Enterprise Compliance Requirements

Secure UC and VoIP Enterprise Compliance Requirements

Today’s enterprise mix of cloud, prem and hybrid real-time applications increases the complexity of compliance. This is especially problematic for compliance covering UC and VoIP applications in regulated industries like healthcare, finance, government services, international business, and legal services. To gain compliance insight, analytics and threat management of real-time applications (e.g. Cisco Webex, MS Teams, Avaya, and Zoom), RedShift Networks solves the problems with the most challenging regulatory requirements including Sarbanes-Oxley Act (SOX), the Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA) regulatory, General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI DSS) compliance.

Every enterprise and their cloud service provider use voice over IP (VoIP) technology for new and existing voice/data communications. VoIP communications now is subject to security and privacy requirements imposed by EU, US federal and/or state statutes. Robocalls also continue to plague real-time communications services subject to electronic communications regulations including enhanced emergency (E911) services.

RedShift’s solution helps enterprises expedite SOX, GLBA, HIPAA, GDPR and PCI compliance.

managed-services-whitepaper
Read the Managed Services Whitepaper from RedShift Networks

Sarbanes-Oxley Act (SOX)

Congress passed the Sarbanes-Oxley Act in 2002 for all companies with publicly traded stock, section requiring management to establish and maintain an “adequate internal control structure and issue an annual report on the effectiveness of such controls via independent auditor.” RedShift Networks ensures complete data analytics of all unified communication content and correspondence.

Gramm-Leach-Bliley Act (GLBA)

Congress passed the Gramm-Leach-Bliley Act dates to 1999 allowing commercial banks to offer investment and insurance services which included provisions to protect the privacy of consumer information collected by companies in the financial sector, including any other organization “significantly involved in financial activities.” The act applies to a broad definition of financial institutions—beyond banks, credit unions, credit card companies, loan companies – to include insurance companies, securities brokers, real estate appraisers, retail establishments that issue their own credit cards, tax preparers, and debt collectors.

GLBA Section 501 of Subtitle A requires companies to ensure the data security and confidentiality of customer records and information, protect against any anticipated threats or hazards to the security and integrity of such records. RedShift Networks helps enterprises protect against unauthorized access to or use of GLBA-compliance records or information that could result in substantial harm or inconvenience to any customer.

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA passed in 1996 including the highly relevant Privacy Rule later in 2003. It applies to organizations that managing medical records or other personal health information. All personal medical information stored or transmitted electronically is subject to HIPAA regulations. This includes hospitals, doctors’ offices, nursing homes, HMOs, insurance companies, social service agencies that provide medical or mental health services, and employers that provide on-site health care for employees

RedShift Networks customers gain HIPAA compliance auditing and proactive threat protection ensuring the confidentiality, integrity, and availability of electronic protected health information, protect against anticipated threats and hazards, and protect against unauthorized uses or disclosures of the protected information. Modern SIP-based voicemail systems in healthcare industries often contain confidential patient information and need protection.

General Data Protection Regulation (GDPR)

GDPR compliance with UC and VoIP mandates that service providers maintain detailed records of all data processing activities. RedShift Networks platform automates this record keeping through implement technological and organizational measures that ensure and demonstrate real-time data analytics symmetrical recording with GDPR.

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS offers enterprises and their cloud UC providers a measurable set of security standards ensuring the secure acceptance, processing, storage, or transmission of credit card information. In PCI DSS Requirement 1.3.3, the need for RedShift Networks solution is clear to implement anti-counterfeiting measures to detect and prevent fraudulent source IP addresses from entering the network. UC and VoIP need RedShift Networks PCI DSS compliance strengths as fraudulent SIP bots target VoIP/UC networks continuously and VoIP transmits enterprise-sensitive authentication (SAD) or cardholder data (CHD) using VoIP data or audio/voice recordings packets.

Why Unified Communications – Including VoIP – Require RedShift Networks Compliance Safeguards

All these regulations share a common trait —the protection of the integrity and/or privacy of certain types of information. A SOX auditor, for example, would examine internal controls such as password strength, encryption, and vulnerability testing. Areas of concern might be whether your VoIP implementation maintains usage logs, how you use these logs in the billing process, and how you track administrative changes. This is where RedShift Networks UCTM software is invaluable in managing these processes.

Does your team provide staff with a strong authentication mechanism in place to prevent unauthorized use of the system? To ensure compliance, do you have the right tools in place to protect your VoIP network, users, and clients from loss of network and UC services, confidentiality loss of sensitive data, financial loss, identity theft and IT systems attacks through the voice infrastructure?

Summary

In addition to the cyber security issues, Redshift Networks offers complete and data-rich documentation, analysis, and exploit prevention to limit security compliance issues common to Unified Communication service deployments.

NetFortris uses RedShift Networks to ensure compliance-level protections in the financial services and insurance space, among others. Read the press release »

“By deploying RedShift, we now see every one of our data centers in a single view for all forms of fraud, hacking attempts, and more, for fast remediation and defense. RedShift offers a huge time and attack coverage advantage, and provides many useful tools beyond ‘anti-fraud’.”

Tom Swayze
EVP Technology
NetFortris

5G Security Whitepaper

With Redshift, Carriers Can Solve 5G Networking Challenges Right Now

Start typing and press Enter to search