Verizon would love to be the sole provider of mobile communications services for every customer around the world. But, realizing that won’t ever happen it is going for the next best thing- managing mobile communications for customers regardless of the mobile carrier(s) they are using.
The concept is not ground-breaking in and of itself. Other technology service providers such as BT and IBM, as well as competing mobile carriers like AT&T already have similar offerings to help customers manage mobility throughout the enterprise and around the world.
Verizon is bringing a little something extra by including mobile security tools from Sybase and mobile expense management tools from Quickcomm Software Solutions. The resulting suite of services consists of five modules which can be mixed and matched to suit customer needs: inventory and expense management; logistics; mobile device management; mobile security and application management.
As the number one mobile service carrier in the United States, Verizon has a decent foundation to build on. We’ll see if the Verizon name combined with a different mix of tools is a recipe for success.
In an increasingly IP-based world, DNS (Domain Name System) is a critical part of the foundation for communications. A device or web site is associated with an IP address, but it is much easier to remember to type ‘google.com’ into a Web browser than to try and remember that ‘google.com’ is actually located at 126.96.36.199.
Just trying to remember the links and sites you have bookmarked would be like trying to remember the combinations to open the lockers of all of your fellow students in your senior year (assuming you have either A) as many links bookmarked as I do, and/or B) a graduating class the size of mine). I have no idea what their locker combinations were, but I do recall the majority of the names of my graduating class peers.
So, DNS=good and DNS=important. What happend if we lose DNS then? Well, if the DNS server is unavailable for any reason you will not be able to visit web sites, connect with devices, or communicate with anything that is mapped or referenced base on its host name rather than its IP address.
That may not be a huge issue if users can’t access Google for a couple of hours, but losing DNS can also render VoIP and unified communications useless. That’s why its a good idea to build VoIP and unified communications infrastructures that map to the underlying IP address rather than the host name.
In situations where DNS is required, for example when NAT (network address translation) is used to map translated addresses to the proper endpoints, DNS should be deployed in a resilient fashion so that it does not become a single point of failure. The loss or lack of availability of one DNS server should not bring the unified communications system to its knees.
FaceTime is building more comprehensive security into its Unified Security Gateway thanks to a partnership with Sunbelt Software.
According to the press release, “Sunbelt’s anti-malware technology, designed specifically for the gateway, and its Threat Track(TM) data feeds have been licensed by FaceTime for integration with its Unified Security Gateway product. As part of the integration, FaceTime will deploy Sunbelt’s VIPRE(R) technology into its appliance to augment the protection provided by FaceTime’s Security Labs and the FaceTime WebFilter.”
What that translates to for you is a gateway appliance that performs both Web filtering and malware scanning at the perimeter to keep bad stuff out and good stuff in. The combination of FaceTime’s Security Labs efforts to identify Web 2.0 threats and SunbeltLabs malware research provide a formidable defense against emerging threats.
If you are using unified communications and/or Web 2.0 technologies in your network, the FaceTime Unified Security Gateway is probably worth investigating as a solution for securing and protecting your network.
Implementing security controls after an attack or compromise of data is like shutting the barn door after the horse has already escaped…but worse.
Getting serious about VoIP and unified communications security after the whole solution is architected and implemented is costly enough. It is generally much easier and less expensive to implement sound security practices and controls organically as a part of the solution rather than tacking them on after the fact.
Sometimes architectural and procedural decisions made without security in mind are like water under the bridge and can’t be undone. You can put security controls in place, but they won’t be as effective as they could have been if security would have been a part of the initial design.
If you wait until after a successful attack or compromise of data you are just adding insult to injury. Its a double-negative. Now, on top of the more expensive, less effective security you were going to get by not thinking of security in the first place, you also have the expense of whatever financial impact or lost revenue the attack has, plus any potential damage to the reputation and credibility of the company.
Sipera VP of Marketing, Adam Boone, talked recently about just how costly it can be to forget about VoIP and unified communications security. Boone shared a story of a client victimized by toll fraud. Attackers placed 9,000 minutes of international calls turning the company’s normal phone bill of a couple hundred dollars to a $19,000 bill.
