WHITE PAPER: A Secure Platform for Delivering Innovative Communications and Collaboration Services

0

The Oracle Unified Communications and Collaboration Solution provides a secure, highly scalable, integrated application, platform, and network architecture for delivering advanced communications and collaboration services to the enterprise on premises or via the cloud.

Security Hurdles and Challenges

The explosive growth in Unified Communications and Collaboration has led to the rapid deployment of IP-based unified communications and collaboration solutions that improve user productivity, provide seamless collaboration, and reduce cost. They do so by replacing the more expensive traditional PBX switches and PSTN networks and getting rid of silos that inhibit collaboration. Providing an all IP solution capable of delivering real-time and near real-time communication and collaboration capabilities over a single network introduces a variety of operational and deployment challenges. In contrast to traditional voice and video networks which were purpose-built to have stringent reliability and latency characteristics, IP-based unified communications networks transport many data types over networks that are inherently open. This exposes the IP communications infrastructure, services, and applications to a wide range of threats and service quality problems from eavesdropping, to denial of service attacks. Not only must IT organizations provide a reliable network capable of supporting low latency voice and video communications, they must also address other security and privacy concerns including secure access to data both in transmission and at rest and secure archival of a user’s communications to meet compliance and regulatory needs.

The Oracle Solution

compliance and regulatory needs.

Oracle’s Unified Communications and Collaboration Solution delivers innovative communication services including email, calendaring, instant messaging, presence, voice, and video securely and reliably. For most enterprises, email is a mission critical application and the ability to blend more real-time voice and video capabilities with traditional email services has become increasingly desirable. The Oracle solution delivers this capability while guaranteeing low latency required by voice and video networks. The solution brings together Oracle Enterprise Session Border Controller, Oracle Communications WebRTC Session Controller and Oracle Communications Unified Communications Suite. Oracle Enterprise Session Border Controller enables trusted interactive communications across IP network borders. Oracle Communications WebRTC Session Controller enables interoperability between any WebRTC device and any SIP network and includes secure authentication, encryption, and attack mitigation. Oracle Communications Unified Communications Suite delivers a rich set of secure and cost-effective communication and collaboration real-time and near real-time capabilities to any device, anywhere. Together, these deliver on the promise of highly secure data transmission and storage while protecting user identity and data privacy.

Oracle’s Unified Communications and Collaboration Solution

 

Figure 1. Oracle’s Unified Communications and Collaboration Solution – Functional View

A solution must address security concerns on multiple layers.

  •  At the application layer, security concerns include end-to-end encryption, authentication, anti-virus, and anti-spam prevention.
  • At the network layer, security concerns include addressing denial of service attacks, spoofing, intercepts, and more.
  •  Finally, platform level security involves providing a flexible, agile environment through the provision of developer APIs capable of addressing new threats as they arise.

Security at the platform level spans multiple applications and concerns itself with higher level functions that meet regulatory needs such as data retention, archiving, and legal intercept. The Oracle solution addresses security concerns on all these layers.

Secure Network

Conventional IP security devices such as firewalls, intrusion detection and prevention systems, and anti-malware solutions were not designed to control real-time communications sessions and do not address the unique security or service quality concerns associated with unified communications. Some of these conventional security devices actually introduce additional latency into the network, possibly breaking real-time communications altogether. The Oracle Enterprise Session Border Controller (E-SBC) is purpose-built to enable highly secure, reliable and scalable real-time communications. It leverages a unique multiprocessor design that delivers industry-leading performance, supports hardware-based encryption for ultimate scalability, and can be deployed in a redundant fashion to enable high availability. Furthermore, the platform provides extensive management security features and capabilities to restrict administrative access and prevent management attacks.

The Oracle Enterprise Session Border Controller provides Denial of Service protection functionality that protects enterprise network elements against DoS and DDoS attacks. The E-SBC itself is protected from signaling and media overload but more importantly, it allows legitimate, trusted devices to continue receiving service even during an attack. The Oracle E-SBC also performs client certificate authentication and supports optional Network Interface Units that offload processor-intensive tasks, thereby enabling high-capacity transmission encryption and eliminating the possibility of eavesdropping, tampering, and man-in-the-middle attacks. As a result of these innovations, the E-SBC provides a means for delivering real-time communications throughout the enterprise in a secure and reliable manner.

