Unified communications security is venturing into unknown territory with the growing trend of embedding communications into business applications. New security challenges could emerge for IT as organizations fuse their communications to business apps by using APIs and communications platform as a service (CPaaS).
For instance, if an organization has used a communications API to embed click-to-call in a sales management app and the app got hacked, the hacker could access the organization’s phone system.
“If someone figures out how to route their traffic over my CPaaS connection, it’s a new era of toll fraud,” Nemertes Research analyst Irwin Lazar said.
Most CPaaS and API providers, such as Twilio and TokBox, haven’t quite discussed their positioning around security for their APIs, Lazar said. However, the vendors do offer security features such as encryption and authentication.
If a communications API is compromised, organizations could lose business if their services are made inoperable and transaction data is stolen. Also, a provider could lose credibility if a hacker uses an API for other purposes, said WebRTC consultant and API expert Tsahi Levent-Levi.
He said hackers would likely target the point of integration between a communications API and business application. “That is where care and attention to security will be at its lowest,” he said.
However, communication APIs aren’t wholly insecure. They do include security features such as transport layer security for API calls, the ability to revoke and regenerate API keys, role-based access to an API provider’s back end and an audit log of actions performed by users and API calls, Levent-Levi said.
To protect themselves, organizations must evaluate a CPaaS or API provider’s security measures, as well as their own. These measures range from role-based management of accounts to API keys that encrypt data in transit.
Levent-Levi said organizations should select API developers who understand security and have developed cloud services in the past. An external security audit of potential providers can validate a provider’s security practices.
Organizations must take similar precautions to lock down the business apps they are using with communication APIs to prevent hackers from stealing access keys and sensitive data or intercepting communications, he said.
Digital transformation plans are becoming popular; and for some organizations, enterprise collaboration is at the heart of it all.
The days of collaborating only in the office with a set number of tools are long gone. Now, collaboration occurs between internal and external users, and employees often bypass IT to use the apps they want.
Communication tools need to adapt to these collaboration trends, said Nick Patience, an analyst at 451 Research, a tech research firm based in New York. Nearly one-third of organizations have a formal digital transformation strategy, and another one-third is in the planning stages, he said.
In a recent webinar, Patience described a hierarchy of enterprise collaboration. The largest tier in the hierarchy is the individual user who needs to collaborate seamlessly across devices.
The middle tier is teams and departments where employees want to collaborate across the organization. The smallest tier is cross-organizational where employees want to collaborate with outside users and not worry about security, Patience said.
IT decision-makers see file-sharing tools, such as Box and Dropbox, as the enterprise collaboration software that will have the most transformative effect on workflows, he said. Social networking tools, project management tools, and web and video conferencing are also expected to affect digital transformation.
Supporting enterprise collaboration with cloud infrastructure
A cloud-based infrastructure has become increasingly important to support the evolution of collaboration software.
The percentage of organizations that don’t use cloud services is declining, according to Melanie Posey, research vice president at 451 Research. Organizations are increasingly deploying software as a service, infrastructure as a service and private cloud platforms to support employee workloads and business apps. Posey said 76% of workloads are expected to run in the cloud within two years.
“This is where digital transformation comes in,” she said in a webinar. “Cloud is the foundation on which digital transformation is happening.”
Organizations seem to be split on their approach to cloud deployments. In a survey of 935 IT decision-makers, one-third reported deploying new apps they didn’t have before the cloud, one-third are modernizing their current apps by moving to hosted software and one-third are migrating existing apps to cloud infrastructure.
Hybrid cloud will come into play as organizations opt for IT environments that mix on-premises and cloud services. A second facet of hybrid will see organizations focusing on the interoperability of cloud environments, such as private and public clouds working together to deliver business apps, Posey said.
Team chat is the latest trend in unified communications as business-based messaging has capitalized on the popularity and ubiquity of consumer-based texting. Team chat ultimately aims to boost worker productivity and streamline business workflows.
The popularity of team chat apps has soared in the past year. According to a Nemertes Research study of 40 midsize to large organizations, the use of team chat apps has grown from 2% in 2015 to 33% in 2016.
