Unified Communication Manager Evolution Blog Series
The evolution blog series focuses on the latest developments of Unified Communications Manager, what’s new in the latest versions, the best functions and features that clearly demonstrate the value of upgrading older versions, whether that’s on-premise, in the cloud with Cisco Unified Communications Manager Cloud, or a Cisco Hosted Collaboration solution. The world is changing and evolving… These blogs explore why, and so must we.
Cisco’s Collaboration Software — A Wise Choice For Security
What would you do if your data was hacked? What if someone committed fraud on a small or large scale or someone held your business and data at ransom?
In this blog I will explore the security around Cisco ‘s collaboration software and endpoints and specifically Cisco Unified Communications Manager 12.5 (UCM 12.5). I’ll share some tips to maintain and enhance the level of security of your collaboration solution. Let’s start with the legislation.
Legislation Packs a Punch!
Payment Card Industry (PCI) Compliance and Data Protection legislation such as GDPR and HIPAA have evolved in parallel to our industry’s ever-increasing demands for privacy and security. Enterprises care about the protection of their customer data in order to reduce the risk of scams, fraud, and identity theft. Industry standards and practices are more comprehensive than ever before, stipulating minimum and recommended levels of security.
For example, disabling Secure Sockets Layer (SSL), along with implementing a more secure encryption protocol, such as Transport Layer Security (TLS 1.1) or higher. Note that although TLS 1.1 is mandated by PCI DSS, Cisco strongly encourages TLS v1.2.
Watch this video for a quick overview:
We frequently see security breaches in the press which include loss of data, disruption from ransomware attacks among others. These breaches may result in significant cost to companies along with other negative impacts from the loss of trust that results.
So How Good is Your Security?
Security is only as good as your weakest link. Your weakest link could be your people, processes, or technology. Enterprises still take and store credit card details for financial transactions. Many company’s processes may allow customer data to be sent around in unsecure spreadsheets and media. Some contact centers run on older technology with phones that don’t support the latest security protocols.
Whether you have an e-commerce site, contact center with automated credit card processing or sales agents on the phone, or even if you store customer data and payment details; you need to lock down every aspect that may handle this data. Encrypted data and access restriction are examples of appropriate measures to reduce the probability of a data breach
You need to keep up with security updates to leverage the best tools to lock down your environment. Failing to properly secure your network can result in data breaches which may entail fines along with the impact to your customer’s trust and your brand reputation.
Are you Doing Enough?
Are the minimum recommended requirements enough. Is your business doing enough? Do you have a security strategy? Do you have a security program that is regularly tested? Do you use the appropriate technology? Are you being complacent without realizing?
You need to:
- Regularly test your organization’s people, processes and technology.
- Continually assess your exposure.
- Every individual in the organization (including the ones in the management of the technology) needs to be fully aware of their responsibilities.
- Ensure that your collaboration software and hardware are current.
- Make security awareness and compliance part of your standard business processes.
- Continually Refine your security strategy.
- Evaluate your security policies and best practices.
Compliance with legislation may not be enough. A policy that deploys high security techniques before they are legislated will help you mitigate the risk of an attack!
What is Cisco Doing to Help You?
Cisco technology can help you if you evolve your business platforms. As a minimum to support TLS 1.2, administrators should update the collaboration environment to software release 11.5 (SU5), contact center software to release 11.6(1), and Cisco Jabber® to Release 11.7 or later.
Learn more about Voice Over IP Compliance. Also, read our latest white paper on PCI DSS Compliance and workarounds.
New Security Features in Unified Communications Manager 12.5
Unified Communications Manager 12.5 (CSR 12.6) comes with some very useful security solutions that enhance your capability.
For example:
- UCM 12.5 secures multi-fork call recording with CUBE to enable MiFID 2 compliance for Financial Services Organizations. This enables you to have up to 5 recording streams for redundancy and speech analytics.
- It provides TLS and SSH cipher management – enabling you to set an appropriate level of security for all elements on the network, or HTTPS TLS or SIP TLS.
- Encrypted IM & P Message Archive You can encrypt your IM&P Message Archive to keep private messages private.
- SIP OAuth provides a simplified process for encrypting calls made by your Jabber client. It leverages TLS and mTLS without the need for complex client certificates.
- Both CUCM and Expressway now support a Single SAML Agreement per cluster. Organizations can implement dual factor authentication both inside and outside of your network.
- QR/Activation Code QR/Activation Code not only simplifies the way that you deploy phones but improves the security posture of those phones by removing cached username and passwords.
Cisco Devices- Phones
The latest IP Phones, 7800 and 8800 models support TLS 1.2. This mitigates vulnerabilities in earlier TLS versions, enhancing security on your network devices. This is not possible with older models of Cisco IP Phones(6900, 7900, 8900, and 9900 Series) that you may have deployed.
- With TLS1.2 you can use Eliptic Curve Cryptography and SSH to strengthen your security for phones beyond the minimum specifications. Taking advantage of the cipher suite management.
Read our white paper — Cisco IP Phone 7800 and 8800 Series Security Overview
In Summary
Whatever your security policy is, Cisco is building and designing robust system solutions. Solutions that have longevity in life span and that are continually updated with security updates and fixes. Cisco also provides significant version upgrades with enhanced functionality and feature capabilities. This provides the opportunity to benefit from richer features, management tools and security, giving you even more robust systems in the continual battle against the cyber criminals.
Talk to your Cisco Account Manager or Preferred Cisco Partner to find out more.
Don’t have one? Find a partner now!
Learn More:
- Connect with others blogs in the Unified Communication Manager Evolution Blog Series
- Calling in Webex Teams — Powered by Cisco Unified Communications Manager
- How Much Security Do You Really Need?
Hi Wade, Great reminders and pointers for Security around CUCM space. CSR 12.6 and modern phones make security much more manageable!