Secure unified communications: Continuously evolving environment
Cost savings, improved skills-based training, and increased employee satisfaction—just some of the reasons top companies around the world have adopted more flexible work environments and accommodate distributed or hybrid teams. And with this god-forsaken pandemic, more are rethinking the way they work.
Many companies have started to offer flexible work hours or remote options. Others have gone fully distributed. While there’s no one-size-fits-all approach and everything is experimental at this point, we can see organizations endeavor to come up with the ideal environment that will allow boosts in employee well-being and productivity way after this pandemic is over.
It’s why cloud communications have rapidly been gaining popularity. Modern organizations turn to unified communications (UC) in an effort to supercharge their team communication and collaboration as they venture into new working models. Like other technologies that leverage the internet, however, UC systems offer unique security challenges.
Fortunately, RingCentral has answered the call with RingEX (Messaging, Video, Phone), providing a secure unified communications solution to modern businesses. Before we go into the details of how RingCentral handles UC security, let’s identify the potential security issues surrounding unified communications.
Common security threats and issues associated with unified communications
Given how critical your communications system is to your operations, it’s imperative that you have well-defined security policies in place. Planning starts with a good understanding of the following security risks:
1. Denial of service attacks
Distributed denial of service, or DDOS attacks, targets VoIP systems, websites, online accounts, and mobile apps. Taking various forms like calls or messages, it floods and disrupts signals going to your servers. A DDOS attack involves bombarding the computer or network with excessive traffic until it crashes or can’t respond, preventing legitimate users from accessing the system.
2. Theft of service
In theft of service, attackers exploit a UC system to gain access to your VoIP account credentials. Hackers usually do this to make fraudulent phone calls or steal critical data for fraudulent activities. Done by eavesdropping or introducing malware into your system, theft of service is the most common type of cyberattack on VoIP phone systems.
3. Poor access control
Expect hackers to gain access to your employees’ data if your service provider doesn’t have strong user access control policies. To ensure that your business meets information security and regulatory compliance requirements, cloud providers promote using strong passwords and offer automated password change and multi-factor authentication.
4. Hacking tools
Hacking is when you use advanced technology to get past a network's security layers or exploit software vulnerabilities. The hacking tools can be used for both ethical (to identify potential security threats and other security concerns) and unethical purposes. Here are a few examples of unethical hacking:
- Phishing - This happens when an attacker poses as a legitimate institution and usually contacts a victim by phone, email, or SMS. The goal is to lure victims into providing sensitive data, such as user credentials, credit card details, and personally identifiable information.
- Trojan and other malware - Once installed into the system, these malicious apps will keep sending a victim’s information to the attacker.
- Fake WAP - Using malicious software and wi-fi network, anyone can name their wireless access point (WAP) with a legitimate-sounding name like “Hospital WiFi” and start spying on people who connect to it.
- Keylogger - A keylogger is a spyware that captures or records the keys a user strikes on a keyboard. Think of it as an activity-monitoring app a hacker uses to access your data.
Apart from gathering sensitive information, unethical hacking can result in disabled antivirus software, slow internet connection, and internet searches redirecting to irrelevant sites.
5. Data center vulnerability
As cloud service providers rely typically on data centers to deliver unified communications services, it’s crucial that they’re backed up and maintained regularly. Unfortunately, not all vendors offer the level of reliability and built-in redundancy RingCentral delivers (learn more about this later).
Not only does this compromise your business continuity and disaster recovery initiatives, but it also puts your organization at risk of losing compliance with HIPAA and other privacy regulations.
How RingCentral addresses the security issues
When devising security strategies and protocols, RingEX has the four pillars of cloud security in mind. A deep understanding of these pillars allows them to create unparalleled cloud security solutions. Here’s a quick guide:
The four pillars of cloud security
Visibility and compliance
A robust security solution offers full visibility into the entire cloud infrastructure. It makes way for the continuous evaluation of assets, allowing organizations to understand how relationships among them affect their security and compliance posture and help determine opportunities for improvement.
Computer-level security
Ensuring top-notch security for end systems, managed services, and apps running in the cloud is paramount. Computer-based security has two key elements:
- Automated vulnerability management - Identify vulnerabilities and misconfigurations as you prioritize risks for cloud environments.
- Ongoing operational security - Inspect web and voice traffic to safeguard apps, APIs, and practically anything that’s considered computer workload from malicious activities.
Identity access management
Organizations often have someone authorized (by IT leaders) to access specific cloud resources and perform certain tasks. A cloud security solution ensures that particular user only has access to the apps they need and only at a level that allows them to do their job.
Network security
Network security involves micro-segmentation, which makes it hard for cybercriminals to move from one victim to another. That happens when apps and workloads are isolated from each other and secure individually.
Let's say your organization uses a variety of apps that support specific purposes, which can't be combined (e.g., public info and sensitive business or customer data). Segmentation ensures no overlaps between these apps.
How RingCentral is protecting its UC system
Unified communications bring all communication channels and devices under one platform. For RingCentral, it's the award-winning RingEX.
Gartner, a renowned technology research and consulting firm, has positioned RingEX furthest in their Magic Quadrant for UCaaS year after year.
RingCentral delivers UCaaS (unified communications as a service) to make it easier for employees—in-office or remote—as well as clients, partners, and other contacts to stay connected and collaborative no matter what device everyone is using and wherever they are in the world.
