Security

ANALYSIS

Secure, Real-Time UC: Safe Connections While on the Move

Unified Communications (UC) holds enormous promise as a coherent, integrated approach to incorporating the full spectrum of business communications modalities, and as direct path to cut through “communications clutter” resulting in accelerated time-to-action. It also offers a cost-effective way to more directly connect the company to its customers, employees to employees, and more tightly bind business partners and suppliers. In the September 2009 Aberdeen Report “Unified Communications: Gaining a Competitive Advantage While on the Move,” reducing human latency (the time delay in initiating and reaching a contact) was revealed as a key benefit of UC, resulting in measurably increased efficiency and improved customer intimacy.

However, these benefits are at risk if the UC ecosystem is not secured from unauthorized use, protected from malware attacks, and compliant with government and industry regulations.

Some of the newest real-time applications of UC are generating the greatest interest — Voice over IP (VoIP), IP video, presence, instant messaging, Web collaboration — and they create new security challenges. These challenges are compounded by the expansion of UC capabilities to include mobile endpoints such as smartphones and laptops. Because these devices are typically in motion, their communication paths often traverse the unsecured Internet outside the protection of the organization’s firewall, whether via wireless carrier services, WiFi hotspots or other public networks. Securing these new real-time UC applications on mobile endpoints becomes crucial as adoption of UC throughout the enterprise continues apace.

Enterprises extending UC to these devices must contend with security issues such as UC infrastructure authorized access, exposure of enterprise resources and communications to untrusted public and private networks, unsecured physical devices and removable storage media, and uncontrolled or untested applications residing on the devices.

The Rise of Modality Convergence

UC has the potential to increase efficiency, improve customer intimacy and accelerate time-to-resolution for problem-solving and communications.

UC enables optimization of communications routing between several modalities. Examples of UC include receiving voice messages in an email inbox, making phone calls from a laptop computer, transferring calls between a smartphone and a desk phone, and using presence-enabled applications to determine whether the person to be reached is busy, available, in the office or the car, or “Not to be Disturbed.”

If an individual or group can be reached by wireless or wireline voice call, voice mail, mobile voice mail, email, mobile email, instant messaging, text messaging, fax, Web conferencing, and now micro-blogging, how does one choose the most time-effective and immediate method of contact?

The irony here is that the greater the number of communications options, the more time-consuming it can be to connect with a specific individual, especially when the available communications modalities are not coordinated or well-integrated. UC therefore becomes increasingly important in mending the fractured digital communications landscape.

Reducing Latency: The Business Value of UC

Reducing human latency is a primary objective of UC. Human latency is defined as the delay in completion of a business process caused by waiting for humans to act on the process.

Best-in-Class companies (those ranking among the top 20 percent across selected performance metrics) were able to reach a designated contact within the organization on the first try 79 percent of the time. This is 39 percent more often than the Industry Average, and more than four times as often as the Laggards. Best-in-Class UC also makes respondents 31 percent faster in their response time to others trying to reach them from both outside as well as inside the organization, more than twice as fast as the Industry Average and over five times that of the Laggards.

Mobile UC

Because UC is ultimately about uniting today’s disparate communication modes into an integrated whole, mobility always plays an enabling role. In fact, mobility is the one common denominator in every UC initiative. The recent emergence of the mobile device as the most reliable point of contact for an individual, along with the need to integrate the device into the organization’s communications infrastructure, has become one of the primary drivers for increased UC adoption.

Mobile UC is that portion of the UC spectrum dedicated to full UC integration of the mobile client, whether smartphone or laptop softphone. This includes Fixed Mobile Convergence (FMC — see below) and mobile-to-IP-PBX integration. While the number of “road warriors” may diminish due to shrinking travel budgets, it may be the “corridor warrior” carrying their smartphone or laptop from office to conference room and back again who stands to gain the most from an organization’s mobile UC initiative.

Fixed Mobile Convergence (FMC)

FMC is an important waystation on the path to full mobile UC integration because it unites the carriers’ cellular wireless and fixed-line communications infrastructures.