But a couple analysts are divided on the staying power of team chat apps.
“There’s a lot of hype around this space,” said Frost & Sullivan analyst Rob Arnold, “but I don’t know if these tools are going to be the collaboration solution for the way people work.”
Certain platforms and apps, such as enterprise social software, have tried in the past to create a hub of communications and collaboration, Arnold said. Team chat apps now follow that tradition.
“I like the concept and premise of combining all these communication tools, but I haven’t seen it truly done yet,” he said.
Vendors are rolling out team chat apps to ward off competitors, provide tighter integration for their services or differentiate their services, Arnold said. But as vendors add more tools to their portfolios, users might become overwhelmed.
“There are so many options available,” he said. “You want to have the tools you’re comfortable and confident with.”
However, team chat apps could surpass other previous social platforms by offering better real-time collaboration, said Nemertes Research analyst Irwin Lazar.
“People hate email and have moved into a text-first environment,” he said. “If they’re going to talk to someone, they text before picking up the phone and calling.”
Team chat apps — such as Slack, Spark and the recently announced Microsoft Teams — are as easy to use as texting, but enable corporate control and context, Lazar said.
Enterprise social software, on the other hand, was a massive undertaking for organizations, Lazar said. The deployments usually required a community manager and a complex platform for complex use cases.
“Team chat apps become a hub for work, which is a model that appeals to a lot of people,” he said. “This model is very different from social software.”
Team chat keeps conversations within the context of a topic. Users can also attach files, notes and hyperlinks to a chat space. Lazar said Nemertes uses Slack for internal communication and email for external communication.
“We’ve heard for years that social is going to replace email,” he said. “Team chat has finally done it.”
End users are embracing collaboration in new ways as they use multiple devices to complete their tasks, but they expect communication to flow seamlessly through all their devices as they work.
These employee expectations reinforce the need for organizations to deploy unified communications and collaboration (UCC) technology that melds audio, video and web conferencing, messaging and presence, said Wainhouse Research analyst Bill Haskins in a recent webinar.
Organizations experience five stages of transformation as they deploy and expand UCC technology investments, Haskins said.
Stage one is the siloed organization. At this stage, organizations are still relying on analog technology, such as TDM, and have yet to transition to VoIP. Individual teams within the organization may be bringing in their own collaboration tools, but the organization has no official collaboration strategy.
Organizations that want to move to the next stage should evaluate any costly and outdated technology and identify how IP services can improve collaboration.
Stage two is the enhanced enterprise. Enterprises have started the transition to IP technology, and collaboration tools, such as instant messaging and presence, emerge across the organization. However, the collaboration tools lack integration.
To move to the next stage, enterprises should consider where integration makes sense and focus on teams that exhibit good collaboration habits for others to model.
Stage three is the integrated enterprise. UCC technology is becoming increasingly integrated as organizations look to introduce tools like room-based video conferencing onto users’ desktops. Organizations start to embrace more distributed teams and expand their employee recruiting efforts.
The next step for integrated enterprises is to evaluate UCC vendors to find which one could provide a platform with a consolidated and consistent user experience.
Stage four is the unified enterprise. Users have migrated to a single UCC platform for all their collaboration tools. The strategy around collaboration shifts from cost savings to productivity.
Next, an enterprise should look at workflows that can be empowered with communications. Also, look for partners that offer API expertise, line-of-business integration and the development of skill sets.
Stage five is the transformed enterprise. Organizations are transforming workflows with integrated communications. But enterprises at this stage still have work to do. They must keep up to date on UCC technology advancements. The cloud is key for enterprises, in this case, as it alleviates UCC management burdens.
There is a three-step process for organizations as they move through these stages of deploying UCC technology, said Peter Quinlan, vice president of UCC product management at Tata Communications, which sponsored the webinar.
The first step is to focus on the areas that have the greatest impact. These are areas that would make the biggest difference for your users and your business. Organizations should also address major collaboration pain points.
The second step is to plan what comes next. Users can only handle so much change, Quinlan said, so there is a lot of risk in replacing everything at once.
