Microsoft’s aggressive move of switching the enterprise world from its old branded unified communications platform (Lync) to Skype for Business, has not solved entirely all the security vulnerabilities arising from connecting mobile and other external devices to the corporate network.
Here are some security vulnerabilities arising from external access to Skype for business that organizations should pay attention to:
- Account lockout – someone who knows your user name can lock your internal account by sending failed login attempts. Generic solutions fail to monitor all authentication channels exposed, including SIP and SOAP. SkypeShield offers a unified monitoring and protection solution.
- Malicious code accessing internal server – In order to support guests joining meetings, some service support anonymous access. From a security perspective, there are requests that can reach the web servers in the domain without the need to authenticate and without inspection. SkypeShield offers a four-layer application firewall for Skype for Business including session termination, application and protocol inspection and rewriting requests.
- Password theft from infected device – A valid employee can use any device, including his personal device that might be jail broken or infected, to connect to the network. In such a case, domain credentials can fall to the wrong hands. Even with an MDM solution implemented, there is no control when using a non-managed device. Protect yourself by using device access control and limit the usage only to devices with MDM.
- Exposing emails – If calendar information is enabled on the organization’s Skype for Business clients, someone with valid credentials can have access to all emails. SkypeShield offers a solution for protecting the corporate Exchange by blocking any Exchange request, unless coming from a registered device and from a Skype for Business client.
- Data and privacy information exposed – While implementing federation trust with external companies, privacy (availability) and server information data is exposed. The federation is available globally for all company members with all federated external companies with no control over the different modalities allowed, such as file sharing. Deploying SkypeShield ethical wall handles these issues by defining granular control based on user, groups and companies based policies.
- Data loss prevention (DLP) – As the usage of Skype for Business extends outside the network boundaries, enabling communication with external parties via federation meetings poses some serious security and data protection risks. This arises from the fact that data flow between parties is very accessible and easy to use at any time, any place, and by any device.Preventing data leaks going through Skype for Business is a serious challenge because of the variety of mobile, Web and desktop clients Skype for Business offers and because of the SIP protocol in use by the clients. SkypeShield offers a new concept based on a server side inspection covering all of the data channels. The DLP solution supports both a built in DLP engine as well as integration with commercial DLP vendors.
SkypeShield is continuously adding security layers to make sure your company can allow external access to Skype for Business with the highest level of protection available.