- A TechNote on Unified Communications
- Gary Audin, Delphi, Inc.
Non-technical issues may be greater than most enterprises and their IT staff may anticipate when subscribing to Unified Communications and collaboration (UC) cloud services. This is the second of two TechNotes on implementing UC cloud services. The first TechNote, "Barriers to UC Cloud Success, Part 1," focused on the business case for the UC cloud service and the terms of the cloud service agreement. This second TechNote focuses on protecting enterprise data, accessing emergency services, and telecom regulations that may limit international UC coverage.
Protecting Cloud Stored Data
Two of the fears encountered by enterprises when they consider the cloud is how well secured is the data stored in the cloud and can the transmissions be monitored. Ensuring security and privacy of the information that passes through and/or is stored in the cloud are continual problems for the enterprise. In addition, there are federal and state industry specific regulations and compliance requirements that have to be satisfied. The legal responsibilities and liabilities of the UC cloud service provider and enterprise need to be fully documented. In this age of virtualization it is difficult to determine where data is located and what legal requirements are in force where the data is stored.
Here is an issue that almost every enterprise may not plan for except maybe the lawyers. What if a government agency subpoenas data of another enterprise sharing the same virtualized UC cloud service? There has been more than one case where the FBI confiscated all the servers and storage systems because it could not isolate the subpoenaed data. This created a situation where the other service subscribers could no longer access to their data. For intents and purposes, the stored data was lost. How is the enterprise protected in this case is part of the legal agreement?
Enterprises are accountable for their data and cannot contract their compliance requirements to a third party. In another situation, the provider was asked to deliver data as part of a court case. The provider could not comply. The provider and the enterprise where both fined and the enterprise lost their court case, because the enterprise could not produce relevant data to support its legal position.
There are ways to mitigate these problems:
- Limit the geographic location(s) of the data for both the primary and backup sites.
- Adopt a provider compliance management program. If there are compliance problems, be proactive. If some legal issue arises over the compliance failure, then it is more likely the enterprise will be favorably considered with the blame focusing on the provider.
- Establish litigation hold and support guidelines that are satisfactory to the enterprise lawyers.
- Contract with providers that have a proven record of compliance with regulations and standards.
- Routinely assess the provider's evidence of compliance. Perform this assessment without notifying the provider.
- Encrypt the communications transmissions and stored data with limitations for the provider's access to the keys.
Emergency Services are Necessary
Do not exempt the provider from supporting emergency conditions and handling 911 and E911 calls. 911 is national in scope. E911 is state regulated. There are enough state regulatory differences so that one E911 location requirement will not fit all locations. For example, the physical area covered from an E911 call may range in size from 7000 to 20,000 square feet depending on the state regulation.
These calls present challenges for the provider. There is the safety of employees, contractors, and visitors to be ensured. Inadequate emergency response actions may lead to tort liability. Finally there is the technical design to meet the requirements.
The cloud service agreement should accurately and completely define the enterprise and provider responsibilities. The costs may not have been factored into the into the original service quotation. There are third party 911 and E911 services that may have to be part of the UC cloud implementation but are not part of the UC cloud provider's agreement with the UC provider and the 911/E911 providers limiting their individual responsibilities. If the 911/E911 solutions are too expensive or do not meet the regulatory requirements, then the enterprise may have to:
- Retain some of the TDM lines for 911/E911 access
- Pay fees to third parties especially for nomadic device applications
- Create separate arrangements for international emergency access capabilities
Providers would prefer not to accept the emergency responsibilities. Look for disclaimers in the contract that assigns the burden solely to the enterprise. Some disclaimers will probably exist for the provider concerning death and personal injuries.
Tripping Over Telecom Regulations
It would be unusual that the features and functions provided by the cloud service will be illegal in the U.S. International UC support may encounter other country's legal requirements such as the location of stored information. It is also possible that encrypted transmissions may not be allowed.
The enterprise should know in advance where the communications may geographically take place. Does the provider have the proper authority to offer the services in another country? Other considerations include:
- What is the relationship between the persons communicating? They may have to be employed by the same enterprise or subsidiary to use the service legally.
- Does the service connect to the PSTN and if so how? Are extra fees incurred when connecting to the PSTN in another country?
- If an audio bridge is to be used, where is it located? Does it support both dial in and dial out features?
- Will there be charge back and transfer pricing among the various entities that comprise the cloud service?
Many enterprises want to try UC in the cloud. It is inevitable that some enterprise UC cloud implementation will occur such as video conferencing. Knowing what to look for when investigating and then contracting for cloud services can only lead to a better level of service and ultimate success.
Trending Discussions
- If you would like to see the other articles in the blog post of the "Top Ten VoIP Articles of All Ti... Steven Taylor, Webtorials on "Is VoIP Secure? YOU Make the Call":
- Great job I followed since the begining thanks... Eduardo Pérez Telesystems SpA on "The 2018 Guide to WAN Architecture and Design - Executive Summary":
- Thanks to Marjorie at RingCentral for reminding me that this paper existed. Looking forward to your... Steven Taylor, Webtorials on "Is VoIP Secure? YOU Make the Call":
- looking at WAN re-engineering projects... Sunny on "The 2018 Guide to WAN Architecture and Design - Part 2: Key Considerations when Choosing new WAN and Branch Office Solutions":
- Hi Richard. We appreciate your feedback. Jim Metzler always provides excellent analysis on the ever-... Nancy Leonard, Webtorials on "The 2017 State-of-the-WAN Report":
- Interesting reading... Richard Fausey, Plow, LLC on "The 2017 State-of-the-WAN Report":
- I needed this document. Thank you.... AO NII Mashtab on "The 2017 Guide to WAN Architecture and Design - Executive Summary":
- I look forward to reviewing more info on this topic.
... trevor evans - fox group on "2017 Workplace Productivity and Communications Technology Report":
- I would like access to your "2017 Workplace Productivity and Communications Technology Report"
Than... Paul Zielie, Harman Professional Solutions on "2017 Workplace Productivity and Communications Technology Report":
- I'm Telecommunications Engineer at PETROBRAS S.A. and i have overall interest about WAN. ... JOSE CEREZO, PETROBRAS S.A. on "The 2017 Guide to WAN Architecture and Design - Part 1: State of the WAN":
See more discussions...