Step three is to ensure the success of each individual project. Organizations should make sure each collaboration project achieves ROI and delivers benefits in the form of capabilities, features, productivity and user experience. Every upgrade should build on what came before and allow for future expansion.
Organizations that want to move on from a legacy communications infrastructure and break down application silos are turning to digital transformation strategies.
According to a survey from Nemertes Research, nearly 70% of the 368 IT leaders surveyed have a digital transformation initiative even if they don’t necessarily call it that. These initiatives include leveraging communications platform as a service (CPaaS) and application program interfaces (APIs) to embed communications into business applications. Organizations are also looking to deploy cloud-based unified communications to further their digital transformation plans.
Organizations are developing digital transformation initiatives to improve business processes, customer service, speed of business and employee interactions, according to the survey. These key drivers create business value for organizations, whether it’s reduced costs or higher sales.
While many organizations are aiming for some kind of digital transformation, only a few are fully digitized, according to a study from Forrester Consulting. More than 50% of the 158 IT professionals surveyed are behind “the maturity curve,” Forrester said, but their organizations expect to have all-digital workflows within the next two years.
Organizations that struggle to support digital transformation initiatives often lack a combination of three factors: budget, expertise and leadership.
“Bolt-on digital initiatives and legacy technologies perpetuate application silos that create barriers for efficiently completing work tasks,” according to the Forrester study, which was commissioned by Alfresco Software. “IT leaders will seek technologies that eliminate these silos in order to deliver the right information within the right application environment at the right time.”
But what does an organization with a successful digital transformation initiative look like? According to the Nemertes survey, successful organizations have a budget per employee and an advisory board or CEO to spearhead the initiative. Successful digital companies also engage IT and business units and include a marketing strategy controlled by IT or corporate leaders.
“The more successful companies invest more in technology overall,” said Nemertes analyst Robin Gareiss. “IT success is greater when you have digital transformation in it.”
When planning a rollout of new unified communications and collaboration tools, organizations must view their entire workforce as virtual even if it may not necessarily be the case.
More than half of knowledge workers routinely work from a remote location, typically from home or a satellite office, rather than a corporate office, according to a Frost & Sullivan survey of 406 IT decision makers that examined the impact of a virtual workforce on their UCC tools investment priorities.
Even employees who work from a traditional corporate location are virtual workers since the people they need to work with on a daily basis may not be in the same location, said Melanie Turek, vice president of research at Frost & Sullivan, in a recent webinar that examined the survey results.
The survey found that smartphones are the most common UCC endpoints, with 75% of IT decision makers currently using smartphones for business purposes. Nearly one-quarter of IT decision makers expect to use smartphones within the next three years.
Headsets, too, are becoming popular in organizations as more employees use conferencing tools.
“As we move forward with UCC, we’re finding more people need some way of keeping their hands free while working and participating in calls,” Turek said.
The survey found smartphones, instant messaging, headsets and conferencing services were the most important UCC tools for business productivity. This finding mirrored IT decision makers’ budget priorities. The survey found that IT leaders will prioritize smartphones, tablets, social media and collaboration technology in their 2016 and 2017 budgets.
To support the different UCC tools required for a virtual workforce, organizations are moving away from a single-vendor infrastructure. With so many tools available, Turek said, enterprises might struggle to maintain a single-vendor service that would meet everyone’s communication needs. Instead, organizations are looking to multi-vendor infrastructures that integrate the tools employees need.
But organizations planning to roll out new UCC tools must consider the business roles of their employees.
“Not everyone needs all these tools,” Turek said. Organizations should not approach UCC with company-wide deployments, but instead think about why they need a certain tool, what business goals the tools will help and who will benefit the most.
Employee collaboration habits have prompted new ways of working, and IT’s role has changed in the process.
Employees are embracing collaboration, remote working and bringing their own apps and services into workplaces and business processes. IT must get a handle on these trends or risk not only security, regulatory and cost issues, but control over the technology in an organization.
To do so, IT must evolve to focus on both the technology and business processes, said Melanie Turek, vice president of research at Frost & Sullivan, in a recent webinar that explored IT’s evolving role in UCC.
