The Importance of Private, Reliable, Secure Business Communications
In the last post of our blog series we assured readers that "Machines Won’t Replace People in Collaborative Communications" For part eight, we review best practices for unified communications providers to follow.
Part 8: Best Practices for Unified Communications Providers
The essential definition of business is people working with other people – notwithstanding today’s ubiquitous digital technology, accelerating spread of devices and incessant surge of data. And the work of Unified Communications (UC) within business is simple, too: Make connecting and collaborating easier for business people.
Fulfilling this mission is not the sole responsibility of UC providers. Successful UC takes a collaborative relationship between solution providers and the people who use the tools those providers make. Providers and participants have a duty to design and put into action best practices in their corresponding realms of operation. Both parties play interdependent parts in making effective business communications. But, as UC providers, we’re happy to take the lead with this post and elaborate our role in five vital aspects – infrastructure, design, access, conduct and content:
1. Use Private, Reliable, Secure Communications Infrastructure.
Best-in-class UC solutions are a combination of private, reliable, secure networks and facilities:
- Data Centers
Support a distributed network architecture of multiple geographically dispersed, load-balanced servers or managing content, sharing applications and controlling codes. Top-tier service providers that are ISO 17799 certified or SAS 70 Type II audited host the data centers using redundant systems – such as multiple fiber trunks from multiple sources, multiple power sources on-premises and multiple backup generators.
- Hosting Facilities
Feature around-the-clock physical security with guards, cameras, motion sensors and other industry standards. Environmental measures include seismically-braced server racks (where applicable), raised floors, water detection systems, temperature controls, smoke detectors and fire suppression systems. Supervision of data center operations is 24/7/365, handled by on-site technical personnel trained in internet technology, networking and overall systems management.
Prevent unauthorized access and use of communications networks in the virtual world. Transmissions entering or leaving networks are screened per established criteria, such as secure socket layer (SSL) encryption. Variations and deviations from safe standards are blocked.
- Virus Protection
Prevent infection of communications networks through a multi-tiered defense automatically updated with the latest software.
- Business Continuity and Disaster Recovery
Anticipate various disruptions through random testing and simulation of detection, alert and response procedures on a quarterly basis. Backups are performed daily, with data encrypted and archived across the distributed network infrastructure in the short and long terms. This replaces the conventional method of creating magnetic tapes that are stored on premises and off-site.
2. Implement Private, Reliable, Secure Communications Solutions Design
Best-in-class UC applications are designed using private, reliable, secure development practices:
- Proprietary Servers
Proprietary servers based on security standards for web technology are the foundation of conferencing and collaboration applications. From start to completion, each step of the design process follows established software development best practices.
- Testing and Validation
Testing and validation of user input fields and data processing occurs comprehensively and completely before any application goes live.
- Life Cycle Management
Make sure life cycle management takes place at every stage of development with event logs archived and changes tracked before new versions of any product are released.
3. Maintain Private, Reliable, Secure Communications Access
Best-in-class control and management features enable private, reliable, secure UC sessions:
- Configurable Security
Use tiered password policies (strong to weak) and confidential personal identification numbers (PINs) for session leaders and participants.
- Moderator Powers
Use moderator powers such as “dial out,” “lock the door” and “dismissal” functions lend basic but firm control to session leaders.
- Timeouts and Automatic Dismissals
Prevent inactivity from rendering sessions vulnerable to intrusion.
- Alerts and Announcements
Tones and audio blurbs identifying participants by name when they enter or exit sessions ensure full awareness of who attends a session.
- Operator Assistance and Monitoring
Offer support to leaders and participants alike during large, lengthy and/or sensitive sessions.
4. Ensure Private, Reliable, Secure Communications Conduct
Conscientious policies by provider organizations support private, reliable, secure UC interactions:
- Privacy and Confidentiality Policies
Govern the conduct of the provider’s service team when interacting with customers and partners via internet, email or other channels involved in UC should be kept up-to-date and available for review.
- Reports and Notices of Compliance
Use Sarbanes Oxley or other relevant regulations promoting mature, transparent financial practices should be kept up-to-date and made available for review by the UC provider when appropriate.
5. Provide Private, Reliable, Secure Communications Content
Best-in-Class UC providers guarantee private, reliable, secure content management:
- Recordings of Customer Content
Record any media format created, copied and/or shared during UC sessions are stored for specified time periods online and then offline and available for purchase and/or playback according to service-level agreements. Archives are subject to purging policies within specified time periods and only recordings and metadata about the files are stored – without any proprietary customer information, such as account numbers.
- Access to Recordings is Controlled and Monitored
Control access to recordings according to service-level agreements and the provider’s internal privacy and confidentiality policies.
- Multiple Levels of Security
Levels of security should be available to UC customers that can be configured according to the individual requirements of an organization. Standard practices for online security such as logins, passwords and encryption should be applied to accessing content as they are applied to accessing sessions.
For our next and final post of this 9-part series, we delve into best practices for participant’s role in private, reliable, secure communications.