Mobile Security a Key Consideration for Enterprises: Sipera Exec
The widespread adoption of smartphones, tablet computers and other unified communications-enabled devices has effectively eliminated all barriers to constant connectivity for mobile employees in the enterprise. Workers can now video chat, IM and make VoIP calls from a singular device – wherever they are in the world.
While the proliferation of these devices has drastically improved communication channels within the enterprise, it has also left companies with another issue to solve: mobile security. One of the biggest problems that companies face is that mobile applications do not run on their own networks, meaning the information that is transmitted over them is highly unsecure.
To develop a better understanding about the concerns related to mobile security and the UC market in general, TMC CEO Rich Tehrani recently interviewed Gil Stevens, vice president of Engineering at Sipera Systems, a provider of real-time unified communications security solutions.
Stevens believes that the adoption of mobile technologies that cross into the cloud and other networks has created serious security and non-compliance concerns for enterprises. However, he also deemed that these devices are necessary for companies to compete in today's fast-paced business world. Stevens feels that better encryption and authentication standards are necessary for enterprises to take advantage of mobile innovations while also ensuring the highest level of security.
Tehrani and Stevens also touched on a number of other hot topics in the technology world today, including net neutrality and social networking. Stevens wrapped up the talk by giving readers a preview of Sipera's role at ITEXPO East 2011, which kicks off on Wednesday in Miami. He said that patrons who attend the company's booth will learn how to extend existing enterprise security practices to any mobile device.
The complete interview can be found below.
Rich Tehrani: What was the most significant technology trend in 2010 and what impact will it have in 2011?
Gil Stevens: The proliferation of smartphones and tablets in the enterprise was a significant technology trend for 2010. Authorized or not, more and more workers are using computing tablets and smartphones in the workplace and on the road. This leaves enterprises struggling to secure and support these devices, internally and externally, which is critical as these devices present unique security challenges that dramatically differ from traditional data security methods that rely on firewalls, user authentication, and encryption.
RT: What impact will the continued growth of cloud computing have on the communications industry in 2011?
GS: Borderless unified communications, where workers can utilize VoIP, IM and other Unified Communications (UC) applications on networks not controlled by the company, or in the cloud, is going to be a big trend during 2011. However, smartphones, tablets and other end point access devices must be secure. Increased encryption and better authentication is a must for enterprises to ensure all corporate communications are secure, and compliance is maintained for industry mandates including HIPAA and PCI DSS, while ensuring authorized staff have real-time access to networked resources and applications. Enabling new UC applications while maintaining the required enterprise security posture ensures cloud-based applications can be accessed in line with corporate information security policies, that untrusted networks (like the Internet) can be used in UC deployments, and new collaboration applications with external parties do not introduce new risk.
RT: Who will be the mobile winners in 2011 out of Google Android, Apple, Microsoft, Nokia and RIM?
The winners in the mobile world will be the functional, best in class, with easy-to-use interfaces that provide mobile privacy and security in the least intrusive way possible. Enterprises need their handset and carrier providers to package security services seamless into their products and services upon purchase, just as anti-virus solutions are packaged into new PCs.
More and more information is being accessed, sent and received via mobile smartphones. And, with enterprises using VoIP, IM and other UC applications more and more to support mobile workers and teleworkers, the enterprise is open at each of mobile computing device end points to floods, fuzzing, spoofing or VoIP spam as well as latency, delay, and jitter.
RT: What impact will mobile technology have on the tech space in 2011?
GS: Mobile technology must comply with privacy and security mandates including HIPAA, PCI DSS, SOX, etc., just as other technologies do. However, mobile technology crosses into the cloud and untrusted networks, presenting serious security and non-compliance concerns. For example, smartphones using WiFi VoIP are open to call interception and recording in real-time, among other vulnerabilities. Network and mobile security and mandated compliance needs to be extended to every mobile device, in any place, to protect personnel using mobile technology, customers and partners, and the entire enterprise.
RT: Where are the best opportunities in the tech space this year?
GS: The adoption of enterprise SIP trunks and UC applications will continue to escalate. Proactive and comprehensive security will enable the enterprises to more readily adopt mobile VoIP, IM, video and other UC applications for cost savings and more collaborative communications in real-time. Some of the best opportunities will be in the parallel growth models of security solutions and their technology counterparts like UC. Cyber capable organized crime and espionage and are only going to grow, and the demand for secure technology access is going to need to grow as mobile technology grows.
RT: How can technology change the world for the better?
