Facing Up to New (and Old) Communications Security ThreatsFacing Up to New (and Old) Communications Security Threats

The good news about communications security is that enterprises plan to spend more on it this year. The bad news is that less than half have a plan for proactively implementing security for their communications/collaboration environments.

That was my biggest takeaway from last week’s Enterprise Connect webinar featuring Irwin Lazar, president and principal analyst at Metrigy, who presented hot-off-the-press research. Irwin offered some revealing nuggets about enterprises’ approach to security in the post-SolarWinds, mid-pandemic world we now inhabit.

More than half of the enterprises Metrigy surveyed for its new research said they plan to increase spending on communications security in 2021, Irwin said. The only spending categories that ranked higher were video meeting and team collaboration applications.

On the other hand, just under 41% of enterprises “have a proactive approach to managing workplace collaboration security today,” Irwin reported. That was the largest single category of responses, but the rest of the field is still working on security: Metrigy found 21% lack such a strategy, and the remainder were either planning, evaluating, or unsure when it comes to a proactive communications security strategy.

And, of course, the challenges for communications security are only growing and spreading out in new and less predictable ways. Irwin noted that the shift to work from home has led to an increase in split tunneling access by workers who need to connect both with internal resources (for which they can use a VPN) and cloud-based services (for which they can’t). If your enterprise is shifting to UCaaS as part of its pandemic response strategy, it’s important to audit your prospective service providers’ security posture, he advised.

In addition, the growth in video collaboration, and the continued advances in feature/function for these systems, increases their security risk, Irwin said. As video platforms offer instantaneous transcription, and as users rely on them as their central virtual workspace — and share documents as part of video sessions — these applications become a more tempting target and greater risk factor to the enterprise.

As with all security challenges, this one has no single, easy, set-it-and-forget-it solution. Irwin recommended supplementing security monitoring tools and session border controllers with the aforementioned provider audits and integrating communications security systems with the enterprise’s broader security infrastructure.

AI may offer some hope for the security picture as well, according to James Tessier, principal, market insights, at Oracle, which sponsored this week’s webinar. But while AI will improve the effectiveness of anomaly detection systems, James echoed Irwin’s conclusion that enterprise communications teams must embrace the holistic view of security that chief security officers demand of their dedicated security teams.

As Irwin put it in wrapping up his presentation: “Threats are continuing to grow, and they’re getting more complex.”