Are We Paying Enough Attention to Unified Communications Security?

Securing unified communications is a bigger task than simply protecting each of its composite elements, since entry through one application can lead to problems for another. The reality is that the benefits of the platform are synergistic -- and so are the dangers.

 By Carl Weinschenk
Page of   |  Back to Page 1
Print Article
There are a number of reasons, according to Sipera Systems' Adam Boone, that unified communications security is different than simply the sum of the security of each composite application.

The article, at Help-Net Security, is well-written and a worthwhile read. At the highest level, it can be summed up by the point that each new platform by definition opens up new avenues – both social and technical – for bad people to try to exploit. The situation is even more daunting because, as Boone writes, unified communications “mingles traffic from a host of applications that previously were segregated.”

For example, a successful attack against the VoIP element of a unified communications platform could impact IM, telepresence and whatever other application the organization invited to the party.

A defect in IM, VoIP, conferencing or anything else suddenly becomes an across-the-board threat and challenge. The main point of Boone's article is that unified communications security should be considered as something new. He also suggests that its characteristics – it operates in real time, converges applications, runs across untrusted networks and supports all the new end points employees are using – makes securing it a demanding task.

And a task with parameters that may not be totally known:

Every aspect of this innovation involves a multitude of new security concerns. As is the case in all technical innovations, the true security risks that really matter do not become apparent until the technology has been in use for some time.
It is surprising that we don't hear more about unified communications-specific security. Last summer, I did a podcast with Dan York, author of "The Seven Deadliest Unified Communications Attacks." The bottom line is that there is a lot to worry about. Benign neglect – if that is what it is – doesn't seem to be the prudent course.
Separately, Future Com has joined Sipera's Reseller Program as a Gold Tier Reseller. The company is using Sipera's best practice recommendations to update the security infrastructure of what the press release says is a “major aviation industry customer” to include unified communications.
This article was originally published on Apr 12, 2011
Get the Latest Scoop with Networking Update Newsletter