Concerns around security in cloud technology aren’t exactly new. Ever since we started looking to the cloud for help with recording, analytics, and data storage, we’ve found ourselves questioning whether it’s possible to protect such a wide, flexible network.
While cloud has a lot of benefits to offer the UC world, from scalability to increased agility and reduced costs, concerns over security continue to grow. This is one of the many reasons why companies like Tollring have invested much of their time and technology into creating a strategy for true cloud protection
As the discussion around privacy, regulation, and compliance grows more heated, I spoke to Carl Boraman, the Senior Vice President of Strategic Alliances for Tollring, to learn more about his thoughts on the future of UC security, and how organisations should be preparing for safety in a digitally-transformed world.
Why is Cloud Communications Security So Important?
It’s easy to understand why companies consider security to be such a consistent concern when it comes to preserving the reputation and performance of their business. Toll fraud and phone hacking have become a multi-billion-pound industry for criminals, with monetary damages more than double that of credit card fraud. In fact, it’s estimated that phone fraud costs more than £25.5 billion per year on a global basis – with the UK being the 3rd most targeted country. According to Action Fraud UK, the average PBX fraud between 2013 and 2016 cost up to £12,000 per business.
As experts in the world of software as a service and platform as a service offerings, Tollring is well-versed in the process of delivering value-added solutions to their customers in the ever-evolving industry. While in the past, we might have considered security to be just another one of these beneficial features, Carl told me that today’s customers no longer treat security as a luxury – but a critical component of any communications plan.
“Every business today – no matter where they are – is facing a host of new threats in the communications world, and the onus of responsibility is shifting away from a pure focus on the end-customer, pushing brands to think more carefully about the vulnerabilities in their systems.”
“It’s the providers and vendors today that are officially in the firing line, and it’s up to us to mitigate some of the risks. It’s not just about storing the right data, it’s also about testing for resilience, and being constantly vigilant in preparing for attacks.”
Carl noted that the modern UC customer entrusts the safety of their information and even their company to their networks and partners. “If companies don’t protect their clients, then they’re going to lose their trust, and a poor reputation could be more harmful to your brand than any fine. You can’t afford to take the risk when it comes to security.”
What are the Regulatory Requirements We Need to Consider?
Here at UC Today, we spoke with a host of different companies about the items on their CIO priority list for this year as we came to the end of 2017. For many organisations, the concept of GDPR and changing expectations around privacy was a common concern. Carl acknowledged that while federal regulatory compliance is important, businesses also need to think about local market challenges too, as the expectations can change according to where your business is located.
“Ultimately, everyone should be thinking more carefully about cloud communication security, regardless of whether you’re a CIO, CSP, or VAR. At Tollring, we’re definitely feeling the burden of responsibility, and we know that we need to make sure that our solutions are constantly being tested to the most extreme levels.”
In a world where the cloud is becoming increasingly popular, and communication strategies are growing more diverse and complex, organisations can’t afford to keep brushing security issues off as something that needs to be managed by “someone else”. Instead, it’s all about making sure that your section of the chain isn’t responsible for an end-users attack. “If something bad happens and it’s traced back to you, the loss of trust can bring your organisation down in an instant.”
However, for Carl, the concept of changing responsibilities around security wasn’t all “doom and gloom.” He suggested that the demands around cloud communication security could be an opportunity for the right brands.
“If you can make security central to your value proposition, and get everyone in on it, then you can really get ahead of the competition.”
In Terms of Security, is It Better to Be In the Cloud or On-Premises?
With so many threats seemingly connected to the cloud computing revolution, it’s tempting to consider staying on-premises and attempting to avoid the digital transformation era entirely. However, for most organisations, this simply isn’t an option. After all, the cloud can be more cost-effective, more versatile, and more open to constant growth.
According to Carl, security on the cloud can be more all-encompassing too. “I think that cloud is just better than local instances when it comes to security. Under the banner of analytics, for instance, we can monitor services, firewalls, and encryptions on a more consistent basis. Now that big data is in the cloud, we can even read what’s going on in a system, and make updates or changes far more rapidly – getting rid of vulnerabilities before they become too severe.”
Brands like Tollring have tools that make it easier for them to monitor their cloud offering: “If we see an excessive load on a system, we get an alarm, and our support team can immediately start figuring out where the problem started. The cloud is giving us benefits that simply weren’t there before.”
What’s the Best Strategy to Adopt When Scoping Security Requirements?
While, like most things in the unified communications world, there’s no one-size-fits-all strategy for exceptional security, Carl told me that he believes the best results can be achieved by businesses who start simple.
“You’ve got to get the basics right. Security should be the heart of the proposition, and there needs to be a strong alignment between the vendor, customer, and supplier.”
Security in the cloud environment is at it’s strongest when everyone is aware of the part that they have to play. For Tollring, speaking to the customer is a good first step, as the more you understand the partners, customers, and resellers you’re working with, the more you can implement strategies for safety throughout the whole chain of activity.
“Until the general public are more aware of the scams that are taking place in the industry, and staff know how to protect themselves from hacks, it’s up to us to continue looking for new ways to protect the customer.”
“This is the thing that’s going to be the key differentiator for brands of the future – the ability to offer peace of mind alongside cloud communications.”
Carl even suggested that Tollring is beginning to consider the idea of a “fully managed service” fraud solution for their clients. This would mean that they could give customers access to their own team of 24/7 support experts – constantly ready to assist with protection against fraud.
Where are We Heading in the Next 3 Years?
It’s hard to accurately predict where the cloud communication industry will be by the time we hit 2021, but an evaluation of current trends and practices could be enough to help businesses understand what they should be preparing for in the years ahead.
Carl told me that he believes security is a constant concern in the marketplace and an issue that’s unlikely to ever be completely resolved. “As technology becomes more sophisticated, the strategies used to break into that tech will grow more complex too. We’re constantly working on tougher encryption, better education, and stronger awareness strategies to tackle that issue.”
Boraman also noted that he believes we’ll see one of the big brands in the industry brought to its knees by a privacy or security issue in the next couple of years.
“I think there’s going to be a defining moment when people begin to realise just how important true security really is.”
With GDPR just around the corner, and security rising to the top of many CIO priority lists, the buzz around defensive strategies for cloud communication is unlikely to slow down anytime soon.
