The road to a secure, seamless communications UX

My biggest frustration as a unified communications and collaboration (UC&C) user has been the sheer disconnect between the experience sat at my office desk, compared with on the move. No matter where I am, I want a consistent experience from inside and outside of the corporate network.

Remote real-time communication and collaboration recently became far easier with the proliferation of high-speed fibre broadband and 3G/4G mobile data connectivity. How to deliver seamless remote connectivity in a secure and manageable way, however, remained elusive.

The trusty virtual private network (VPN) was the traditional approach, whereby creating a secure tunnel between the device and network brought the same user experience as being connected to corporate local area networks (LAN). But VPNs presented their own challenge: internet protocol security (IPSEC) based VPNs needed client software to be deployed and managed on each device and secure sockets layer (SSL) based VPNs were beset with browser compatibility and security issues.

Confusion and frustration

A new security challenge was added to the mix: with bring your own device (BYOD) and choose your own device (CYOD) initiatives increasing in popularity, organisations started allowing employees to use devices designed for consumers, but then became faced with the challenge of securing and managing those devices.

This is where the VPN approach faltered. It was great for providing ubiquitous access, but it opened up access from and to the device and any application, malware or virus that it may be running. It’s incredibly difficult to restrict how employees use devices and what software they install. A combination of internal firewalling, device posture checking and complex VPN access policies were the only way to properly secure the network.

To address these issues, along came a new remote access strategy. Organisations started securing applications instead of the devices they ran on, as well as using public cloud services such as Salesforce, Google Apps and Office 365, which entirely removed the need to access the corporate network.

Thin client environment

It would appear the humble VPN’s days are over. But, the thin client approach isn’t reliable enough to deliver real-time voice and video. Yet the VPN model still requires users to connect devices to a corporate VPN service before launching their communications apps, which is of no use to mobile workers.

But there is another way! The proliferation of session initiation protocol (SIP) as the industry standard approach for the establishment and control of communication sessions created its own issues. Given SIP trunks delivered connectivity to the public telephone network, they needed to be secure and translate between different vendors’ SIP stack implementations.

So, along came the friendly session border controller (SBC) which sat as a demarcation point between corporate SIP services and the outside world, securing organisations’ communications, translating between public and private networks and manipulating SIP headers to ensure interoperability in a multi-vendor environment.

A seamless UX

In parallel, UC vendors developed SIP stacks for their IP endpoints, as an alternative to traditional proprietary signalling protocols. It was therefore a natural extension to enhance the SBC, which was already the expert of SIP translation and security, to provide secure connectivity to remote SIP endpoints as well as traditional SIP trunks.

So a common device can now be used to securely terminate service provider SIP trunks, SIP trunks to third party private systems and remote user UC endpoints. While this method has been deployed by carriers offering entry-level hosted IP telephony solutions for a number of years, it is only now being adopted by end user businesses.

The result is a seamless communications user experience. I can now utilise a physical IP phone at home without an additional layer of authentication to configure. I can launch UC&C apps on my laptop, tablet and smartphone whenever I have Internet connectivity, confident in the knowledge that my SIP signalling and conversations are securely authenticated and encrypted.

Dan Davies, Product and Solutions Director, Maintel