Cloud security is of great concern to enterprises today. Security is one of the main reasons that many business leaders are slow to adapt to Unified Communications and Collaboration (UCC) in the cloud. Keeping data on premises allows businesses and IT leaders to feel more secure. So are UCC cloud security concerns valid, or is the cloud a trustworthy technology?
In reality, the cloud offers many of its own security advantages. Before businesses assume that the cloud isn’t safe for UCC, it is worth taking a look at what is available and determining the risks associated with moving to the cloud: companies moving to the cloud in order to replace various technologies and services could realize serious benefits, especially if the solutions serve as an extension of the network and security infrastructure already in place. When deployed properly, cloud solutions can help SMBs (small and medium-sized businesses) and enterprises become more agile and can help with cost savings.
Unified Communications as a Service (UCaaS) is one of the fastest-growing markets in communications. The cloud can enable companies to:
- Decrease equipment costs
- Move certain budgeting from a CAPEX to an OPEX model
- Simplify management and cost-tracking
- Improve scalability
- Increase IT speed and agility
- Allow for disaster recovery and business continuity
When a company hesitates to choose UCC in the cloud, it needs to understand what the security threats are and how to approach security for the solution. So what are the risks? In 2013, the Cloud Security Alliance (CSA) identified "The Notorious Nine," the top nine cloud computing threats. The report reflects analyses among industry experts surveyed by CSA, focusing on threats specifically related to the shared, on-demand attributes of cloud computing. These nine threats are:
- Data theft/breaches
- Data loss
- Account/service traffic hijacking
- Non-secure interfaces/APIs
- Denial of service
- Malicious insiders
- Cloud abuse
- Insufficient due diligence
- Shared technology issues
According to a recent survey, physical theft, employee mistakes (like lost devices), and insider threats were responsible for 42.7% of 2013 data breaches in the United States. In another 29.6% of data breaches, hackers broke into data owned by companies and government agencies. Big tech companies, major retailers, and airlines were among many of the recent victims. According to the Alert Logic Cloud Security report:
- An enterprise data center (EDC) is four times more likely to suffer a malware/bot attack than a cloud hosting provider (CHP).
- EDCs and CHPs are equally vulnerable to a “vulnerability scan” and a “brute force” hack.
- EDCs are three times more likely to suffer a recon attack and four times more likely to suffer an app attack.
- Cloud providers are 40% more likely to suffer a Web app attack and 10% more prone to vulnerability scan weakness than an EDC. In recons, malware, bot, and app attacks, the cloud seems to have less risk than most on-premises technologies.
- In the end, cloud risks are manageable, and no one is 100% secure.
- Cloud-based technologies and services do have security advantages. For many cloud service providers, there is a strong commitment to security. This commitment means:
Businesses get enterprise hardware for a small-business price. With cloud computing, data are stored on enterprise-grade hardware, equipment that is typically unaffordable for most SMBs. UCC customers get safer equipment.
Companies get more focused security for UCC. For cloud vendors to be successful, they need to focus on securing their service. This means that instead of attempting to prevent a variety of more general threats (as your in-house model would require), cloud vendors are spend time securing online data.
Flexibility and agility can be achieved in the cloud. Many IT organizations are stretched thin and have a hard time balancing day-to-day operations with strategic projects. One of the advantages of UCC cloud services is the speed of deployment. Businesses have the flexibility to roll out cloud services without the IT time and resource commitments typically associated with a legacy deployment model.
UCC professional management saves time and money. Using the cloud in order to store data means that businesses get trained professionals to manage patch and server software updates. IT resources can be deployed to more strategic initiatives in order to help bolster the organization.
Investing in top-level security features brings value to individual cloud service providers’ businesses. Businesses that adopt cloud-based UCC services get the opportunity to put someone else’s financial resources to work, which can help reduce security spending. A provider’s commitment to security means it has to invest in more scalable infrastructure and information security than do most organizations. Those investments are significant, and service providers will bear that burden for companies. This can create economies of scale and efficiencies that benefit organizations.
The market for UCaaS is growing rapidly. A recent report on UCaaS projects that the global market will grow $7.62 billion by 2018, at an estimated compound annual growth rate of 24.8%. Much of that expected growth is due to the service providers’ dedication to security improvements and customer confidence. Value-added resellers that sell cloud-based UCC services have a huge market to sell to, which will result in ongoing revenue. If not, now is the time to get into this market — as long as your company has an attitude toward strong security and excellent customer service.
Are you finding that some customers are still afraid to move to cloud-based UCC due to security concerns? Please comment below.