THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER

Transcription

1 THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER How to ensure a cloud-based phone system is secure.

2 BEFORE SELECTING A CLOUD PHONE SYSTEM, YOU SHOULD CONSIDER: DATA PROTECTION. YOUR SYSTEM IS ONLY AS SECURE AS YOUR INTERNAL SAFEGUARDS AND THOSE OF YOUR VENDORS. DATA BREACHES CAN COME FROM INSIDE OR OUTSIDE, BUT VULNERABILITIES CAN BE MINIMIZED WITH THE RIGHT SAFEGUARDS. SERVICE HIJACKING IS A SERIOUS CONCERN THAT MAKES CONSTANT MONITORING ESSENTIAL FOR ANY SYSTEM. Reputable, cloud-based VoIP services like ShoreTel Connect CLOUD will have a security policy and safeguards in place. But as a business owner, it s still important to educate yourself about what security issues exist in cloud phone systems. This simple Q and A will examine essential security concerns to help you ensure your cloud-based VoIP is secure. 2

3 WHAT DO I NEED TO KNOW TO GUARD AGAINST DATA BREACHES? WHAT YOUR PROVIDER DOES: All reputable service providers are required to comply with Federal Guidelines laid out for protections in specific verticals. As a part of your search for a service provider, you should check credentials and compliance with these standards. Reputable service providers are equipped with a host of data protection measures including: firewalls, intrusion detection and prevention systems to help protect against DDoS (Distributed Denial of Service) attacks all of which should be monitored constantly. WHAT YOU NEED TO DO: Regardless of the system you choose, there are multiple ways you can set up your system to be resistant to data breaches. Robust authentication and encryption authorization credentials are a good start. You ll also want to be sure you set up a registration process. SHORETEL SOLUTION: The ShoreTel Connect CLOUD system includes Session Border Controllers, or SBCs. SBCs enforce security, quality of service and admission control mechanisms over the VoIP sessions. SBCs also provide firewall services to protect from attacks. SHORETEL PROTECTION: ShoreTel also provides, on an end-to-end basis, encryption that helps protect IP voice against unauthorized recording, playback and other forms of electronic snooping. ShoreTel also uses SSL/TLS to protect instant messaging sessions. 3

4 WHAT CAN BE DONE TO PREVENT PHISHING SCAMS, FRAUDULENT INTERACTIONS AND TOLL FRAUD? START WITH A SYSTEM CAPABLE OF ENCRYPTING TRAFFIC WITH RESET DEFAULT PINS. It s important to find a system that is capable of encrypting traffic with reset default pins. It s also important to arm your network to act quickly in the event of a hack. Controlling access to the account is the first step to preventing toll fraud. Only one person in your company should have the ability to change the list of contacts maintained by your vendor. Many IP (Internet Protocol) phone system platforms can be configured to restrict international and directory assistance calls. You can also require an authorization code to make calls. Strong passwords make it trickier for bad actors to use your account. A few tactics for making passwords stronger include: updating passwords every 90 days, using different passwords for all phones or voic boxes and making all passwords longer than four digits but vary the number of digits from phone to phone. SHORETEL SOLUTION: The following actions are taken by ShoreTel teams to help ensure the protection of our customers: Weak password scanning activities Developing stricter password policies and case studies regarding the use of the same password across applications Disabling international click-to-dial features Use of fraud monitoring systems to help detect when fraud my be occurring. 4

5 WHAT IS AN API AND WHAT CAN BE DONE ABOUT INSECURE APIS? API IS AN ACRONYM FOR APPLICATION PROGRAM INTERFACE. Strongly built interfaces and consistent monitoring do a lot to make integration of third-party apps safer. Relying as much as possible on the phone system you ve chosen, rather than turning to additional third-party providers, can help keep your system secure. Your system should have built-in resources for integrating business applications. 5

6 WHY SHOULD I BE WORRIED ABOUT DOWNTIME? WHAT CAUSES SHUTDOWNS AND WHAT CAN BE DONE TO PREVENT THEM? NO DOWNTIME Possible causes of downtime include severe weather, unexpected influxes of customers, or DDoS attacks. Consistent monitoring of a system makes it possible to identify the cause of the shutdown quickly and get back online. Redundancy is also vital to keeping your system up and running. Much like a freeway system that gives travelers multiple routes to get to a single destination, the key to redundancy is to make sure your data has some way to get through if the main access point is not available. SHORETEL SOLUTION: ShoreTel s VoIP network is designed so core and distribution routers are redundant with no single point of failure. We are constantly updating our networks with the most advanced routers and switches available for maximum availability and reliability. For a more in-depth and technical look at our architecture, check out the ShoreTel white paper: Staying Secure in the Cloud. 6

7 SHOULD I BE CONCERNED ABOUT MALICIOUS INSIDERS? YES. While no one wants to believe that a colleague or coworker would purposefully attack their own workplace, an internal system of checks and balances, which prevents unauthorized users from accessing data above their clearance level, does much to keep company information and data secure. SHORETEL SOLUTION: We have a zero-tolerance policy for putting customers at risk, which includes strict guidelines for employee and vendor behavior. 7

8 IS IT POSSIBLE TO USE A CLOUD BUSINESS PHONE SYSTEM AND MAINTAIN CONTROL? YES. The adoption of a cloud business phone system means that some daily management activities will no longer be on your system. Although this may initially be an uncomfortable change, there are many good reasons to choose a cloud business phone system that ultimately override the risks. Lower overhead costs, increased departmental and overall system efficiency and system availability are some of the reasons why more and more companies have accepted the requisite loss of control that comes with migration to the cloud. 8

9 APPENDIX SECURITY CHECKLIST The service easily provides access to qualified users while blocking non-authorized users. There is a cloud-installed Intrusion Prevention System (IPS) and regularly run penetration/compliance tests. Firewalls and data encryptions are in place across the system. The service complies with federal guidelines and corporate access policies. There are backup and restoration policies and procedures in place. The service interfaces with my own, on-premises security environment. 9

10 GLOSSARY API: A software intermediary that makes it possible for application programs to interact with each other and share data. DDOS ATTACK: A distributed denial of service attack. An attacker makes a target unavailable to users by attacking the system, usually with an influx of data. PBX: Private Branch Exchange. An enterprise telephone system that switches between enterprise users on local lines while allowing all users to share a certain number of external phone lines. PHISHING SCAMS: Direct users to visit a website that tries to get them to voluntarily share private, personal information like credit card, Social Security or bank account numbers. TOLL FRAUD: Long distance service theft. This happens when a perpetrator gains remote access to the customer s PBX or key system and uses the system to make unauthorized phone calls. UNIFIED COMMUNICATIONS (UC): The integration of communication services including instant messaging, presence information, voice (including IP telephony), mobility features, audio, web and video. UCAAS: Unified Communications as a Service. A delivery model in which a variety of communication and collaboration applications are outsourced to a third-party provider and delivered over an IP network, usually the public Internet. VLAN: Virtual Local Area. A group of devices located on different LAN (Local Area Network) segments that are configured to communicate as if they were attached to the same wire. VLAN TAGGING: Inserting a VLAN ID into a packet header to identify which VLAN the packet belongs to. VOIP: Voice over Internet Protocol. A group of technologies used for delivering voice communications over Internet (IP) networks. 10

11 THANK YOU FOR READING OUR EBOOK. We hope it s been a useful overview of VoIP security concerns and solutions. To learn more about ShoreTel s VoIP offerings including ShoreTel Connect CLOUD, visit ShoreTel.com or call ShoreTe(l) ( ).