Unified Communications Featured Article

What to Consider When Vetting a UC Solution Provider

By Donna Wenk
Senior Vice President of Channel Sales, Broadview Networks

More than ever, businesses are acknowledging the benefits of outsourcing their communication solutions management to an expert third party by considering the switch from legacy premise-based communication systems to cloud-based unified communications (UC) solutions.  UC integrates traditional telephony solutions with other communications and productivity applications on the Internet protocol (IP) network enabling a myriad of capabilities including email, audio, Web and a video conferencing, company-wide chat, presence, file sharing and more. While these advanced features encourage operational efficiencies, they also increase infrastructure complexity, which is why it is important to understand that not all cloud-based, hosted UC solutions are created equally easy to use or secure.

Before partnering with a UC provider, there are important distinctions and variations among service providers that agents need to be aware of.  As a trusted advisor, agents need to assure their clients that their employees will be able to easily use the UC features and that the company’s sensitive data is in the hands of a reputable UC provider. Consider the following important set of criteria before creating your partnership.

Usability and User Centricity

Outdated communications systems are difficult for the average employee to operate, which leaves many features unused. Agents must choose to work with a cloud UC system that meets the need for ease of use, or else their clients will never see the benefits of advanced UC features. If a solution is not intuitive and user-centric, the migration will be a failure and the entire shift to UC will prove to be a wasted effort with a solution no better than the legacy system.

Ease of use is critical to achieving the end-user adoption desired and reducing any potential resistance to change. Therefore, the desktop and mobile user interfaces need to be intuitive, providing easy access to the UC solution’s features and capabilities. A centralized dashboard will allow individuals to manage their preferences and settings from anywhere. For example, employees can determine colleagues’ availability, or presence, at a glance and set up call forwarding or mobile-twinning within a moment’s notice to ensure that a call is never missed. Administrators can add new users with the click of a button when onboarding new hires. This ease of access and ability to self-manage streamlines the use of technology, reducing hassle and immediately increasing productivity. Look for a user-friendly interface that will help make both novice and “power users” more efficient, and lessen the burden on IT staff.

Call Security

Cloud-based UC systems are hosted on the provider’s servers, accessible through an encrypted Web browser leaving nothing on site to be vulnerable to hacking, theft or even damage.  In addition, cloud-based services run and manage the hardware and software in their data center, and are responsible for monitoring and managing the service on behalf of the end-user company. However, not all cloud providers offer the same level of security, particularly in their UC systems. Look for providers that can guarantee that calls using the public Internet are encrypted from the handset into a secure network so data remains protected and confidential. The most secure providers will encrypt voice calls, voicemail message and recording with Transport Layer Security (TLS), cryptographic protocols that provide communications security over a provider’s network, and Advanced Encryption Standard (AES) a symmetric encryption algorithm. Some cloud-based UC systems allow internal IT staff to change user settings through flexible Web portals that work across multiple devices. Offering internal abilities, like controlling who is permitted to forward voicemail, further safeguards private information.

In addition, if any primary data is lost, corrupted or inaccessible, when the hosted service provider is able to provide a 100 percent cloud-based UC solution, they have a working copy of the data stored safely in the cloud, and provide recovery tools that allow quick and easy restoration of configurations and data on demand – no matter the location. This means that voicemail messages, recordings and online meetings should also be encrypted when stored on servers to ensure only those who are authorized can replay them, and the administrator of the system should control who is permitted to forward voicemail, further safeguarding private information.

Compliance Standards for Data Security

With the amount of sensitive information that can be stored on desk and softphones— voicemail, call recordings, chat and collaboration tools— enlisting a responsible UC provider that has the proper security controls in place is more important than ever.  For instance, if your client is in the healthcare field, make sure that the provider is willing to sign HIPAA Business Associate Agreements (BAAs) and that the solution is hosted in carrier-grade HIPAA/HITECH-ready data centers with strong security controls ensuring calls and messages are encrypted. This will protect patient data and prevent unauthorized access to private health information. Leading cloud service providers take security and compliance very seriously, and adhere to stringent security audits that demonstrate they have adequate controls and safeguards to keep customers’ mission-critical business communications secure. Therefore, when vetting potential UC providers, agents should be concerned with whether or not compliance auditors can be provided with the information they’re looking for to confirm the systems and services are secure and compliant.

The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA), a regulatory agency that scrutinizes and verifies a cloud provider’s data-storage practices, developed a certification that verifies whether a cloud service provider has been through an in-depth third-party audit of its control objectives and control activities, which include controls over information technology and related processes. Ask the provider to share their Service Organization Controls (SOC) 3 audit report, and if there is further concern, review their SOC 2 report as well. In addition, the most secure cloud providers that operate data centers are Statement on Standards for Attestation Engagements (SSAE) 16 certified by independent third-party audits that confirm systems and services are protected against both physical and logical unauthorized access.

The UC market is flooded with new service providers, who are all competing for agent partnerships. When usability and security are leading determining factors in choosing a UC solution, it is essential that providers are vetted thoroughly so that clients’ sensitive data and agents’ reputations as trusted advisors are both protected.