As the use of mobile unified communications applications grows (and evidence points to that being the case), companies need to ensure they’re addressing a related security wrinkle: protecting real-time mobile communications.
We’ve long talked about various technologies for protecting mobile data, meaning files, email and the like. Companies have a number of options for tackling that, from virtualization technologies that essentially keep all data within the data center to mobile device management and remote wipe capabilities to zap any sensitive data from a lost or stolen mobile device.
But we haven’t heard a whole lot about protecting real-time mobile communications sessions themselves, whether voice, video, IM, presence or the like. It’s an issue because each of these UC sessions opens an IP port into the corporate network, notes David Tipping, Vice President and GM of Products at Sonus Networks. If those ports aren’t protected, they can be exploited just as any other IP port can.
Such UC sessions typically use the session initiation protocol (SIP) and, as we’ve reported previously, firewalls are not effective for protecting SIP ports. What’s required is a session border controller (SBC), which are designed to protect SIP sessions.
“We allow an administrator to offer encryption on every single unified communications session,” Tipping says of Sonus’ SBCs. What’s more, they do so without requiring users to establish a VPN connection or download any client software.
That’s important because you never know which session may be the target for compromise. And you never know where the end user is going to be when accessing potentially sensitive corporate data – in a coffee shop, at an airport or the like.
Similarly, while a user may start with a voice session, which may present a relatively low security risk, it can quickly and easily escalate to a web chat or desktop sharing session which carries a much higher risk of data compromise. For that reason, it’s not enough to say you’re going to encrypt sessions for, say, your top executives but not everyone else.
Being able to offer that level of encryption means ensuring you’ve got an SBC platform that can handle the capacity that you expect. Otherwise, you’ve essentially got three choices:
- Run each UC platform at less than its full capacity, which costs more in capex and opex
- Choose a certain percentage of your traffic that gets security
- Don’t encrypt any sessions and simply hope for the best
Clearly, none of those options are palatable. “I can’t imagine as a CIO that you’d want to say this 10% or 20% of people should have encryption but others won’t,” Tipping says. “Security is something everyone needs.
Beyond encryption, SBCs are also important because they essentially hide your internal IP network from any would-be intruders. Should anyone be snooping for an entry point to your network, they’ll encounter the SBC and its IP address, but will have no view into what’s behind it, whether an IP PBX or UC server. That alone is typically enough to send intruders off looking for greener pastures, Tipping notes.
To learn more about how to find an SBC that’s right for your organization, check out our previous post on questions to ask when choosing an SBC.