Security issues for hosted communications – benefit from the cloud but broaden the discussion
Enterprise PBX fraud has been rife for many years and it’s often a cited as a barrier to cloud service adoption. It’s a valid concern but cloud-based systems, built for T1 networks can offer much greater levels of security, as well as benefit from economies of scale. MNOs and service providers need to address these concerns and highlight the advantages their networks can offer. This is part of a wider discussion that needs to happen, shifting the debate from functionality and features to wider business concerns.
Some business users are concerned about the security implications of adopting hosted communications services. That’s a reasonable objection. Some enterprise customers feel that there is a risk in using a combined infrastructure, so have chosen to remain with premise-based solutions.
However, it transpires that there’s an even bigger threat in using an on premises solution. Dial-through fraud has been a problem for years. Different sources point to a significant problem, with some huge numbers being reported. We’ve seen reports suggesting, variously, $30 billion each year, $15,000 per business and a wide range in between. Regardless, it’s a serious problem and one that hasn’t gone away, despite being well-known for many years. And, with hackers becoming increasingly sophisticated and coordinated, it’s unlikely to go away any time soon.
So, if premises-based PBXs are so vulnerable and if the problem is so large, why do some enterprises approach hosted offers with such caution? Well, it seems to be the mistaken belief that a cloud offer is inherently less secure than something that exists within a private network. This is simply wrong, for a variety of reasons.
First, a carrier-grade hosted PBX benefits from carrier grade security. While fraud is a problem throughout the industry, MNOs and other T1 operators have a special responsibility to protect their customers, which applies as much to a consumer as to an enterprise. They are also subject to regulations and public sanction, which means they invest considerable resources in protecting their customers. By capitalising on their investments, enterprises can reduce those they incur for their own security systems.
Second, the aggregate investment of an MNO or Tier 1 SP in its infrastructure far exceeds that of most enterprises, with the exception of the largest MNCs. Taking advantage of this economy of scale delivers efficiencies to business customers that would otherwise be out of reach.
Third, there are some internet-based mobile and virtual PBX solutions, but while these have proliferated, there are others, such as Gintel’s EBCS that benefit from true T1 expertise and deployment environments that are designed to protect. These capitalise on advanced session border controller solutions, for example, that protect network boundaries and which allow fine-grained control of access, as well as providing appropriate alerts to give notification of any attempts at incursion.
Fourth, most MNOs operate billing control policies, with the ability to limit accounts in real-time based on activity that outside typical patterns. Instead of finding out after the fact, enterprises can work with MNOs to set appropriate control mechanisms and stop events before they escalate.
We could go on, but for now, a final point is that cloud-based systems deployed on carrier-grade infrastructure also benefit from the resilience demanded in networks that are built to sustain 5nines reliability. They are built with failsafe mechanisms, failover and redundancy to provide continuous operation. It’s quite right to be concerned about security but MNOs and Tier 1s can and should articulate reasons why they offer a better solution.
That’s what enterprise users want to hear. They don’t just want features and functionality, they also want reassurance that they are in safe hands and that their critical communications infrastructure is well maintained, secure and capable of delivering the promised service.
By addressing these points, MNOs and other service providers can really speak to enterprise users and provide them with the reassurance they need – and show how they can be protected against the risk of, for example annual losses of $15,000. When discussing hosted communications, the focus has to shift from what they system can do and how it can help meet valid enterprise concerns.