When public cloud phone services go bad!
As a provider of business phone systems – premise based and cloud – it is not uncommon to run into customers, large and small, that have decided to run their business on public applications. Public also being code for free or cheap. The sense, when chosen, is that these free, open apps can do enough, are good enough.
A question that should be asked is whether the application is secure enough to trust my business intellectual property. What if your instant messaging platform was hacked? What if someone in your organization inadvertently posts confidential data to someone outside of the company or to a public forum using a file sharing app? After all, we read about examples of this happening all the time.
That doesn’t cover the risks associated with malware and viruses, which are not only getting harder to detect but increasing in quantity.
Skype users hit with ransomware demands
A recent article in ZDNET, shone a light on a new twist. Skype users receiving ransomware demands after their accounts were hacked through malicious code embedded in the ads which Microsoft is using to fund the ‘free’ service.
This isn’t a knock on Microsoft or Skype as much as a reality check that these things happen. As the tech person in the family it is not uncommon that I get asked to go check someone’s laptop that is not working properly. In nearly all cases it was because someone downloaded something from the internet. In some cases they even ticked a box to allow it. The point is, that it is often individuals making decisions that bypass the system ‘defenses.’
In a business you try and protect it with spam filters, anti-virus programs, firewalls and more. You force users to create difficult passwords and change them frequently but cannot stop them writing them down or giving them away to the first person calling them saying they are in IT.
But to then use a public service is like dropping the drawbridge and opening up the gates.
How does this reflect on public cloud services?
Public cloud services are just that. Shared, open, public. When your staff use a public instant messaging service to connect with another employee, sending company info, contact info and files, you have no control of where that data may go. It could be hacked but it is more likely that they send it to the wrong person. Oops, wasn’t that funny? Well, no, not from a business perspective. With rules governing what is considered private and confidential data regarding individuals getting stricter, the last thing you want is to create a situation where you cannot control the security of that data.
Why would they use a public service?
With the proliferation of mobile devices came a flurry of apps that were either fun to use or made our lives a bit easier. There are so many ways to share information and each new generation hooks on to the latest and greatest.
The expectation now is that your business should provide options on how people communicate with each other. If you are not, well, they can just download some free app and start using it.
By NOT providing the capability they need and desire, you have left the door open. I have seen some businesses that try and manage this by sending out rules telling their staff what they can’t do. This will work for a while. Some staff will point out how much more productive they can be and, if the company still does nothing, it will be the cause internal friction.
Business Unified Communications – Private, Secure
What is needed is a communications platform that is private, secure and offers the tools your staff need to stay connected and be able to communicate no matter where they work. Today people are quite comfortable working on the road, in coffee shops, at customer premises or from home. It lets you reduce office space costs. It makes the team more productive.
It does it without opening up your company to the risk of malware and viruses that can afflict a public cloud service.
It also doesn’t rely on all your staff being security experts.
It can be a cloud unified communications platform. It should just be a private configuration for your business.
Ultimately every business needs to make a decision on the cost to their business when using free or cheap services. There is no free lunch. If it is free, it is for a reason. It could be to quickly get a large number of users for an IPO, or to prove a service to then create a chargeable version or because it is advertisement funded. It could be free because the developers did not have to invest a lot of time creating the application by leaving out the security elements or the expertise to build in security or want the overhead of trying to keep up with ever changing security risks.
Whatever the reasons, do you want to risk your business on something that is a security risk from day one?