Secure Authentication and Data Transmission

At the application layer, enterprises not only need to secure their real-time traffic but they also need to protect the transmission and data integrity of their traditional communications traffic such as email, calendar, and instant messaging. The Oracle solution was built with security in mind and deploys a wide range of mechanisms to protect the data in both transmission and at rest. Such mechanisms include the use of Secure Socket Layer (SSL) and Transport Layer Security (TLS) encryption and the use of SMIME to sign and encrypt messages in transmission and in the message store itself. Secure transmission occurs across any channel, real-time or near real-time including instant messaging communications. Support for WebRTC delivers on the promise of secure communications to browsers that run on a variety of devices. Enterprises can take advantage of WebRTC to better manage their BYOD initiatives while keeping their communications secure. The Oracle solution provides multiple means to secure user authentication. For instance, it supports client certificate authentication, pluggable authentication modules and the Simple Authentication and Security Layer (SASL).

Data Privacy and Identity

However, security not only involves providing access to the application but also providing the right level of access based on the user’s identity and role. The Oracle solution supports roles and delegation of responsibilities based on these roles in order to define access permissions for both users and administrators. Secure authentication prevents unauthorized users from accessing a given user’s data. End-to-End encryption prevents hackers from eavesdropping and scanning a user’s data while in transit. Users can assign access control privileges to others including delegation access, manager access, read-only access, no access and more. Proper access control coupled with encryption and secure authentication insures the desired level of data privacy.

Security against attacks and malware

Extensive anti-spam and anti-virus protection features also help protect information assets and prevent lost productivity due to spam distraction or virus disruption. The Oracle solution supports Real-time Black Hole Lists to flag known spammers, address verification to help insure that messages are sent from valid domains, and relay blocking to prevent the use of the server as a spam relay. Support for server-side rules enables system administrators as well as end users to configure spam or virus filters. Additionally, the Oracle solution is pre-integrated with best-of-breed anti-spam and anti-virus technology in order to leverage products from the leading AS/AV vendors. The solution provides its own conversion channel for facilitating integration with other third-party content-filtering software. Custom conversion channels may be written for additional spam and virus protection as well as integration with archiving and reporting tools for regulatory compliance. Finally, the Oracle solution provides a built-in throttling mechanism to prevent denial-of-service attacks.

Recording and Archiving

An important consideration in selecting a UC&C platform is its support for operational and compliance archiving. The Oracle solution supports the Microsoft Exchange Journaling Format that enables the messaging server to interoperate with a host of archiving providers. Additionally, instant messaging communications utilizes an email archive provider that leverages the existing store and archive capabilities of the messaging server. As a result, IM communications can be securely recorded and archived for internal auditing and to support legal discovery for both individual communications and group chat communications.

A Secure Solution for Enterprises

Through the combination of border control and secure session management at multiple layers, Oracle’s Unified Communications and Collaboration Solution delivers a cost effective communications and collaboration solution that protects data in motion and at rest. The solution is comprehensive and covers the network, authentication, data transmission, data privacy, identity, security against attacks and malware, and communications archiving. Security permeates the architecture and the solution is available for both on premises and cloud deployments. As a result, enterprises are now able to overcome the challenges of integrating a diverse set of communications services and delivering them securely over a single IP network while meeting legal and regulatory requirements.

KEY BENEFITS

  • Secure data in transmission and storage across all communications messaging types: voice, video, email, chat.
  •  Improves user productivity through seamless presence enabled applications.
  •  Lowers total cost of ownership.
  • Scalability and high availability from hundreds to millions of users in a single deployment.
  • Multi-tenanted solution supports cloud and on premises deployment models.

KEY FEATURES

  • Secure access to mail, calendar, instant messaging, voice, and video.
  • Secure archival of communications data including instant messaging communications
  • Provides superior virus/spam protection through integration with best-of-breed anti-virus and anti-spam technology
  • Web UI and embedded presence offer seamless collaboration from the desktop
  • Supports hardware based encryption for ultimate scalability
  • Rich set of APIs for integration with other services

Contact Us

For more information about the Oracle Unified Communications and Collaboration Solution and to get a free trial, visit us at oracle.com/goto/unifiedcommunications or call +1.800.ORACLE1 to speak to an Oracle representative

 

About Author