That’s $19,000 the company had to eat, on top of any security solutions it chose to implement to prevent similar attacks in the future. Shutting the door before the horse escaped would have saved it at least $19,000.
Is your VoIP or unified communications infrastructure secure? Are you planning to figure out the answer to that question now, or after it is compromised?
Are there any technologies left that don’t have ‘as-a-service’ tacked on to the end of the name? I guess it’s just the direction things are heading as more organizations embrace ‘cloud computing’ and vendors and service providers find more and more things to offer from ‘the cloud’.
One of the current hot technologies is unified communications, so it makes sense that one of the newest offerings from the cloud is UCaaS (unified communications as a service). A new SearchUnifiedCommunications white paper sponsored by Calltower explores the benefits and competitive advantages companies can realize by leveraging UCaaS.
The white paper covers topics such as:
How the global mobile workforce and current economy are driving the growth of UC
Why it’s imperative to determine business strategy prior to communications planning
How to identify the total cost of ownership (TCO) between onsite and hosted UC systems
How to evaluate UC vendors
Tips on transitioning to UCaaS and driving user adoption
Presence is arguably the glue that makes unified communications work. It is Presence, the ability to determine the current status and availability of contacts, that enables users to communicate more efficiently. Presence can let you see who is available, what they are currently engaged in, and allow you to choose the most effective method for communicating with that contact.
Maybe. I should say that Presence can do all of that…when used properly. However, users who simply set their status as Away when they are really sitting at their desk working because they don’t want to be bothered undermine the value of Presence. Similarly, users who have high idle times and show as Available when, in fact, they haven’t been sitting at their computer for the past hour also reduce the utility of the Presence information and in effect render it useless.
To be fair, as the concept of Presence and status have evolved from consumer instant messaging clients, the level of granularity for assigning status as well as the ability to control who sees what haven’t been there. In the early days of instant messaging services like ICQ status basically amounted to Available, Away, and Offline and pretty much anybody could see that.
Unified communications solutions like Office Communications Server 2007 R2 (OCS 2007 R2) have greatly expanded the concept of Presence though. Presence can tell if you are in a meeting or on a phone call. Presence can provide details about your status instead of just black and white information like online or offline. OCS 2007 R2 also allows users to determine how much information to share with contacts. One contact may only be able to see if you are available or not, while your manager or project team can also see details about what you are doing and when you’ll be available.
With access to the inner-workings of OCS, it is possible to determine whether a user is *really* Away, or if they are actively using their computer and just hiding behind the Away status. As this blog entry points out though, it is not an elegant solution. Uncovering the real Presence state is not something you want to provide every user, but for an Administrator this information may be valuable in determining how users are employing Presence and developing policies and user awareness programs to try and address any issues.
Advances in Presence like the granular availability information found in OCS 2007 R2 make it much more useful…when used properly. It is important that users are educated about the proper use of Presence and that they are encourage not to abuse the Presence states. Without accurate Presence information many of the benefits and efficiencies of unified communications will not be realized.
Microsoft recently released Web Scheduler for Office Communications Server 2007 R2. The Web Scheduler provides a web-based interface for conference management functions giving users the ability to:
- Schedule a new Live Meeting conference or conference call
- View and modify details of an existing conference.
- List schedules of all existing user of a Microsoft Office conference.
- Delete an existing conference.
- Send an e-mail invitation to conference participants using a configured SMTP mail server.
- Join an existing conference.
The Web Scheduler is an ASP.Net application and must be installed on the same Internet Information Services (IIS) server that the OCS 2007 R2 Web Components are running on.
Web Scheduler requires OCS 2007 R2. The ability to send email meeting invites requires an SMTP server- ostensibly Microsoft Exchange Server, but others will due.
One of the ubiquitous elements of a corporate desk in virtually any cubicle or office is the desk phone. When new employees join the team, assigning a phone number and supplying them with a phone are typically some of the first steps for getting them set up and ready to work.
A recent article on SearchUnifiedCommunications examines whether or not the desk phone is a dying breed. In an age of unified communications where users can make and receive calls from their computer using softphones and where much greater integration with and reliance on mobile phones is a key component, it seems that the desk phone is no longer necessary- like the appendix is no longer necessary in the human body.