The biggest challenge facing IT, particularly in larger enterprises, is the number of collaboration apps that employees are using on their own. IT must determine which of these apps are used in the organization and how they fill a business need that IT is not addressing. Then IT must plan on how to get users off those apps and services and onto company-approved apps.
“There is a gap between what the business side wants and what IT wants,” Turek said. “The most successful companies bridge that gap.”
To bridge that gap, IT managers should team up with line-of-business (LOB) managers to understand end-user needs and create policies for the apps, services and devices allowed in an organization.
They should plan strategically about which apps employees can use. IT should whitelist approved apps, enable cloud-based access from any device with single sign-on, and establish rights based on a user’s role, location and status, Turek said.
LOB managers should help IT assess end-user needs, including where employees work and whether their work is collaborative. Assessing end-user needs helps IT determine which tools will fit those needs.
“You want to get as specific as you can,” she said. “A financial services organization is going to use something like video conferencing very differently from a healthcare organization.”
IT managers need a deeper understanding of their users’ business processes in order to support them.
“For so many years they focused on bits and bytes,” Turek said. “Now they have to learn about the business and industry, and how business processes work.”
Nemertes Research analyst Irwin Lazar said the biggest issue he’s seen with Skype for Business deployments is performance management.
“Organizations struggle with the tools to do quality management,” he said.
For organizations that deploy Skype for Business as a softphone-based application, voice quality is the main struggle, Lazar said. With softphone apps, organizations are running Skype clients on a laptop or PC and cannot manage voice traffic like they could with a traditional voice deployment. Segmenting and prioritizing voice traffic over other data traffic on the network becomes impossible.
“If you roll it out and people aren’t happy with the voice experience, the question becomes: What can you do to fix it?” Lazar said. Many organizations turn to third-party providers, like IR and Nectar, to manage voice QoS for Skype for Business.
Rely on user feedback, management tools for voice quality of service
“Quality of service is critical,” said Skip Chilcott, global head of product marketing at performance management software provider IR.
He said most organizations want to ensure they have tools that offer benchmarks to show Skype for Business performs better or the same as their previous system. Benchmarks can also help organizations automate management of Skype for Business QoS.
Chilcott said Skype for Business has seven codecs that can be used in a call. With performance management tools, like analytics and call monitoring, several codecs can be used on a call automatically based on QoS levels.
Additionally, organizations should not confuse QoS with quality of experience. For instance, a user might report a bad experience or voice quality, but the system reports good QoS, he said.
Chilcott said organizations must separate experience from service and rely on both user feedback and management tools to ensure good performance of Skype for Business.
Implementing SIP trunking can be a daunting task for many organizations. But enterprises can take certain steps to ensure their SIP deployment is relatively smooth. Industry leaders at Enterprise Connect urged organizations to heed these four common SIP pitfalls:
While SIP deployments promise cost savings, organizations must watch out for surprise costs. Most SIP trunking providers detail their costs on their pricing page, but additional fees are often found in a thorough reading of a contract, said Melissa Swartz of Swartz Consulting.
Swartz cited one company that discovered its provider put in the contract that every call to 911 would be $75. Other providers charge a fee for organizations that reach a certain percentage of calls that are less than 15 or 18 seconds, she said.
“They’re not deliberately hidden, but you have to read the contract,” she said.
To avoid pricing surprises, Swartz recommended running scenarios to estimate your usage, factor in additional costs, like backup, and look for other fees hidden in the contract.
Facilities and Features
Organizations must determine if their carrier is providing trunks all the way down the line and not relying on another carrier for the last mile, Swartz said.
“That’s something that can cause issues because the trunks are not under the SIP provider’s control all the way,” she said.
Organizations must also be mindful of the features offered by SIP providers. “There are words that different carriers use, but they don’t mean the same to each carrier,” Swartz said.
Larry Riba, lead voice engineer at nonprofit financial services firm TIAA, discussed an issue he had with a call-recording vendor. When TIAA was planning its SIP migration, the nonprofit’s call-recording vendor said it could support call recording with SIP.
