kras99 - stock.adobe.com
How do you apply a zero-trust security policy to UC?
An important piece of remote and hybrid work is keeping UC environments secure. Learn how a zero-trust policy keeps user and app communications secure.
Remote and hybrid workforces have placed an increased emphasis on the use of unified communications, or UC, services within the enterprise. A significant concern for IT security teams is the ability to protect these sensitive business communications from end to end.
With the introduction of zero-trust methodologies, security administrators are increasingly eager to deploy zero trust to better protect UC environments and prevent data loss or theft. This requires that zero-trust practices not only be applied to protect user access on the front end, but also workload security on the back end.
As it stands today, a zero-trust security policy focuses on user identity, authentication, device posturing and granular access control of users and devices attempting to reach corporate applications and services. Regardless of where the user or device is located, the principles of least privilege are always applied. Once a successful authentication is complete, end-to-end encryption is established, and those users or devices are restricted to accessing only what is explicitly granted.
From a UC user access perspective, authentication, device posture checks, encryption and detailed logging are applied across the board for all users, regardless of whether they are working directly on the corporate LAN or are remote.
Protecting communications across users, apps and workloads
Keep in mind, however, that zero trust is typically implemented on a corporate network for all critical business applications, data and services within an enterprise. It must also be said that zero-trust strategies should address the little discussed, yet important role of protecting communications between application workloads that may be spread across multiple data centers and clouds.
According to Vivek Bhandari, senior director of product marketing at VMware, multi-cloud environments have several components communicating across various data centers and clouds. Modern applications, for example, could communicate with each other through APIs or more traditional app communications. But these workloads need to apply zero-trust practices to all users as failing to protect communications opens the door to bad actors who could penetrate the network and move within the corporate infrastructure.
A hybrid UC platform is a perfect example of this. A hybrid UC deployment involves applications, services and data for voice, video, chat, directory and calendaring that all need to communicate with each other. Some of these UC services may be in a public or private cloud, while others are on premises.
A number of security functions must occur on the back end to secure multi-cloud workflows. But zero-trust principles are universal, so they work just as well at securing UC workloads as they do with user access.
A hybrid UC deployment that has integrated zero-trust methodologies will use tools such as unified endpoint management for identify federation and device posturing, as well as Secure Access Service Edge platforms that secure endpoints and communications and also ensure the optimal path to remote cloud services using software-defined WAN components, according to Bhandari.
To protect the cloud side of this communications flow, a workload security platform can be used with a distributed firewall architecture that includes Layer 7 access control, advanced threat detection, and network detection and response. Together, these functions create virtual microsegments that protect east-west workload communications within and between clouds, according to Bhandari.
In the end, administrators seeking to secure their UC environment with a zero-trust security policy should take the same approach as they do with securing any critical business service. The key is to look at the complete communications flow both between users and services, as well as workload flows between UC applications servers residing in the cloud.
