA would apply to the communications platform in use.

User Provisioning, De-provisioning and Access Control

When someone joins or leaves your company, your IT and security department likely has a process they follow to grant or remove access to company assets. This process will need to be extended to your UCaaS platform. This is especially important for removal of access as a UCaaS platform is accessible outside of your company’s corporate network. You will want to ensure that when an employee leaves, their access to company data is immediately deprovisioned. Your UCaaS vendor evaluation should include inquiries about how user provisioning and de-provisioning on the platform is achieved and if third party integrations with applications such as Active Directory or Okta are included to ease the transition for you.

Data Deletion

In some industries, data deletion is critical. In the case of UCaaS, this can include call recordings, instant messages, and other records of communications. After determining how long your organization is responsible for retaining and archiving such data, find out how long the data will be stored in the UCaaS platform. Be sure all data is deleted, either by your organization or the cloud provider, when the UCaaS service is no longer used or the data is not needed.

Checklist of What to Look For
  • Does the vendor have an established information security and privacy program?
  • Does a third party evaluate the security of the UCaaS platform at least annually?
  • Does the vendor maintain skilled staff to continuously assess the platform and its endpoints from a security perspective, identifying security risks, and taking appropriate actions to mitigate in a timely manner?
  • Where is sensitive data stored? What are the applicable geographic boundaries and/or country specific laws and regulations?
  • Does the vendor’s SLA meet your internal company’s requirements in the event of downtime?
  • How easy – and secure – is it to onboard and off-board people across all applications in the platform?
  • How is access to personal data, such as data created when using the platform, protected? Does the vendor ensure access to such data is based at least on privilege?
  • Does the vendor generate and monitor logs for data access? Can the vendor provide audit trails and line of sight on malicious or unintentional negative use of communications platform (e.g., abuse, intentional fraud, access to data)?
  • Does the vendor make it possible to delete data on demand either manually or via a request process?
  • Does the vendor meet your internal business compliance requirements such as SOC, HIPAA, PCI-DSS, etc.?

Conclusion: Unify Communications and Be Secure

Though collaboration between geographically distanced employees is key to enterprise success in today’s world, IT leaders must enable this capability while protecting critical information and the corporate network. Apply some of the suggestions outlined in this paper, and select the solution that will best satisfy both business demands and security requirements.

If you are ready to increase the agility, effectiveness, and efficiency of your organization and have confidence in the security of your communications, request a demo today.

Request a demo today

Are you ready to reduce risk across your organization with UCaaS?