GS: Secure smartphones, tablets, and laptops allow mobile workers and teleworkers to work as if they were in the home office. This ensures business continuity and productivity even during adverse weather conditions, pandemics, traffic or other circumstances that can prevent timely and ongoing access to enterprise offices. These enabling mobile technologies also deliver the benefit of enterprises being able to attract the best talent regardless of their physical location.
RT: What impact has social media had on how you interact with your customers? How do you measure its effectiveness?
GS: Sipera’s enterprise customers are engaging social media at a measured pace, experimenting with blogs, Twitter feeds, online forums, etc., as is Sipera. It’s still a bit early to accurately measure effectiveness as customers take their time determining where and how to participate.
Social media and privacy are just now starting to hit the forefront of everyone’s awareness, and are just now undergoing expert analysis as another window for cyber-capable individuals and organizations to attack the innocent and steal things of value. I see this as area that will get more and more regulated, very soon, for privacy and security requirements.
RT: How have you leveraged social networking as an internal collaboration tool?
GS: We use internal and external collaboration tools. And, as VoIP and other UC application use grows, we see more and more demand for our security product and services.
RT: The FCC has recently voted to support net neutrality. Is net neutrality necessary, or will it present more challenges than it will solve?
GS: Net neutrality necessarily encompasses privacy and security, presenting regulators with an extra layer of complexity. At the same time, Sipera and its enterprise customers expect the Internet to “always work.” While there are other facets to net neutrality, anything that ensures reliable Internet throughput is critical to enterprise UC and business critical communications. If net neutrality supports that, it will solve a potential issue.
RT: What will be the greatest technological development in 2011? Why?
GS: In terms of security, the greatest technological development for 2011 will be to stem the recent, massively escalated rash of SIP trunk attacks and toll fraud cases. In the second half of 2010, toll fraud attacks against unprotected VoIP hit a major spike, rising over 50 percent (VIPER Lab research findings). The daily rate of attacks jumped to 2,200 scanning attacks (average) of which 600 attacks were specifically targeting the VoIP/UC vector - SIP attacks. As a result, authorities in the U.S. and Europe cited VoIP security breaches costing enterprises tens of millions of dollars in toll fraud and premium-rate service fraud. Over the past two years, VoIP and UC attacks have moved from being somewhat theoretical into being real, costly and mainstream. While security experts work together to combat this, intelligent enterprises are adopting comprehensive, bulletproof UC security such as Sipera offers, potentially saving millions of dollars that could otherwise be lost to toll fraud, and security and privacy mandate (HIPAA, SOX, etc.) non-compliance liability.
RT: Why is your session a must-attend at ITEXPO?
GS: Securing smartphones and tablets in the enterprise is key for any enterprise UC implementation, as each of these endpoints can be an opening for an attack. Attendees will learn how to extend existing enterprise security practices to any endpoint device; see how these devices can be remotely hacked, compromising sensitive enterprise data, and phone calls and other confidential communications; and review best practices for protecting against these vulnerabilities, and ensuring compliance with HIPAA, PCI DSS, SOX and other privacy and security mandates.
RT: What other topics should be at the top of attendees’ lists?
GS: Attendees should make sure they understand all the benefits of implementing a unified communications strategy. Many enterprises are taking advantage of inexpensive VoIP smartphone applications and WiFi networks for mobile phone calls, savings hundreds of dollars in cellular call costs, particularly for personnel who travel extensively and otherwise face high roaming and international fees.
RT: What new and exciting products/solutions can we expect to see from your company in 2011?
GS: This year Sipera plans to upgrade its unified communications security appliance. The Sipera UC-Sec sits in the enterprise network and provides comprehensive security at the application-layer for VoIP, video conferencing, instant messaging, collaboration tools and other real-time communications in a converged network. Enhancements are expected to include more easily extending an enterprise’s VoIP and UC applications to any supporting device, on any network, and providing active policy enforcement for new UC applications.
RT: Please make one surprising prediction for 2011.
GS: One of the top five executives at Facebook, Google, Microsoft, Cisco, or another large technology vendor, will have some significant amount of personal or corporate assets stolen due to a UC application, smartphone or tablet security breach. This will become a highly visible case study for improved UC security.
To find out more about Gil Stevens and Sipera Systems, visit the company at ITEXPO East 2011. To be held Feb. 2-4 in Miami, ITEXPO is the world’s premier IP communications event. Stevens is speaking during “Securing Tablets and Smartphones in the Enterprise.” Don’t wait. Register now.
Beecher Tuttle is a unified communications contributor. He has extensive experience writing and editing for print publications and online news websites. He has specialized in a variety of industries, including health care technology, politics and education. To read more of his articles, please visit his columnist page.
Edited by Tammy Wolf