With enterprises implementing sophisticated telecom networks to improve their operational efficiency and reduce opex, security has become a key concern for an organisation’s IT administration. Several enterprises, especially large companies, have upgraded their traditional public switched telephone network (PSTN) to an IP-based communication system. While an IP-based network offers several advantages over PSTN, it necessitates the deployment of robust security measures for effective functioning. Meanwhile, enterprises are also opting for cloud-based solutions, which have inherent security risks. With increasing adoption of smartphones and tablets, enterprises are embracing the concept of bring-your-own-device (BYOD), which poses a significant threat to an organisation’s network given that standard security measures are difficult to implement on these smart devices.

tele.net takes a look at some of the security threats and risks posed by new telecom and IT solutions…

In the past, enterprises had implemented PSTN to meet their communication requirements (voice calls and fax). But PSTN has been vulnerable to several security threats including toll fraud and eavesdropping. The majority of voice communication through PSTN is not encrypted and can be intercepted by unauthorised users to eavesdrop on the network. With the internet becoming the backbone of standard communication, several enterprises have partly replaced their traditional voice networks with VoIP to reduce opex and mitigate the security risks associated with the PSTN.

However, contrary to expectations, VoIP has increased the vulnerability of enterprises’ communication systems as several new potential threats such as viruses, denial of service (DoS) attacks, data tunnelling and call blocking have emerged. Today, DoS has become the single biggest threat for an enterprise telecom network. To counter these threats, enterprises have partnered with IT companies and telecom operators to deploy various security solutions such as intrusion detection/prevention, firewalls and content monitoring. But these solutions cannot prevent attacks against PSTN and also increase network latency, which impacts the quality of service.

Cloud computing is another area that requires enhanced security management. Many enterprises have shifted to cloud infrastructure to store data, perform their day-to-day operations and enhance resource utilisation. While the cloud ecosystem offers significant cost, resource and agility advantages, it is susceptible to data theft, malicious attacks and unauthorised network access and control, which affect the operational performance of enterprises. One of the biggest threats associated with cloud computing is data loss and leakage. According to a poll conducted by Symantec, 43 per cent of the surveyed enterprises lost data stored on cloud servers. Industry experts attribute this loss to lack of visibility of data movement in the cloud infrastructure. Further, most enterprises opt for public cloud services and are thus vulnerable to malicious attacks. Another issue with cloud computing is the distributed DoS attack. In this mode of external attack, a significant quantum of spurious data packets are sent to a specific target (IP address, local area network) through multiple IP addresses using a botnet. Since the incoming data traffic is higher than the handling capacity of the target system, it makes the latter unresponsive and prevents legitimate users from accessing it.

Further, with the concept of BYOD gaining ground, new security challenges have surfaced for enterprises. First, deploying different security management solutions for a variety of devices is an expensive and cumbersome process. Second, organisations do not have much control over employees’ devices, which poses the risk of corporate data theft. Moreover, employees install various third-party applications and software on their devices. This allows developers to have control over the system configuration and data stored on the employee’s device. As an employee utilises this device to access corporate data, third-party software can compromise the organisation’s IT and communication network and jeopardise its credibility. Third, there is risk of data loss if these devices are lost, stolen, sold or exchanged. Fourth, there is an inherent risk of virus and malware attacks as most employees do not have premium antivirus software installed on their devices. Addressing these issues is essential for enterprises to ensure effective transition to the BYOD model.

Going forward, as enterprise mobility gains traction, companies will have to implement innovative security solutions to prevent malicious attacks and data theft. Collaboration with IT companies and telecom operators would play a crucial role in enabling enterprises to address the security issues associated with evolving communication technologies. Enterprises could also opt for the choose-your-own-device (CYOD) concept to avoid the security risks associated with BYOD while retaining the benefits offered by the latter. CYOD basically allows enterprises to select a set of smart devices, which can be offered to employees for their official and personal use.

Further, enterprises can develop an in-house application store, which will help prevent access to the corporate network by third-party software developers. Enterprises would also need to come up with measures to deal with violations of the service level agreement by the cloud service provider. Though these measures may not be sufficient to immunise the communication and IT network, they will certainly limit the external security threats encountered by enterprises.