Pages

Total Pageviews

Wednesday, April 23, 2008

AVAYA Comments on Mobile UC Security Approach

In response to my previous post and the reference to implementing application security for UC and multimodal smart-phone devices, Andy Zmolek, Avaya Sr. Mgr. for Security Planning and Strategy, sent in this comment.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------

We believe that the most important security for unified communications will reside at the application layer. The most powerful communications scenarios need to tie together three elements: identity, i.e. who's involved in the communication; presence and availability, i.e. can and how should we communicate; and a reasonable policy, i.e.who's allowed to see one's presence, who is allowed to connect to my servers.

Trying to make those kind of increasingly fine-grained decisions at a firewall or IP network device in a way that works with real-time communications is not going to lead to a scalable or user-friendly experience. So while network-based and border-oriented solutions can work well as a temporary solution, they will ultimately prove to be too brittle to meet the security needs of broadly-deployed unified communications solutions.

We also find that many IT organizations are not operationally ready to integrate their directory and identity systems into their communication systems, although we've been supporting that capability for several years in many of our products. Mobile devices like the iPhone are replaying the same battles that IT organizations had in the mainframe era with the emergence of the PC: that same desire for central control and approval of communications device hardware is just as doomed as that era's fight to preserve the mainframe as the only approved platform for programming and computing.

Successful IT shops will embrace and find appropriate ways to protect that mobile infrastructure just as they have done for the PC. And yes, while it’s a difficult job, who would argue that businesses would run more effectively without PCs - the same process is now happening with mobile devices.

Andy Zmolek, AVAYA
Senior Manager,
Security Planning and Strategy

Sunday, April 20, 2008

Mobile UC and Business Applications Security

April 18, 2008

Will Security Hold Up Mobile UC Applications For The Enterprise?

Art Rosenberg, The Unified-View

Two recent articles on the web caught my attention because they focused on a key concern of IT management about security as it affects business communications in the enterprise. The first article, by Michael Ybarra, reports on the negative reaction of IT management to end user demand for mobile smart phones, where security concerns are given as reasons for limiting support for such devices that will be essential to UC.

Part of the reluctance to allow the use of smartphones by business users seems to be simply because IT thinks it has to fund the purchase, complete user support of the device, as well as the security of any enterprise information that is accessed by the device. In effect, they view the mobile devices just like premise-based, wired desktop PC and telephones. However, because end user demand for mobile “smartphones” has heated up significantly, IT is caught in the middle of changing needs that will also be critical for maximizing UC benefits.

When enterprise-oriented RIM Blackberries, supported by secure enterprise servers, were the only game in town for “push” enterprise email and application messaging, enterprise IT had control over pretty much everything that end users did with those devices. Adding telephony access to the RIM devices “glued” the voice and data pieces together at the mobile device level, although not necessarily in a fully integrated “UC” manner. When Apple jumped into the mobile communications market with its innovative iPhone, the battle for the hearts and minds of both consumers and business users began.

According to the article, one CIO said that a big challenge is keeping up with the latest mobile devices that end users want. “I can’t tell you how many people have come up to me wanting an iPhone. It’s not what we support. WE give them the tools to support their job and environment.”

Those tools could become simpler to manage if they were software based and controllable for enterprise use, both from a security perspective as well as from an interoperability perspective. Apple is now playing catch-up with RIM with its iPhone upgrades for controlling device usage and working with Microsoft’s Exchange software. So, it is just a matter of time that the client and server software will handle the basic enterprise messaging requirements for iPhone users.

The other side of the UC coin however has to do with using the same device for business process applications, and that’s where the second article addresses the need to change enterprise security from the network level to the application software servers.

Where Will The Information Access Security Be Enforced?

The second article, an interview with Internet security expert Ted Schlein, makes the point that enterprise security responsibilities really belong at the application software level to protect proprietary company information, not at the network hardware level. The article claims that the biggest obstacle in pursuing this software approach to network security is simply” inertia.”

