When we talk about security as an issue for enterprise communications and collaboration, the topic seems to break down into two pieces: the old or legacy challenges, generally with new permutations; and the new problems, those that relate to communications being more integrated with the overall network than it was in previous generations. I recently got a chance to learn more about the latter challenge, and a particular security dilemma I hadn’t heard much about before.
In a recent webinar, Sorell Slaymaker, principal consulting analyst at TechVision Research, joined Aaron Turner, CEO and founder of Hotshot, to discuss some of the new exploits they’re seeing. The example that struck me most is a security breach in which the attacker compromises some portion of the network—a database, say—and then, as a second stage, proceeds to access the target’s communications infrastructure. The aim of stage two is tracking the response to the initial attack and thwarting efforts to contain it.
Clearly, to these attackers, communications systems aren’t a silo or a low-value target. The attacker understands the role that communications systems play in the target’s security posture—in some cases, maybe better than the target entity itself does.
The solution to this particular challenge, according to Sorell, is to maintain an out-of-band communications system that IT teams can use once a breach is discovered elsewhere in the infrastructure. The assumption should be that if an attacker has accessed some part of your systems, they’ll attempt to eavesdrop on your communications as you formulate and carry out your response.
Another insight that struck me in the conversation between Sorell and Aaron was the importance of securing all of your communications systems, even those you might believe aren’t at risk. Aaron noted the importance of understanding user behavior when it comes to warding off security risks: When users have the opportunity to select from myriad communications tools—as is often the case in today's environments—they gravitate toward whatever is quickest and most convenient at the moment, giving security little if any thought.
This may include newer applications like team collaboration, but it may just as easily mean legacy systems to which you might not give a second thought. For example, Sorell noted, some enterprise folks take the attitude of, “I’ve been using email for 10 years and it hasn’t burned me. Why [worry about security] now?” The question suggests its own answer.
All of this is further evidence that if your job centers on communications systems, you need to focus on security like never before. It’s been encouraging to see this topic continue to grow in interest at Enterprise Connect, and as we get ready to launch the Conference Program for the 2020 event, we’re definitely planning to give it plenty of attention.
We plan to post the first portion of the EC20 Conference Program next week, filling in more sessions over the rest of the month. You can keep up with all the planning for the show at the website, and can get the best rates if you register now. I hope to see you in Orlando.