Hosted, cloud-based services are all the rage, and the unified communications space is no exception. The research firm MarketsandMarkets expects the UC-as-a-Service market to grow from $13.10 billion in 2014 to $23.34 billion in 2019, a compound annual growth rate (CAGR) of a healthy 12.2%.
Historically, one of the big sticking points with any cloud-based service has been security. Those fears are abating somewhat of late, at least according to the RightScale 2014 State of the Cloud report, mainly because companies are getting smarter and about how they provide security for cloud-based services.
Securing Cloud-based UC Environments
UC-based solutions, however, present some special challenges because they use the session initiation protocol (SIP). In a previous post, we covered how SIP-based communications are different from IP-based data traffic and thus require security tools beyond the traditional firewall. As Mykola Konrad, VP of Cloud and Strategic Alliances for Sonus Networks, Inc. explained:
Normally, you’d use a firewall to protect the network against unwanted intruders but they are ineffective on a SIP network. “A firewall can’t look and see the start and end of a session or a call,” Konrad says. “It doesn’t understand things like caller ID and the concept of sessions that exist for a short time and then disappear.”
With respect to UCaaS services, the solution is to use a session border controller (SBC) to secure the connection, Konrad says. SBCs understand SIP and will allow legitimate traffic to pass through, but close down the entryway as soon as the call ends. What’s more, SBCs can perform encryption, which is an important function in a hosted UC environment.
Consider the example of a hosted UC or contact center solution such as Microsoft Lync or Interactive Intelligence, where users tap in via the public Internet. “In that type of an environment, companies are interested in more than just network security – they want media level security. An SBC is needed to make sure that when this stream of voice or video comes in that it’s secure and encrypted.” Konrad says.
An SBC also provides core network security. Each voice call, video session, instant message or other form of communication requires a SIP port to be opened into the user’s premise. “You need the SBC to be sure you’re not opening up all these ports to random traffic,” he says.
When MPLS Alone isn’t Enough
Another scenario is when a company uses an MPLS (Multiprotocol Label Switching) network to access its hosted UC solution. Since the MPLS network is dedicated to a single company, and not shared like the public Internet, many companies may feel they don’t need a Session Border Controller, that they can rely on their carrier to secure the connection. And some of them will be right.
“If you’re a 50-person software development company, maybe that’s OK,” Konrad says. “But if you’re a financial or medical firm, or you do sensitive government work, do you really want to trust your carrier? No, you want your own SBC.”
That’s because the SBC can ensure the connection is encrypted, which is a requirement in many highly regulated fields like healthcare and financial services.
Using an SBC to Secure the Public Cloud
Another use case for the SBC is with public cloud services such as Microsoft Azure or HP Helion. If a company were hosting a UC solution in one of these public cloud services, it ideally would want an SBC on both ends of the connection. That means talking with the cloud provider.
“All service providers should have an SBC but you should be asking them to make sure,” Konrad says. Also ask which SBCs the provider has tested its services with, to be sure it’s compatible with your own.