Regardless of the path chosen for UC your enterprise will require the correct infrastructure to fully enable and support UC during its life time. The advantage of UCaaS is the outsourcing of some of the infrastructure requirements.
In either case a suitable network, capable of supporting the needs of voice and video services without issue will be a baseline requirement. To assist in the review of supporting infrastructure, Cisco have released a UC assessment data sheet.
Given the open use of typical UC facilities, it is vitally important that organisations adopt some basic security principles for the day to day use of their service. There are some key considerations that should be factored into the operational service and end user level to minimise any potential miss use or security breaches.
UC security is mainly around the way in which the technology is deployed and managed. Also, security considerations might drive considerations on what type of service to deploy, such as the use of a premises-based system rather than a cloud-based service.
Given that UC is a platform for multiple real-time and near real-time communication applications, the main focus should be around securing entry points and managing vulnerabilities. Some of the high level UC security principles are:
A baseline for normal network activity by performing regular, internal audits of system traffic and call logs.
Firewall configured to allow only traffic from trusted sources.
Take advantage of built-in security tools e.g. Blocking IP addresses that fail multiple registration attempts.
Apply strong Session Initiation Protocol (SIP) passwords to protect VoIP phones and other UC endpoints. Require strong passwords not only for system components, but also for users. Align with your organisation's change password policy procedures (e.g. every 60 days).
Improve security and performance by turning off unused features or services as they could be used as bypass to access other areas of services.
Invest in employee training and developing business practices that address how easily the corporate system can be put at risk and how to mitigate those risks.
Keep UC software and firmware up-to-date as and when required.