• Chris Newell

Security and UCaaS

Unified Communications as a Service (UCaaS) providers are tempting targets for cybercriminals and hackers. How do organizations take advantage of all the benefits UCaaS provides, but also be ensured it is a secure solution?

For businesses, the biggest appeal of UCaaS is the ability to consolidate voice and telephony services, instant messaging, email / voicemail, collaboration / meeting solutions, and communication-enabled apps into one cloud-based functionality. It is a power tool. Not only does it drop all those components into one cloud-based environment, but it also takes away the high cost of capital investment in upgrading equipment and creates cost flexibility. All this “data” bundled up in one ecosystem makes UCaaS a very enticing opportunity for the likes of cybercriminals and hackers. Whether you are in the market to change suppliers or upgrade to UCaaS, there are a few security matters that should be reviewed before signing on the dotted line.

Security Protocols

Security protocols have always has been important, but in the COVID-19 era they have been magnified to new heights. Think about the sheer amount of video conference and online conference calls your company has had since March 2020. Now recall on how many shared screens with proprietary information were virtually shared back and forth. Not to mention attachments, screenshots, and shared logins and passwords! When you add in all the times employees have logged in from home, their mobile devices, at the coffee shop, back porch, and everywhere else under the sun, you can see how imperative to have security protocols in place while using UCaaS applications.

User Access and Controls

It has taken some time for companies to understand that not every single person who uses the system needs access to the whole system. Just like you would not give every employee at a corporation a key to the CEO’s office, not every employee needs access to all data and features in the UCaaS environment. Permission profiles should differ for the different roles within a company, creating specific profiles for each person to assign rights and levels of permission to complete tasks.

The all-time “it can happen to you” example that gives this directive weight occurred in 2013 when Target saw 70 million customer credit card numbers swiped from its database thanks to hackers who stole the login credentials from a third-party vendor. A company that sold Target freezers for its grocery store section needed access to just one thing - an app for submitting invoices. Instead, it had access to Target’s entire system through a universal profile and when its credentials were swiped via malware, Target’s data vault was cracked wide open.

Data Encryption & Compliance

When you are on calls, how secure is the call from hackers while you are in communication? It is vital for the solution to have calls encrypted. Not only do you need to ensure your voice traffic is secured, but when the supplier is storing your data it is important to understand the type of encryption being used.

If your industry has compliance regulations to adhere to, making sure the supplier that you are working with has the required compliance accreditations is necessary. Even if it is not required, understanding what is included in these compliance accreditations can ensure that your provider has the proper security protocols deployed within their solution set. To name a few; HIPAA, SOC 2, Fedramp, FERPA, and GDPR.


UCaaS is a smart financial, technological, and business move that allows companies to consolidate resources and reduce costs. But without the proper safety protocols in place, the risk outweighs the rewards.

32 views0 comments

Recent Posts

See All