That brings us to the issue of cloud security and what RingCentral does to protect its UC system.
Data infrastructure and global network security measures
RingCentral delivers a string of measures to protect its system and global network, including network protection, intrusion detection, vulnerability management, and system user authentication.
Secure voice
RingCentral protects voice communications leveraging advanced technology against eavesdropping and tampering with audio streams across all endpoints. To provide top-tier security for IP phone calls, we use (and one of the first to do so) these two enterprise-level security protocols:
- Transport Later Security (TLS) - Ensures secure SIP signaling communication between endpoint devices and RingCentral's cloud servers.
- Secure Real-time Transport Protocol (SRTP) - Ensures encryption, message authentication, and integrity; ideal for voice traffic since it has no effect on IP quality of service.
Hardened, geographically dispersed data centers
RingCentral owns and operates geographically dispersed Tier 4 data centers co-located with major telecom carriers to deliver the fastest response times. Supported by redundant power, the data centers are governed by high-level security procedures and guarded by military-grade equipment.
What is a Tier 4 data center?
When a data center is classified as Tier 4, that means it's fully equipped to prevent security issues from arising and will continue to operate safely no matter the situation (mechanical failure, power outages, etc.). Full redundancy and tolerance ensure risk mitigation and the highest level of cybersecurity.
Here are some of our physical security features:
- 24/7 monitoring by experienced security officers
- Door security (biometric readers)
- Kinetic and key locks on closed cabinets
- Windowless exteriors for critical areas
- CCTV (integrated with access control and alarm system) coverage with detailed surveillance and audit logs
- Bullet-resistant protection
- Motion detection for lighting
- Equipment checks upon arrival
Data encryption (at rest and in transit)
Rest assured that all your customer calls and messages are encrypted, both in transit and at rest. To prevent data loss and fully adhere to relevant regulations, RingCentral's protection covers:
- Data transfer
- Physical security within data centers
- Digital tracking with audit trails
- File storage
Network security for service apps
RingCentral implements best-in-class network infrastructure protection optimized for both voice and data to safeguard corporate web servers, databases, and service apps.
In addition, we leverage advanced intrusion prevention technologies to ward off distorted packets used to overwhelm session border controllers (SBC), resulting in service disruption, endpoint reset, and system restart interruption.
To the uninitiated, an SBC is a network function that protects SIP-based IP networks. SIP stands for Session Initiation Protocol. If you've heard of the term SIP trunking, it refers to a method of sending unified communications services over the internet, routing calls and data streams through an IP-enabled private branch exchange (PBX).
User management and rights revocation
Businesses have to be wary not only of attacks from people outside of the organization but also inside. For example, an accounting staff member recently laid off may have ill will towards the company and is bent on getting back.
With RingCentral, admins can revoke user rights so they won’t have access to sensitive company information. Our cloud communications security measures include settings for managing your policies and end-users, including:
- Adding and removing user extensions
- Setting up user permission levels
- Managing extension PINs
Shutting down that human element
Your vendor could have the most sophisticated security features and functionalities like RingCentral does, but that doesn't make your business totally free from hacking and fraud. Attackers can still guess your passwords to hack into your voicemail system and use the password pattern to and eventually make an international call.
It’s why RingCentral establishes policies that enable users to develop healthy security habits, which include:
- Changing default passwords
- Coming up with passwords that are hard to guess
- Changing passwords regularly
- Checking voicemail even during holidays
- Blocking international calls as needed
- Disabling unused automated features
Avoiding login fatigue with single-sign-on
Employees use different apps regularly, and that could mean having disparate logins. It makes it easy to forget passwords. But that’s not a concern with the single sign-on (SSO) feature as it unifies user credentials across different applications.
You’re probably thinking, “What if the password is compromised? Wouldn’t that grant attackers access to your other apps?” Sure, it would.
RingCentral's answer is the Duo Access Gateway (DAG), which offers strong authentication policies. The system prompts for two-factor authentication before granting access.
DDoS attack prevention
RingCentral's border session management system is immune to many types of attacks, even those that disrupted the services of other vendors. Our security measures, which have been proven to avert DDoS attacks, include but are not limited to:
- Session border controllers with specific anti-DDoS measures
- Caller ID system that authenticates calling numbers
- Tagging and blocking sources of malicious calls
- Employing a team of experts that monitor and mitigate risks in real-time
Other security measures from RingCentral
- Personnel practices - All RingCentral employees have gone through security training (initial and ongoing).
- Personnel and physical/environmental security controls - Our app is hosted by Amazon Web Services (AWS). We have strict policies governing access to our corporate information resources, unlawful physical intrusion, and more.
- Proactive fraud mitigation - With strict access and detection controls and usage throttling, RingCentral prevents toll fraud. We have a global security team that regularly monitors clients’ accounts and a full-time security and fraud prevention team that champions security best practices against fraud mitigation.
- Security audits - Our periodic audit reports are available to our clients!
RingCentral: Serving secure unified communications to modern businesses
Cloud security is a complex function best left at the hands of an established UCaaS provider like RingCentral. With us, you’re getting more than a decade of experience combining phone, audio and video conferencing, instant messaging, collaboration tools, fax, SMS, contact center capabilities, and other cloud services.