A Communications Platform-as-a-Service (CPaaS) solution is very practical and functional because it allows to communicate without using standalone apps, but since it’s connected to the cloud, it can easily become compromised, putting organizations and customers at risk.
To select a suitable CPaaS solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.
Venky Balasubramanian, CEO, Plivo
If you’re considering a CPaaS provider, or reevaluating your current provider, you can’t underestimate the importance of carrier network expertise—for both call quality and security reasons.
Look for a CPaaS provider that has at least two direct connections with local carriers in almost all major regions. This creates redundancy and allows customers to have automatic failover options in the event of any errors or outages. If one of these carriers goes down, all traffic automatically gets routed to the other carrier. That means businesses don’t have to scramble when an outage occurs. Large carriers that aggregate traffic and carriers that don’t operate local networks mostly provide coverage based on cost, not quality and it’s much harder to troubleshoot.
Look for a CPaaS provider with demonstrated expertise in telecommunication rules, regulations, and security best practices. These vary by country and change often. As part of its data protection measures, your provider should offer message content purging to prevent sensitive message details like time, location, phone numbers, and dates from being stored and possibly misused.
It should also offer number masking to keep phone numbers private. Since each country sets its own messaging rate limits and opt-out requirements, your partner should offer smart rate-limiting to ensure that your campaigns comply with local limits, and automatic opt-out handling.
Denis Makarov, CISO, Voximplant
When switching to a CPaaS solution, you should analyze and minimize the number of possible risks. In most cases, risks are associated with an external or internal threat. However, companies can’t impact the internal structure when choosing a CPaaS solution. That’s why you need to analyze its security first. Firstly, check if a solution complies with ISO 27001, the international standard for an information security management system. Also, ensure they have a certificate to prove it.
To minimize hacking risks, ask them for the results of penetration testing. This will help you to get an up-to-date assessment of the system security as well as see potential vulnerabilities. When checking vulnerabilities, ask them how fast they neutralized the threat. This will give you an overview of how this company reacts to security threats as well as their speed of responding.
Keep in mind that CPaaS solutions should have a recovery plan in case of security threats and outages. This plan should include a recovery work plan, key staff, and a plan for investigating the incident.
It’s also important to check if a chosen solution is compliant with the laws of the country you’re located in. For instance, if you’re based in Europe, ensure they meet GDPR requirements. Ask for compliance documents.
Arvind Raman, CISO, Mitel
As cloud-based communications continue to become more critical to support the evolving needs of today’s remote workforce, more organizations are considering adopting a CPaaS solution. While a CPaaS solution can offer significant flexibility, there are security points to consider when choosing a solution. And ultimately, it all comes down to data. How is my data being distributed on the platform? What are the obligations of the platform’s service provider?
Organizations must understand the responsibilities of the service provider and from that, design and define their data security and protection requirements. Businesses should also ensure that whatever CPaaS they select, it aligns with organizational goals and objectives.
One of the biggest mistakes made when selecting a CPaaS is assuming security in the cloud. There’s a misconception that an organizations’ data is protected in the cloud and as such, many fail to vet their service provider for potential threats. In simple terms, think of it as a house — the entrance to the gate’s protected (i.e. the platform), but you still have to protect your home (i.e. your applications and systems).
Make sure when perusing options that you ask the right questions, vet thoroughly, and know what the service provider is responsible for versus your organization. Overall, security of your data must be top of mind.
Lee Suker, Head of Authentication & Number Information, Sinch
When in the market to select a CPaaS solution, business leaders should consider APIs that will seamlessly integrate within their already existing communications stack. Working with a single, programmable API enables businesses to communicate via voice, video and messaging, creating an omnichannel experience that meets users exactly where they are and encourages their engagement on the platforms they prefer to use.
Cybersecurity is a primary element that should not be overlooked during the CPaaS solution search. There is a universal need to protect user data across all industries ranging from finance to retail to large scale enterprises. Ensuring that the solution of your choosing enables your business to satisfy the cybersecurity and data protection needs of its users is crucial, especially during a period of heightened cyber crime.
In addition, maintaining end-to-end security goes hand in hand with onboarding and authenticating end users in a secure manner. Many leading CPaaS providers provide dedicated two-factor authentication services to help businesses achieve this, as well as offering solutions underpinned by crypto-secure SIM cards which are trusted by thousands of mobile operators.