Data in Transit threat
The growing incidence of security failures and the loss of personal data has generated a raft of more stringent and comprehensive compliance regulations.
When compliance is discussed, most people think of protecting names, address and credit card details in static databases. This is important, but it is equally important to protect data-in-transit. Data-in-transit includes voice and video calls and Instant Messages. The European Union Agency for Network and Information Security (ENISA) specifically include calls and IM within their definition of data processing.
There is little point in investing in security technology to protect back-end databases if your IP based phone system lacks the protection to prevent unauthorised call monitoring.
Unicus from UM Labs provides the essential security needed to protect data-in-transit and assist in ensuring that your data processing meets the growing number of data protection compliance regulations. One of the key technologies is the ability to encrypt that data.
Meeting the complete set of compliance requirements is not straight forward. Some regulations such as Europe’s GDPR and The California Consumer Privacy Act of 2018 from the USA call for encryption, while others such a MIFID II require the recording of communications. Organisations may also need to implement call recording to meet internal audit requirements. Call recording and encryption cannot be combined without adding additional layers of complexity. Complexity is always the enemy of good security.
Unicus solves this problem by managing the key exchange needed to set an encrypted call and enabling calls matching an established recording policy to be recorded for compliance and auditing purposes. The recording policy and the recordings themselves remain under the control of the organisation using Unicus.
This approach enables Unicus to bridge both sets of compliance requirements.