Well, perhaps its premature to declare it unnecessary? Recent medical studies have suddenly discovered that the body makes valuable use of the appendix– an organ that has been dubbed useless for over a century. Like the appendix- news of the death of the desk phone may be exaggerated.
For one thing- companies already have them. So, sales of new desk phones may slow dramatically, but that doesn’t mean that companies won’t continue using the desk phones they’ve got until they’ve squeezed out every last drop of possible productivity from them.
Another issue is the performance of the computer itself. Desk phones are not cheap – corporate desk phones cost a few hundred dollars each. It may seem logical to suggest that users just leverage softphones and unified communications on the computer they already have rather than investing in the desk phone. That assumes that the computer has the horsepower to multitask and still manage to make and receive phone calls without impacting voice quality.
Many companies may find that they need to invest in upgrading the computer hardware to make the move to pure softphones feasible. As a long-term strategy, it may make sense to invest in the robust computer hardware. If you’re going to spend money either way, better to invest it in advancing technology and adapting to evolving communications methods instead of legacy equipment.
Unified communications is a rapidly changing market without a clearly defined product offering. Selling unified communications successfully requires being able to quickly understand and integrate new technologies, and the flexibility to evolve quickly as the landscape changes.
Companies that make their livelihood as resellers of telecommunications equipment spent decades essentially selling the same thing. A PBX was a PBX and it was basically built on the same PBX technology as a PBX from 30 years ago. Things have changed over the last decade though, and the pace of change seems to pick up exponentially from year to year.
A recent blog post noted “Some channel partners are still trying to figure out VoIP and now there’s unified communications, virtualization, and the cloud!” That is true, but don’t leave out virtualized unified communications in the cloud.
That same blog post went on to say “Business as usual or TWIWAD (”that’s the way it was always done”) definitely isn’t today’s formula for success.”
Success depends on three things:
- Stay informed and educated on emerging technologies and understand how they integrate with existing technologies and the value they provide.
- Establish a consultative relationship with customers and sell solutions- not specific products or services. The customer doesn’t care who the vendor of the software is or how the hardware is architected as long as it works and helps solve business problems.
- Don’t forget #1 and #2- but especially don’t forget #2.
Adapt. Evolve. Succeed.
In a past life I worked as a consultant for a very large global computer services firm. I was a lead security engineer and one of the first responders for incidents and virus outbreaks for a large, Fortune 100 customer.
The powers that be spent a significant amount of time and effort sucking up to the customer. The customer said ‘jump’ and we asked ‘how high?’ That included decisions about computer and network security and how to mitigate and resolve security breaches.
Well, leave it to me to be the rebel who said “um, didn’t they hire US to manage their security?” As far as I was concerned the value that we brought to the table and the reason they paid us was to let THEM know how to secure their computers and network, and to effectively and efficiently mitigate and resolve security breaches.
So, when I read a recent blog post titled ‘Why Not Leave Security to the Experts?’ it resonated with me. Whether its internal employees or external contracted resources, management needs to respect that security is a full-time role and let those who are focused on emerging attack techniques and trained in avoiding or blocking them do the job they were hired to do.
Here is the bottom line I learned while watching my management suck up to our large customer: they may like how compliant you are when you follow their direction and do what they ask no matter how stupid it is or how contrary it is to protecting and securing the network, but they also have short memories. When the proverbial ‘stuff’ hits the fan you will still be held responsible for the failed security and the customer will conveniently forget that they’re the ones who requested that hole in the firewall, or whatever.
I am not suggesting security pros go around being cocky or abrasive- but confident and assertive is OK. You will prove your value more and establish yourself as an indispensible asset by firmly doing the job you were hired to do and not catering to the whims of those who don’t know what they’re doing.
This is true throughout IT and throughout information security. It has particular application these days though with VoIP and unified communications. Companies are racing to deploy unified communications technologies, but slow to understand the security risks or invest in the controls and technologies to secure it. When the system is breached, you will be the scapebgoat taking the heat so do the right thing and stand your ground to ensure management understands the risks involved.