There are a number of reasons, according to Sipera Systems’ Adam Boone, that unified communications security is different than simply the sum of the security of each composite application.
The article, at Help-Net Security, is well-written and a worthwhile read. At the highest level, it can be summed up by the point that each new platform by definition opens up new avenues – both social and technical – for bad people to try to exploit. The situation is even more daunting because, as Boone writes, unified communications “mingles traffic from a host of applications that previously were segregated.”
For example, a successful attack against the VoIP element of a unified communications platform could impact IM, telepresence and whatever other application the organization invited to the party.
A defect in IM, VoIP, conferencing or anything else suddenly becomes an across-the-board threat and challenge. The main point of Boone’s article is that unified communications security should be considered as something new. He also suggests that its characteristics – it operates in real time, converges applications, runs across untrusted networks and supports all the new end points employees are using – makes securing it a demanding task.
And a task with parameters that may not be totally known:
Every aspect of this innovation involves a multitude of new security concerns. As is the case in all technical innovations, the true security risks that really matter do not become apparent until the technology has been in use for some time.