As cyber threats become more prevalent, workers have spread out to complicate the matter. Nevertheless, they need to communicate with one another and do so safely. To this end, organizations can only secure themselves through a layered data security approach, leaving no open doors for threats to step through.
As Global Head of Cyber Claims Michael Daum from Allianz Commercial puts it: “You might be 99% cyber safe, but if there is one open door, it’s likely that attackers will find it.” Organizations are deeply motivated to stay safe, not just because of the potential downtime and monetary loss, but also to stay compliant. At the same time, cloud adoption drives a distributed workforce that is difficult to keep track of. Having them collaborate from their own networks and through the public cloud leads to risks of data loss that can grind a company to a halt.
And it’s not just an annoyance. The financial damages can be enormous. On average, a data breach cost a company 4.45 million dollars, according to IBM Security’s Cost of a Data Breach Report in 2023. That’s just one breach; there’s plenty of reasons to believe an attack gets repeated later on. And these days, an incident can originate from an overlooked device that had no visibility inside security teams’ solutions. This may be an IoT sensor, a VoIP phone or video conferencing equipment.
Two-vendor protection
Thankfully, hyperscalers such as Microsoft do offer robust security features out-of-the-box. Nevertheless, a single vendor can’t do it all. Breaches still occur and compliance cannot be achieved simply through ticking a box online. OEMs, software providers and the public cloud players have to collaborate to protect all links in the cybersecurity chain.
Yealink, which specializes in collaboration solutions, can offer customers more protection while employing hybrid and remote work. Through its Management Cloud Service (YMCS), it offers a level of device protection that Microsoft Azure alone does not on its own – however, the two do complement each other. Examples include RBAC (role-based access control), encryption at rest and data isolation, offered by Azure. Nevertheless, Yealink goes one step further. What does this entail?
YMCS under the hood
Yealink’s devices can be connected to one another and monitored in real-time through a centralized control panel. Through the pre-installed security-enhanced Linux distribution, Secure Boot is implemented on them, data transmission is secured through TLS 1.3 and AES256 encryption, and network access is controlled through 802.1x authentication. On top of this, quarterly patches ensure no CVE can compromise a device.
The integration between Yealink and Microsoft also offers security features that go beyond these fundamental building blocks. The Microsoft Device Ecosystem Platform (MDEP) is an Android-based platform from Microsoft to manage the Android OS devices. It’s built on hardware-based attestation and Microsoft PKI. Yealink integrates with it as well.
The physical location of the data being stored is also of critical importance for various compliance needs, particularly in Europe. Azure integrates with Yealink and provides data centre storage in Paris, France as well as in the U.S. state of Virginia. Audit protocols ensure all local requirements are stuck to, both legally and through regulatory frameworks.
Not the end of the story
Once again, this layer alone isn’t all that’s required. Data protection is a fluid practice, demanding a proactive approach to avoid the latest cyber threats. YMCS and Microsoft Teams already follow SOC2 Type 2 and the ISO 27001 standards, the latter being well-known across the globe. On top of this, potential weaknesses are being detected through both static as well as dynamic vulnerability scans, penetration tests and regular examinations while in production.
There’s no “set and forget” here, but one’s vendor choice does impact the amount of work required to stay compliant. Solutions that already tap into the best practices prevent end users from having to intensify their workload just to stay safe. Nevertheless, the human factor needs to be considered at all times. If a video conferencing solution, its cloud infrastructure and the enterprise network are all protected, social engineering can still lead to data loss. Continuous education and improvement will seal the deal and keep enterprises safe.
Also read: Microsoft Teams gets Copilot and other updated AI features