Ask Ash: How to keep UCaaS secure in the era of hybrid work

Sponsored By: Beanfield

If you’re worried about the risks associated with sharing confidential information over these platforms- across various networks, and multiple devices, you’re not alone.

We asked Ash Brar, director of product and solution engineering at Beanfield about the cybersecurity risks you may face when adopting and deploying fully integrated UCaaS across your business.

Can integrating an office phone system into a UCaaS platform cause more cybersecurity risks?

Integrating PSTN integration into UCaaS creates a new, larger and more complex “attack surface” than if you keep your phone system separate. Like anything else that lives on the Internet, both Voice Over IP (VOIP) phone services and UCaaS platforms face cybersecurity risks. With Integrated calling, calls happen over the internet, from any device, and running as an app, so there are more vectors by which bad actors can access sensitive data, whether in storage or in transit.

Here are the biggest areas of concern:

  • Compromise of content store: Most UCaaS platforms store administrative tools and login information, as well as collaboration content (think shared files, chat logs, and call recordings) in their own networks. Whether it’s locally, or on the Cloud, you need to be confident that their network storage is secure.
  • Data intercept: The calls you’re receiving or making if you have integrated PSTN probably hold the most sensitive information, since they are likely with customers and suppliers. Un-encrypted voice and media streams are more vulnerable to intercept than calls on a traditional PSTN network because they happen over the internet. Intercepts can expose calling and called party information, instant messages, and other content data, as well as the actual voice or video calls themselves.

That sounds scary! How can we avoid that?

In terms of securing stored content…

The good news here is the most popular, commercially-successful UCaaS solutions happen to be the best at keeping data safe – so a data breach coming from their side is unlikely. They ensure end-to-end encryption and have a reputation for keeping their networks secure. Some of the top UCaaS providers can even let you take advantage of your existing secured cloud and integrate it with their platform, so you don’t have to worry about having data on multiple networks.

UCaaS platforms with less-robust security quickly fell out of favour since 2020, in no small part because they couldn’t cut it in terms of security. For this reason, you should be weary of smaller, less reputable players.

Another important aspect to consider when migrating to a UCaaS: No one should have unnecessary access to data, especially collaborators from outside your organization!
It’s important to be able to set up the right permissions for each user accessing the system. A reputable UCaaS will provide exceptional support for setting up user authentication rules and access permissions.

To protect data while it’s in transit…

The best way to protect data in transit is to encrypt it. Encrypting data ensures that anyone who would intercept it would find it to be unusable. To ensure that the data is encrypted through its entire journey, it needs to be encrypted at the endpoints (be it hard endpoints like desktop phones, or a software endpoint like an app running on a computer or mobile device) with encryption protocols.

There are two encryption protocols needed to ensure that safe travels for session data: Secure Real-time Transport Protocol (SRTP), which encrypts the actual contents of the calls, control using Transport Layer Security (TLS) protocol, which encrypts call party information, instant messages and other content data.

But what about folks working from home?

Endpoint security should be huge concern for any company that enables remote work, and work on mobile devices. In these circumstances, it’s difficult to know (a) if the individuals accessing your network resources remotely are who they say they are; (b) if the devices they’re using to access your network are compromised in any way; and (c) if the users are using unverified third-party apps (like generic VoIP apps) to access company resources by entering their credentials.

One way to mitigate these risks is to adopt a Zero-Trust Network Administration (ZTNA) security model. In a Zero-Trust environment, users have to identify themselves on a centralized system using two-factor authentication, and they have an obligation to make sure their devices are approved and secure. At the IT level, the framework allows for constant evaluation and authentication of users, gives them visibility into what resources a user is accessing, and the ability to spot suspicious behaviour.

If you have employees working from away, the Mobile Device Management (MDM) software should be integrated with your ZTNA strategy. Your IT team should have ability to control what apps can be installed on company devices and be able to assess the security posture of those devices – which is hugely important – because a sketchy app or malware from an infected device could potentially intercept data.

Ash Brar is the Director of Product & Solution Engineering at Beanfield. With over 23 years of experience, he has worked in the service provider space covering a range of infrastructure and customer focused roles.

Do you have a question for Ash? Email us at [email protected]

Like many organizations, Beanfield is moving towards a return to the office, with over 500 team members working both on-site and remotely. Employees in Toronto, Montreal and Vancouver stay in touch through a cloud-based unified communications platform, and enjoy worry-free, secure access to company resources through a robust Zero Trust Security framework. Having access to their office phone as well as all their communication tools from a single interface allows them to collaborate securely, wherever they are.

Beanfield is a privately held and 100% Canadian-operated company that designs, builds, owns and operates the largest independent fibre-optic network in Toronto and Montreal, with recent expansion to Vancouver. Committed to affordable urban connectivity, Beanfield connects more than 3200 commercial and residential buildings. All design, construction, installation and customer experience teams are in-house ensuring an efficient and streamlined experience. It is a telecommunications company unlike the rest, and recognizes the importance of connecting communities, not just networks. How It Should Be.


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Sponsored By: Beanfield