When used with supported dual-mode smartphones (WiFi and cellular being the two modes), it can also allow for a seamless handover of calls-in-progress back and forth between Wireless LAN (WLAN), cellular and wireline networks.

A direct advantage of FMC is the routing of voice calls over the WLAN instead of over the cellular network. This provides a direct cost savings, especially as compared to international mobile roaming charges.

Beyond FMC

Mobile UC goes beyond FMC to connect wireline calls and cellular phones, irrespective of geographical location or wireless carrier. It enables a properly equipped mobile phone to appear as a fully-functional extension on the company voice network or Private Branch eXchange (PBX). Just as with desk-bound callers, this allows for the bridging of calls to cellular telephones, extension dialing, and other advanced features familiar to users of desk phones. Users on cellphones can easily transfer calls, conference with other parties, and toggle between multiple calls. Roaming outside the firewall on a public WiFi network can extend this “virtual office” capability anytime, anywhere.

However, along with these advantages come new security concerns. Strong user and device authentication is needed to prevent unauthorized access to the corporate network. Encryption of calls-in-progress to ensure corporate communications privacy over the public IP networks that the call will traverse is also required.

Protecting the Core Business Infrastructure

With the convergence of so many communications modalities within a unified infrastructure, security of the communications content becomes an essential concern. In the June 2009 report “Mobile Device Management: Bringing Order to Enterprise Mobility Chaos,” fierce protection of corporate assets from rogue mobile access emerged as a best practice — with 78 percent of the Best-in-Class enforcing organizational security compliance standards. This is 15 percent more than Industry Average and 70 percent more than Laggards

Despite this best practice, many organizations aren’t as proactively protective of their UC assets as they are of their other corporate assets. It’s as if there’s less awareness of the potential for security risks in the voice or real-time messaging domain.

To those with malicious intent, converged communications can present a larger attack surface than other forms of data. UC introduces more end-points of different varieties and security postures that present a wider variety of potential security gaps. Once an attacker has compromised one point of vulnerability in a UC environment, other UC applications are immediately put at risk.

Only 38 percent of the Best-in-Class have a comprehensive security capability covering a broad range of UC modalities. Even this low rate of adoption far outpaced that of All Other respondents.

The Importance of Securing Real-Time UC

Real-Time UC is that portion of the UC capabilities spectrum that typically takes place in real-time (“synchronous”) versus the usually time-delayed store-and-forward forms (“asynchronous”). Examples of real-time UC include “standard” voice telephony, Voice over IP, IP video, telepresence, instant messaging, presence, and Web collaboration. Unlike the asynchronous forms such as email and voice mail, which are often secured using the vendors’ bundled security solution, real-time UC is often not secured unless it is addressed by a third-party or add-on appliance, performing deep-packet inspection, providing real-time encryption and decryption, detecting threats, and managing access control and associated UC security functions.

The technical challenges of encrypting and decrypting streaming or real-time media without introducing an unacceptable delay (“processing latency”) are significant. Few solutions available on the market today provide zero-latency, fully encrypted, end-to-end, secure, real-time communications beyond the organization’s firewall. Performing UC security at line-speed without unduly burdening the existing infrastructure is no small challenge.

This is precisely where the most significant security vulnerability resides — when the real-time content crosses over the public Internet in its routing path. The combination of mobility and real-time UC are typically the most-in-demand UC capabilities, and in many cases are the primary drivers for broader UC adoption within the enterprise. This underscores the business-critical nature of incorporating a comprehensive real-time UC security solution.

In Summary

UC has enormous potential to integrate multiple business communications modalities into well-integrated communications pathways to enhance knowledge sharing, streamline operations and efficiency, improve workforce collaboration, and increase customer responsiveness. However, the lack of a comprehensive security solution for real-time UC undermines broader acceptance and penetration of UC within the enterprise. One major security lapse reverses years of progress.

On the other hand, within a well-integrated, real-time, secure environment, trust in new communications modalities can be maintained, and UC’s promise of measurable efficiency gains may actually be achieved.


Andrew Borg is a senior research analyst for wireless and mobility at Aberdeen Group.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels