Security in Cloud Communications – How to Ensure Integrity
When it comes to security in cloud communications, there are numerous factors to consider. As mentioned in our previous blog post, Security in Cloud Communications: How to Ensure Availability, there is a framework for thinking about security called the “CIA triad,” which stands for Confidentiality, Integrity and Availability.
In this post we are focusing on data integrity. In a IDG Enterprise survey, surveyed CTOs and CIOs identified data integrity as a top concern. They reported that “data loss” and “data breaches” were their fourth and fifth top concerns.
In the security lexicon, integrity means “property of accuracy and completeness.” If integrity is maintained when a data packet is stored or transmitted, every bit of that packet remains in place, as intended.
In voice and video communications, an important aspect of integrity is the ensuring that each transmission is received by the distant end in a timely manner. This is one reason that ShoreTel has adopted the Multiprotocol Label Switching (MPLS). Older protocols require each router to decide the pathways for each packet, on the fly. If some of these decisions are wrong or just weirdly different enough, some packets may wander about, causing a hiccup in the transmission.
MPLS decides the routes ahead of time, appending a label to each packet with assigned primary and fail-over routes. Among other benefits, this helps to ensure that the packets arrive on time and in good order, maintaining the integrity of the transmission, providing a higher Quality of Service (QoS) and offering the users a smoother experience.
Once at rest, much of the data pertinent to Unified Communications (UC) resides in a database. These include call histories, message texts, voice mails, directories, recordings of audio conferences and other sensitive information. Ensuring the integrity of these data is paramount. Threats to at-rest data can be environmental: power surges, hardware failures, excessive heat and so on. These environmental hazards are part of the motivation for ShoreTel's “2n power and cooling” and redundant server architecture, mentioned in the previous post. Keeping things cool and supplied with clean power help prevent these sort of failures. If there is a failure, then the backup data are available and ready to repair the damage.
Intrusions by unauthorized persons or processes can destroy data integrity. Intruders can delete entire files, or corrupt them in subtle ways. Keeping intruders away from the database is key to data integrity. Simply put, the database is protected behind a series of security zones, Intrusion Prevention Systems (IPS) and firewalls.
The security zone that faces the Internet, for example, is called “the Demilitarized Zone” or DMZ. In this zone, all data are encrypted. Outsiders cannot see past the DMZ to the internal workings of the system; details such as the server addresses are hidden. In addition, the Intrusion Prevention Systems monitor the transmissions, looking for the tell-tale signatures of malware attacks. If they detect such a signature, they terminate the communication.
In these ways, and others, the ShoreTel system protects the integrity of the customer's data. At rest and in motion, every packet of data remains integral, and as it should be, down to the least significant bit.