Securing Your Unified Communications Infrastructure

Securing your unified communications (UC) infrastructure is one area of security that is often overlooked in favor of network and data security.

Phones used to run on a completely separate network from your data. But, with the rise of voice over IP (VoIP), video, BYOD, webcasts, conference calls, smartphones, etc., everything runs over the same network.

This means you need to pay the same attention to securing your UC infrastructure as you do your network and data center.

Separate and Monitor

The first step to protecting your UC environment is to separate its traffic from the rest of your data. You can do this by creating a virtual local area network (VLAN) specifically for UC traffic.

When you have UC traffic separated, implement a next-gen firewall to monitor traffic going into and coming out of the VLAN. The size of your organization, and how much traffic it generates, will determine whether you need a virtual or physical firewall. A basic guideline is that any more than 20-30 people create enough traffic to create the need for a physical appliance(s).

When choosing a firewall, is important to remember that UC has different packet requirements than other traffic. With other traffic, it doesn’t matter in which order the data arrives. Website packets can arrive out of order and be pieced together to get a cohesive and comprehensible final product.

You can’t do that with a phone call. If the words arrive in a different order than they were spoken, the call is unintelligible. Make sure to choose a firewall for your UC that will work with the special packet and latency requirements of audio and video communications.

Endpoints are the Beginning

No organization that’s serious about security would leave endpoints such as laptops, desktops, servers or tablets unsecured. As we covered in the past two articles, these are all critical pieces in a holistic approach to IT security.

UC endpoints are no different. Your office phone is a mini computer with its own software, apps and network connection.

Since you wouldn’t just hand out a laptop without making sure it’s properly configured, updated and maintained, why would you with a phone?

Implement a system to track, monitor, configure and optimize UC endpoints. This includes not just desktop phones, but also monitors, smartboards, webcams and anything else in the Internet-of-Things that’s connected to a network. Doing so will ensure that critical security patches or other vulnerabilities are noted and patched before they can be exploited.

Get the Full Picture

As with data center security, UC has a lot happening that’s not easily tied together in real time by a single security professional, or even a team of professionals. You need an automated dashboard tool to present all the critical aspects of your UC security in one location.

This tool can then be monitored and interpreted by human intelligence. If someone is on vacation and their phone is being accessed, you need to know that. The tool can trigger the alert and then your personnel can decide if it’s a security threat or if the employee is simply checking voicemail from the beach.

These UC professionals should also be interacting on a daily basis with other security staff. There is a tendency to have them isolated from the greater IT infrastructure, but this is a detriment to overall security. Get them involved and sharing information across channels.

Unified communications is an important asset to any IT infrastructure. As remote work arrangements and real-time communications become a greater part of business, UC will grow in prominence. Don’t forget to protect it with the same level of security that you would any other important IT asset. Just remember that it has its own unique requirements.