Home > Solutions > Unified Policy Management

Unified Policy Management

Unified communications technologies are having a significant and lasting effect on communications in and across organizations. These technologies typically include previously separate applications like email, instant messaging, online conferencing, collaborative portals, and even such familiar products as fax and telephone. The “unification” is made possible by the ubiquity of Internet Protocol (IP) communications, the Internet itself, and the emerging concept of presence-enabled applications. UC allows people to collaborate more efficiently through the advantages of real-time communications (e.g. instant messaging, chat, online conferencing) and the integration of presence (i.e. the ability to see the availability of a recipient) in traditional forms of communications like telephone, fax, and email. Productivity, creativity, and innovation are projected to soar by the UC providers once co-workers and business associates become accustomed to these powerful new capabilities.

Akonix’s L7 Enterprise was designed to help companies get the most out of their real-time communications. With customers ranging from the very largest companies in the world, like AT&T, the Veterans Administration, and Panasonic to very small but forward-thinking companies like hedge funds and energy traders, L7 Enterprise helps organizations of all sizes and industries gain control over real-time communications, instant messaging, and peer-to-peer networks. Now, as leaders like Microsoft and IBM introduce powerful new unified communications capabilities, L7 Enterprise will continue to expand to support their real-time communications applications.

Of course, no great technological action can take place without an equal and opposite reaction. UC is no different, as it introduces new and greater risks and liabilities into the organizations hoping to harness its productivity-improving power. Companies, educational institutions, and public agencies with plans to implement UC will need to address these risks and liabilities with security, compliance, and policy management processes and technology, and are advised to support their unified communications with unified policy management. Akonix L7 Enterprise has been designed to do precisely that.

Risks and Liabilities of Unified Communications

There are a number of risks and liabilities that organizations will need to address in order to ensure that their investment in UC is a net positive one.

Each of the communications media have always required oversight in its own right. Email policies have been in place in most organizations for more than ten years. World Wide Web usage policies have likewise been developed for years. Each of the UC modalities – email, IM, voice, video, conferencing, fax, file transfers – has the same set of four primary risks and liabilities:

1. Security – Organizations deploying UC must account for protection from hackers, denial-of-service attacks, and electronic messaging viruses, spam, and spyware.
2. Compliance – The passage of the Sarbanes-Oxley Act in 2002 created new law governing disclosure and protection of data in corporations. While SOX is perhaps the best-known of “compliance” regulations affecting IT organizations, in reality, it is one of over 10,000 regulations, rules, and policies in the United States governing records retention, privacy, and appropriate use of communications media in workplaces. The adoption of UC in workplaces will create significant new burdens on IT organizations regarding compliance for instant messaging, conferencing, and other new applications.
3. Inappropriate use – It is well-known that corporate entities carry a liability for the actions of their employees, and for the proper use of their assets, including communications assets. An Akonix survey in 2007 found that 31% of respondents had been harassed over IM sometime in their careers. The deployment of UC in organizations may create even more opportunities for employees to harass, stalk, or threaten each other over company networks.
4. Information leakage – UC presents employees with new and effective means of transmitting information. The risk of losing confidential data or proprietary trade secrets through the actions of a malicious or negligent employee is huge, and the impacts are potentially devastating.

Clearly, the advent of unified communications must also include the adoption of protective measures for enforcing policy and mitigating risk. Enter the Age of Unified Policy Management.

L7 Enterprise for Unified Policy Management

Unified policy management is defined exactly as it sounds: a set of previously disparate policies on the use of electronic communications that are unified into a new whole, communicated to employees as a whole, and enforced as a whole.

Akonix L7 Enterprise was designed from the beginning to deliver unified policy management. Developed to secure, monitor, and archive real-time communications like instant messaging and P2P, L7 Enterprise will continue to deliver new capabilities to organizations who need to manage policy, compliance, and security across all real-time communications.

Unified policy and risk management includes the ability to allow or block each employee (or group) from doing specific things with each of the communications media. For example, perhaps the sales department will be completely enabled to use email, BlackBerry, enterprise IM, public IM, and VOIP, but will be blocked from being able to send Excel spreadsheets over IM or use personal eFax accounts. Maybe the same organization will allow the finance department to utilize email, internal IM, and VOIP, but they’ll be blocked from using external IM, eFax, or BlackBerry. Meanwhile, the human resources group may use email, internal IM, VOIP, and company-provided RightFax, but will be barred from using unapproved personal eFax, external IM, and web conferencing. Additionally, it’s likely that management will set global policy to prohibit everyone from downloading MP3 music, Bit Torrent video, or playing online games during business hours. In addition, unified policy management must also take the appropriate action based upon a person’s individual or group policy or role. For example, perhaps all external email sent by executives and the finance department must be archived, while no external email from the engineering department needs to be. The policy engine should be able to generate disclaimers, policy alerts, violation notices, and other communications, which, in turn, must also be archived for organizations whose regulations compel it. The list of actions to take includes:

• Allow or block
• Allow but notify the administrator
• Quarantine and notify administrator
• Inspect for content
• Inspect for malicious software
• Archive
• Do not archive
• Mark for later destruction
• Check for digital rights
• Apply ethical walls (e.g. No one from Group X can ever be in a chat with anyone from Group Y)
• Challenge sender with security challenge question

Security and hygiene plays a huge role in unified policy and risk management. Each communication modality is a pathway into the corporate network for hackers. L7 Enterprise with 360° Security for Real-Time Communications provides the necessary security for protecting against virus and spyware infections, while adding an innovative containment layer for ensuring that malware cannot propagate across communications networks.

L7 Enterprise delivers unified policy management in real time. An employee’s instant message transcript containing insider information that is discovered a week later during a search of the archives is of no value in preventing a breach. L7 Enterprise recognizes real-time communications like IM, group chat, and online meeting and monitors for keywords, number combinations (e.g. social security numbers), and regular expressions.

Benefits of Unified Policy Management

The most important benefit of employing unified policy management is the avoidance of risk and liability. Sarbanes-Oxley mandates prison for certain executives when its regulations are breached. Other regulations carry stiff fines and other penalties. The case history of the past 25 years is full of actions against corporations and individuals that are based upon electronic records and communications. A sound set of policies, communicated consistently, and enforced effectively across all communications media is the organization’s best defense against inappropriate and illegal behavior by its employees.

Unified policy management also supports the benefits that accrue to the organization from the investment in unified communications. IBM, Microsoft, Cisco, Avaya, and other leaders in UC tout many benefits, including increased organizational productivity, more creativity and innovation through collaboration, and less time wasted in unsuccessful or delayed attempts to reach individuals (i.e. “phone tag” and “voicemail hell”).

The advantage of employing L7 Enterprise over many point products is that all policy application and enforcement relies on a central database of policies applied to a single version of the corporate directory. An organization simply cannot duplicate directories for each separate policy engine. The directory acts as the foundation of unified policy, with L7 Enterprise on top of it. In this manner, companies will be able to point to “a single version of the truth” to auditors and inspectors. The cost benefit of managing a central unified policy manager is also compelling, as it reduces the need for multiple instances of directories, security devices, archiving platforms, etc. applied to each communications medium. This in turn, reduces administrative, management, and operations cost for the support IT department.

Unified communications hold out great promise for organizations of all sizes, in all industries, everywhere in the world. Anywhere, anytime, communications, from one’s choice of media, reaching co-workers, customers, and partners instantly will undoubtedly deliver great benefits. However, for every benefit there is an increased risk or liability that must be mitigated. Unified policy management with L7 Enterprise is the best way to manage those risks.