CPaaS and security: key considerations for IT leaders

Communication Platform as a Service (CPaaS) technology and the security of your organization are now intrinsically connected.

Brian Heikes

4 minute read

There has been a significant increase in communications fraud. In the aftermath of the pandemic, spear-phishing attacks have surged, recording a sevenfold increase. Authorized push payment (APP) fraud saw an 71% increase in one year. Consumers have noticed as well, with 84% of people acknowledging they have seen a rise in scam communications. Threats range from spoofing and SMS phishing to call back schemes and SIM swapping.  

Communication Platform as a Service (CPaaS) technology is not only revolutionizing how enterprises enhance their digital footprint but is also playing a pivotal role in winning customer trust. With CPaaS-powered applications and APIs becoming deeply integrated with mission-critical business functions, and as communications become increasingly real-time, vulnerabilities may be targeted by fraudsters to hijack accounts, receive payments and obtain personally identifiable information (PII). 

Gartner highlights how important security capabilities have become to the cloud communications buying decision, with security model ranking in the top three most distinguishing product characteristics on why it was chosen.

Shown below is the percentage of respondents selecting the most distinguishing product characteristic (sum of top 3 ranks).

Source: 2022 Gartner Technology Buying Behaviour Survey.

Today, CPaaS is not just a partnership in innovation and digital transformation but also one of security and trust. Regardless of where your organization stands in its CPaaS journey—be it an initial investment, scaling the technology, or transitioning to another provider—security should be at the forefront of decision-making.

Gartner forecasts that by 2025, the proportion of global enterprises demanding advanced security in their CPaaS toolsets will rise to 70%, a significant jump from the current 40%. 

As an IT leader, you must consider how your organization will both securely integrate CPaaS into its tech stack and use the capabilities to combat fraud and strengthen customer trust. 

Evaluating a CPaaS Provider: Key Security Questions

How secure is their platform? 

As you strategize to broaden your CPaaS implementation, it's vital to scrutinize data protection mechanisms, access controls, and usage transparency. The provider should offer tools consistent with IT best practices, including role-based access control (RBAC), single sign-on (SSO), periodic authentication renewals, and an auditable activity log. 

Do they protect their network? 

Every business transaction is built on trust. Utilizing sender verification ensures the authenticity of communications. Assess the provider's commitment to network protection. Do they have Network Operation Centers (NOC) that promptly detect and mitigate issues? Is there transparency in their incident management process? Ensure compliance with regulations like CTIA, CQRTA, and that they actively weed out non-compliant traffic. 

How strong is their fraud solution portfolio? 

A competent provider should have a diverse array of solutions to combat fraud, from traditional techniques to tackling newer threats. This includes verifying customer identities via one-time passwords (OTP) and two-factor authentication, automating two-way fraud alerts, and establishing verified channels such as branded-text, RCS, and WhatsApp. 

Can they help with compliance? 

Navigating compliance can be daunting. While compliance should be ingrained in the platform, your provider should offer tools that ensure compliant communications. Can they aid you in managing customer consent across channels, updating contact controls based on carrier data, and setting limits for promotional messages? 

The Cisco standard and Webex Connect

Webex Connect is our enterprise-grade cloud communications platform. It’s used by large and medium organizations around the world to build and manage CPaaS applications that power the intelligent automation of communications across multiple channels. 

The platform forms part of Cisco’s Collaboration portfolio, which means our commitment to security is guided by their secure by default vision and proven legacy of delivering enterprise-grade security for their customers, partners, products and businesses.  

Security and compliance are now so crucial to the decision of who your organization should trust as a CPaaS provider. We want to ensure that you have access to the information on how we can help you to protect customers, reduce fraud and facilitate secure communications.  

The 5 Pillars of Cloud Communications Security

Webex Connect powers secure cloud communications and provides safeguards against an increasingly complex security landscape. Find out more with our security eGuide.