Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

How to tame enterprise communications services


Communications capabilities are essential to the success of organizations everywhere. Voice, e-mail, text messaging, multimedia messaging, file sharing, streaming video, conferencing, collaboration, and more you can’t do business without them. But as traffic volumes and the number of communications services in use continue to grow, so do the IT and operational challenges.

Communications services have historically been provisioned by, and are of course still widely available from, broadband landline and wireless carriers who seek value-added revenue to offset the commodity nature of their “big dumb pipe” core businesses. But there are also numerous third-party solution suppliers, private implementations, and unified communications (UC) product and service capabilities. In addition, an increasing number of cloud-based services many of which are often aimed squarely at consumer end-users rather than organizations are seeing significant organizational application, and unfortunately often via backdoor or shadow-IT routes.

This robust array of alternatives has created an organizational communications-services landscape that is both large and complex, with challenges related to cost, reliability, interoperability, compliance, management visibility, and security that absolutely must be addressed.

How to build a strategic framework for communications

What’s the difference between overall organizational success and results that otherwise fall short? Often the differentiating element is the strategic application of multi-modal, high-availability communications capabilities.

But with so many staff members now working remotely or otherwise mobile, and with BYOD (bring your own device) a more-than-significant element in the provisioning of both communications devices and services, it’s critical to understand demand, options, and solutions strategies that can produce the best results in any given case. There are two key elements at work here, as follows:

Modalities Contemporary communications requirements extend well beyond simple voice (primarily telephone), e-mail, and texting to data sharing, collaboration, and increasingly a wide variety of cloud-based services. It’s important to assure that all interaction models one-to-one (calls and messages), one-to-many (for example, presentations and streaming video), and many-to-many (conferencing and collaboration) are available and properly supported. Temporal elements It’s also important to support communications that are temporally uncoupled , meaning that the receiver need not be present during a given transmission (think voicemail, e-mail, and texting). In this case, however, the critical elements are where and how messages are stored and archived and, always, security requirements.

These essentials lead to a number of key considerations that every organization must consider, as follows:

Policy An organization-wide, written communications policy is vital, and it should include a definition of permissible communications traffic (for example, entities that can legitimately receive organizational communications; an Acceptable Use policy might also serve here), facilities, monitoring and enforcement mechanisms, support capabilities, required record-keeping (usually of transactions alone, but sometimes of content as well) along with retention mechanisms and durations, with all of these often influenced or even dictated by specific regulatory and compliance requirements. Functional requirements and service set This includes a definition of required capabilities and specific implementations, whether integrated or consisting of distinct individual services like e-mail and messaging. IT organizations should take the lead in both definition and operations here. Security and integrity There are few concerns within IT that are greater than the security and integrity of both data and IT infrastructure, including networks, servers, cloud services, and beyond. Many users, however, are not even vaguely aware that e-mail and texting are not at all secure without additional steps being taken, and experience shows that uneducated users will regardless commonly favor expediency over security. While local security policies enumerate specific requirements, building a culture of security is a necessary prerequisite to establishing and maintaining successful communications capabilities. Cost control As end-users, especially those traveling internationally, could indeed run up big bills on carrier networks if left to their own devices, it’s vital to have communications costs addressed in one's BYOD policy, as well as having agreements with service providers in place and utilized at the organizational, and not (just) the BYOD level. Management visibility This is, unfortunately, where our model gets tricky. While it’s easy to obtain sufficient visibility into services purchased or otherwise operated directly by the organization, and similarly easy to limit exposure to costs incurred via BYOD, the major challenge is in detecting and mitigating unauthorized communications, the single largest challenge to productive and secure communications. Unfortunately, the wide variety of communications capabilities available to literally anyone on the Web means that policy and related reinforcement is at present the only option in mitigating this challenge. Enterprise communications options, issues, and considerations

Building an appropriate communications solution set, as we noted above, can be very complex. There are two key sets of strategic alternatives here, as follows:

Carrier vs. over-the-top (OTT) services Especially due to the broad adoption of both mobile handsets and BYOD, carrier voice and messaging (SMS/EMS/MMS) services are the default and essentially primary communications vehicles for many if not most users, with carrier gateways enabling at least partial interworking across otherwise distinct networks. Messages here, however, are again beyond the control of organizations, and thus numerous reliability and security challenges are always present. Such can, of course, also be true for the growing array of Web-based OTT solutions available for voice, data sharing, messaging, and even collaboration, including such popular services as Whatsapp, Signal, Facetime, Slack, and many more.It’s important, then, that organizations limit the number of products and/or services permitted for internal communications. At the same time, a consideration of the value of bringing OTT communications services under in-house management must be on the table. Organizational vs. consumer solutions On the other hand, given the vast array of cost-effective (many even being free) end-user/consumer-centric services, many organizations, especially those not subject to industry-specific regulation, may choose to essentially outsource communications to an (approved-by-IT, of course) select group of services. As always, a careful evaluation of security requirements should be undertaken before this route is selected.

Three additional considerations enter into the above decisions, as follows:

Supported device universe Just as is the case with enterprise mobility management, it may be desirable to limit the combinations of mobile devices/operating system versions and revisions supported by IT for internal communications in the interest of bounding operating and support costs. On the other hand, the use of third-party products and services can move this challenge onto the supplier’s plate. End-user preferences Expect pushback from a portion of the user base no matter what

Viewing all articles
Browse latest Browse all 12749

Latest Images