Unified messaging breaks down the barriers between various forms of communication, such as voice, mail, email, and fax machines. Read on to learn more about the concept and the ways in which this technology has evolved.
When voice messaging is introduced to the data environment, a whole set of new security issues arises. Understanding these issues and how to address them is crucial to a successful transition from legacy voice messaging to uniﬁed messaging. Ignoring these security issues and others like them will prevent you from realizing the ﬁner beneﬁts of uniﬁed messaging. It should be considered a best practice to address these issues during the planning and design process for any given Unity deployment:
Privacy and conﬁdentiality in voice messaging across an e-mail enterprise.
Privacy and conﬁdentiality in text to the speech of electronic mail through the telephone.
Encrypted messages for the end user regardless if they’re using their GUI e-mail client or the Unity TUI.
* Encrypted calls from Unity to CallManager and then from Unity to the messaging system it services.
These issues are presented in the following sections so that the awareness of them is raised from the start.
Privacy and Conﬁdentiality in Voice Messaging Across an E-mail Enterprise
In a legacy voice-messaging system, messages do not have the freedom to travel in such an “out-of-control” way as what you might see with an e-mail message. Thus, a conﬁdential voice message left for a voice-mail subscriber is heard only by that person—no one else. Not many options are available for forwarding conﬁdential messages to just anyone, and users do not have the freedom to edit the contents of the conﬁdential voice message and resend it as if it came from the same original sender.
When voice messaging is introduced to a legacy e-mail environment, such as Exchange or Domino, conﬁdentiality parameters must be addressed in the legacy e-mail or messaging environment. To prevent messages marked as conﬁdential from being sent to just anyone, these conﬁdentiality ﬂags (marking a message conﬁdential) must be used and maintained in your messaging environment. Without the support of and use of such conﬁdentiality ﬂags, voice messages can be sent to a wide number of people rapidly, without any capability to control who can receive the messages.
Privacy and Conﬁdentiality in Text to Speech of E-mail Through the Telephone
With uniﬁed messaging, new functionality is present that does not exist in a legacy voice-messaging environment. Uniﬁed messaging has the capability to “voice-enable” a legacy e-mail environment, enabling the subscriber to play back voice messages and e-mail messages over the telephone. To play back e-mail messages over the telephone, text-to-speech (TTS) technology is used. This certainly sounds like a good idea, but what happens now that an outside caller can dial into a uniﬁed messaging system, log in as someone else—say, the CEO—and play back that person’s conﬁdential e-mail messages over the telephone? What happens is a very unhappy CEO.
Fortunately for Unity, it can support two-factor authentication that can then be tied to a class of service that supports TTS for subscribers. This means that subscribers who have the capability to play back their messages can do so only if they authenticate over the telephone using two-factor authentication. In Unity’s case, this is the subscriber’s extension and SecureID pass code entered from the subscriber’s token or FOB. Without a pass code, Unity denies access into the system and prevents unwanted intrusion into mailboxes that have the capability to play back TTS. For more information about Unity’s support for two-factor authentication, see the Unity Administration Guide on the Cisco website at www.cisco.com.
So, here is another paradigm shift. In a legacy voice-messaging environment, an intruder can call into the system and access the CEO’s voice mail if that person can ﬁgure out his or her password. This has been an ongoing issue that seems to have been ignored or “played down” in its level of criticality to a business’s daily operations. However, if you have a uniﬁed messaging solution and the same intruder accesses the CEO’s voice mail, the issue is considered quite critical because the intruder also has a chance to listen to e-mail messages over the phone (if this feature is enabled). Both issues should be considered critical and they merit equal attention and care. In essence, by adding two-factor authentication capabilities to your uniﬁed messaging system, you alleviate both problems equally. As a subscriber, you must use your subscriber ID and SecureID pass code to access the system, whether you are checking voice mail or playing back e-mail. From an authentication standpoint, both are now more secure. This means that, when it is applied, Unity’s support of two-factor authentication for uniﬁed messaging is a far more suitable solution for playing back any type of message over the phone. If you will not use two-factor security, you can best keep your e-mail secure by not using TTS for subscribers to check their e-mail messages over the TUI.
This chapter is from Cisco Unity Deployment and Solutions Guide by Todd Stone (Addison-Wesley, 2004, ISBN: 1587051184). Check it out at your favorite bookstore today. Buy this book now.