“It was a terrible failure,” he said. Luckily, the issue was discovered early in the migration process, but it took months to fix and delayed the migration.
Configuration and Security
The configuration of session border controllers (SBCs) and firewalls must be done carefully to prevent service disruption. Swartz said if there’s a problem with the SIP service, the firewall should be the first place to check.
“If you’re not getting a call, it’s a firewall setting,” she said.
Properly configuring 911 services should also be a priority, to ensure that first responders are directed to the correct location. This is especially important for organizations that have multiple locations with a centralized SIP deployment, Swartz said.
Organizations should also make sure every part of their SIP deployment is secured properly, including fax lines and analog phones.
“You want an SBC that can handle all kinds of stuff,” said Mykola Konrad, vice president of product management at Sonus Networks.
Organizations will have different security needs depending on whether their SIP trunking service is delivered over an MPLS or broadband line, he said. The best thing an organization can do is include the IT department security expert early in the migration process.
“As soon as you’re doing something that says ‘IP’ on it, you have to have the security guy bless whatever the project is,” Konrad said.
Failover and Disaster Recovery
With SIP failover and redundancy, organizations must make sure their provider can offer business continuity.
“You need to understand from a carrier perspective how far they can see and what would trigger an automatic failover,” Swartz said. Organizations must quiz their provider prior to their SIP deployment on what triggers failover, if DID and toll-free numbers are included in call rerouting, and, if the organization uses a backup carrier, how SIP calls transfer to the backup.
Failover and disaster recovery should be seamless, said Ari Sigal, product marketing manager at Twilio.
“Some disaster recovery is simple call forwarding, but that doesn’t keep the business operating the way it typically does,” he said.
Sigal said Twilio uses APIs to allow real-time decision making and the ability to automate failover and call rerouting based on certain conditions.
SIP trunking offers big benefits to organizations, but “you’ve got to know what you’re doing,” Swartz said.
Unified communications will soon reach its “use by” date, and the next evolution of enterprise communications is around the corner, analysts say. But what exactly is coming next?
UC has reached maturity — in terms of language and technology — since entering the market in 2005 and will hit its “use by” date at the end of 2016, according to Art Schoeller, Forrester Research principal analyst.
“New things are happening today that redefine what we do with communication and collaboration,” he said in the webinar “Unified Communications and Collaboration Mash-Up: The Next Wave.”
UC’s maturity has reaped benefits for organizations that adopt UC technology. According to a Forrester report that surveyed 1,078 telecom decision makers, 91% saw improved team collaboration in their organization and 88% reported significantly faster problem resolution.
“It’s not the UC part that’s unique anymore, everyone is doing it,” said David Nuss, senior vice president of IT at real estate agency Cresa. It is how a vendor uses UC technology that will influence the next wave of enterprise communication and collaboration.
Vendors have started applying machine learning technology to their services to map interaction patterns and relationships, expanding on asynchronous communications to offer persistent collaboration workspaces, bridging asynchronous and synchronous communication through upcoming standards like WebRTC, and embedding UC into enterprise applications for real-time collaboration, Schoeller said.
Nuss discussed how Cresa needed to consolidate its disparate communication systems for a consistent employee and customer experience. The driver behind the consolidation was a cloud and mobile-first approach to communications that would be easy for IT to manage, lead to hard-dollar savings and support future communication needs.
Cresa chose RingCentral, the sponsor of the webinar, as its sole UC provider, which allowed the real estate firm to consolidate its 11 customer relationship management (CRM) services and 22 voice systems across the company’s locations.
“You name it, we had it,” Nuss said.
But the deciding factor for Cresa wasn’t that RingCentral simply offered the UC technology that the company needed, but what the vendor did with the technology — like integrating with Salesforce, analytics features and real-time collaboration.
Nuss said Cresa saw high adoption of its new UC system because of the system’s flexibility to allow individual users to customize the service to fit their needs while maintaining uniformity across the organization.
“Those are things you have to look at beyond just comparing dial tone, IM and video — what else are you going to need in the future?” Nuss noted. “Look at usability and efficiency for users when comparing platforms.”