FedRAMP Offers Robust Security for UCaaS

by Chris Meilhammer, Chief Operating Officer, Tyto Athene

Cloud-based unified communications (UC) will increase significantly as government agencies seek to control costs, move away from aging telecommunications equipment, and improve collaboration and communication across a mobile workforce.

The government market opportunity for communications solutions in the U.S. is large and growing, with an estimated 21 million contact center (CC) and UC seats. At least 8 million seats are expected to migrate to the cloud in the next three years. As part of the General Services Administration’s $50 billion Enterprise Infrastructure Solutions (EIS) contract, which is designed to provide advanced worldwide telecommunications solutions to government organizations, more federal agencies can now migrate to cloud-based UC and CC solutions.

Meeting the communications needs of federal, state and local agencies as they move to more flexible and efficient cloud-based communications requires leading-edge innovation and robust security and reliability features. Overall, agencies require highly secure cloud communications and collaboration platform solutions including voice, collaboration, video, unified messaging, voicemail and contact center under a cloud-based monthly subscription model.

Cloud-based UC solutions can be delivered several ways, depending on the benefits an organization wants from their cloud migration. Solutions will vary by user and situation. Unified Communications-as-a-Service (UCaaS) models that are being deployed include:

  • Multi-tenant is a public or apartment-style cloud where the cloud provider is the landlord. The customer gets all the benefits of apartment living but gives up some control. All upgrades are scheduled by the provider at specific times. There is one instance of the platform that serves all tenants simultaneously across a shared infrastructure consisting of many virtual machines. Separation of tenants’ resources is achieved through logical segregation rather than the physical separation of resources.
  • Multi-instance is like a condominium version of the cloud. Unlike living in an apartment, customers have control of their space. Inside the cloud provider’s data center, there is a shared physical space, but tenants have their own virtual machines. When software upgrades or service packs must be applied, customers are asked when that can happen. Essentially, the virtual machine environment is wrapped with other services, such as access, billing, and operational support systems – the features needed to create a cloud service.
  • Custom, hosted cloud is available for those organizations that must be a customer of one. This is like being in a house. Within a cloud providers’ data center there are many server racks and customers have the keys to their locks. The environment is unapologetically slow and expensive, but totally customizable and granular.
  • FedRAMP government certified cloud-based UC solutions are designed for federal agencies and contractors who need to meet tight security requirements and compliance regulations.

Cloud-based UC solutions verified by the Federal Risk and Authorization Management Program (FedRAMP) can serve as a foundation for federal, state, and local government agencies and education institutions’ security requirements. FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. It also provides three authorization levels – low, moderate, or high – based on the type of data that needs protection and different modes of securing that data. To achieve high level accreditation, a cloud provider must comply with 421 safeguards and countermeasures to minimize security risks.

FedRAMP is flexible enough to accommodate agencies’ existing and future needs, whether that involves moving from one security level to a higher mode or wrapping additional security around UC functions. This means making cyber security features more virtualized and less reliant on hardware and appliance-based systems. To achieve this objective requires the use of algorithms and coding of applications within the UC system, for example, to strengthen authentication. In addition, development of security features will have to occur outside of FedRAMP’s framework because multiple applications and devices interconnect with cloud-based UC.

Agencies looking to leverage the efficiencies of cloud can tailor their UCaaS plan to meet unique government sector security requirements and address emerging cyber threats and technology changes.

Zero Trust for the Digital Era

As attacks on networked systems and applications are becoming more sophisticated, targeted, and frequent, there is a need for a more granular and in-depth approach to security.

One new approach gaining momentum is “Zero Trust (ZT).” Based on the concept “Never Trust, Always Verify,” ZT is a framework designed to help organizations proactively control all interactions between people, data, and information systems. The framework can be implemented as a guide for security practitioners across all IT areas, allowing agencies to securely reap the benefits of new technologies without stifling innovation. ZT’s six pillars can be mapped across all areas where UC needs protection, including user identity with a focus on authentication, device security, network security, application and workload security, automation and analytics.

The stage is now set for agencies to modernize their communications technology to better meet mission requirements and more effectively serve citizens from a secure, government-authorized cloud infrastructure.

Featured In:

Federal Times Tyto Athene featured