Voip - The Value Of Secure Unified Communications Technologies For Improving End User Productivity

Unified communications refers to the real-time redirection of a voice, text or email message to the device closest to the intended recipient, at any given time. For example, voice calls to desk phones could be routed to the user's mobile telephone when required. Email intended for a desktop mailbox could be sent to the user's PDA or turned into speech for a phone message.

In the survey targeting 390 IT managers/decision makers and 524 IT users from 13 countries in Europe, North America, Asia Pacific and Middle East & Africa, respondents were asked about their perceptions of the inherent levels of security and potential risks associated with unified communications.

Based on the results of those questions, this document aims to provide more clarity on the actual risks associated with unified communications technologies and give practical advice for remediation.

The security of unified communications
In the survey, both IT managers and IT users were asked about their perceptions as it relates to the security of unified communications. The majority of IT users (52%) perceive unified communications to be as secure as most other ICT technologies. IT managers take a slightly more cautious view, with 31% believing that it is as secure as other ICT technologies.

Eighteen percent (18%) of IT managers feel that unified communications is moderately secure, while 16% believe it to be moderately risky. This result indicates that IT managers are aware of the new risk types that are associated with unified communications, while IT users are probably reasonably unaware of the risks they and their organizations might be exposed to when using communications technologies other than email.

Technology risks
IT managers were asked to indicate which unified communications technologies they believe posed the greatest risk to the organisation. Instant messaging (IM) received the highest risk rating. This could be attributed to the high levels of public IM penetration into corporate environments.

The research indicated high levels of public IM use for private and business purposes amongst end users surveyed. Enterprise mobility and PDAs also received high risk ratings. This indicates that IT managers are concerned with technologies that are harder to control, given the high level of end user penetration and limited organizational policies or procedures around these technologies in the corporate environment.

This trend is often referred to as "consumerisation of IT", where IT users bring new technologies and devices that they perceive as useful business tools that contribute to their levels of productivity into a corporate environment, without policies and guidelines for their usage. Categories of Risk Broadly put, IT managers identified and rated 3 categories of risks in relation to unified communications :

Theft of Service :
This includes toll fraud, device theft and identity theft and implies the unauthorised use of services, such as conference bridges, or the theft of identity.

Denial of Service :
This includes denial of service (DoS) and disguised attacks. It implies a deliberate or accidental attack against services and applications that render them unusable for IT users.

Privacy and Compliance :
This focuses on interception of communications and impacts the confidentiality and challenges associated with conforming to corporate compliance policies and legislation. Apart from the constant battle against unsolicited email (spam), the two biggest challenges identified by IT managers in the survey were to provide a reliable (not exposed to DoS) and secure (no exposure to identity theft) service to IT users.

Other considerations :
With a trend towards the "consumerisation" of IT, new technologies and services are being adopted faster than ever. New generations of end users are experimenting with emerging technologies like IM, internet telephony and blogging at home, and expecting to use them in the office environment.

Despite this fact, many IT users are oblivious to the new threats that these technologies bring about. IT user education research into unified communications indicates that IT users respond to the familiar threats (those that have become familiar in the context of email over the past few years) and do not immediately associate new communication channels with new risks.

Their primary concern is reserved for the threats targeting the very availability and functionality of an IT system (viruses, attacks), while annoyances, such as spam or call interceptions, are considered secondary concern. A common mantra in the security
industry is that of People, Process and Technology.

All the technology and policy in the world is no substitute for IT user education and change management. The research shows that IT users still perceive the biggest security risks to come from email, and give little consideration to theft of service, identity theft and eavesdropping.

Putting unified communications technologies in the hands of IT users who are unaware of risks and corporate policies is likely to result in any benefits being offset by the increased risk and security threats within a corporate environment. Only with proper awareness and education, will IT users derive the maximum benefit from UC while also containing security risk.