Just like business communications are no longer just location based, business information, accessible through business process applications, is also no longer restricted to a single type of network access or just to internal, intra-enterprise staff. To preserve both device and access flexibility for different types of end users, enterprise security has to be selectively enforced at the information source level.

According to Schlein, “ We need to change who is providing the defenses and how we provide the defenses. In the past, the “who” part was the network operations guys, and they basically put in a box to stop malicious data packets….In (the) future, software engineers have to be responsible for security. Engineering principles have to be built into security and applied by the people creating the software.”

Such an approach, which is done from the “inside out,” could eliminate the need for firewalls and intrusion detection systems, etc., and allow business process applications to selectively and consistently secure their content to different types of users and different modes of access.

As enterprise business applications become more distributed and “virtual” with the likes of software implementation frameworks like SAAS and SOA, the enterprise network “walls” will not be adequate to control the security of information that must flow directly to people outside of the business organization, i.e., supply side partners, sales channels, and, most importantly, customers. So, although legacy application software is not yet ready to take on this responsibility, it is yet another area of software changes that the vision of UC will require.

What Do You Think?

You can contact me at: artr@ix.netcom.com or .

Confused About Implementing “UC?”

The experts at UCStrategies.com just published a comprehensive UC eBook that focuses very heavily on defining the various components of UC and how to systematically migrate current business communications to UC. Take a look and see if it answers your questions!

Wednesday, April 16, 2008

April 16, 2008

Does Voicemail-to-Text Message Service Need Expensive Transcriptionists?

Art Rosenberg, The Unified-View

Recent press headlines have highlighted the fact that text messaging is increasingly dominating personal communications. That includes both person-to-person contacts via email and Instant Messaging, as well as business process applications that deliver information or important, time-critical notifications to people.

In fact, two recent federal government initiatives will only reinforce the trend towards text messaging and the need for the flexibility of UC and UM.

1. The FCC approved a plan for a voluntary mobile phone emergency alert system for use by wireless carriers to supplement legacy public broadcasting services. This will enable more delivery of such public warnings to personal mobile devices. Needless to say, more personalized notifications by business applications will also rely on text messaging, which can always be listened to through Text-to-Speech technology by the recipient, whenever necessary.

The key points of such a plan are:

a. Emergency notifications will originate from automated detection functions

b. Must target individual end users without unnecessarily disturbing non-affected users

c. Must be deliverable in a timely manner regardless of location

d. Must enable response by the notification recipient in a timely manner regardless of location and device modality

2. A new bill was introduced in the House of Representatives banning the use of mobile devices for voice calls on U.S. airplanes while in flight. This bill, called the “HANG UP” act will spare fellow passengers from the “noisome disruption” of mobile conversations that cash-strapped airlines will be tempted to sell. However, text messaging and email access will be allowed.

So, retrieving voice mail messages in text form will fit in nicely with these other text messaging activities. The question, however, is how accurate do the transcriptions have to be and much will such a service cost?

Human Transcription of Voice Mails?

As I pointed out in my last article on the subject, there are many reasons why automatic speech recognition (ASR) will never be perfect for voice messaging, especially from mobile callers, including:

· Unusual words

· Strange dialects and accents

· Noisy environments

· Poor connections with mobile devices

However, consumer voice mail doesn’t really justify the expense of manual transcriptionists, according to long-time speech recognition expert, Walt Tetschner. Walt commented on the use of manual transcriptionists in his March issue of ASRNews as follows:

“The approach that is being used by companies such as SpinVox, SimulScribe and Nuance are flawed and destined for failure. Voicemail-to-text is a very nice convenience feature that will find some solid utilization, but only at a price that is significantly lower than what can be achieved with VM transcriptions that involve human transcriptionists.”

CallWave’s “Gisting” Technology approach makes sense: The transcription of voicemail with commercially available speech recognizers yield word error rates in the 30% to 40% range (for typical VM messages). This means that any reliable word-by-word transcription service for voicemail would require human transcriptionists to scan, verify and correct the automated output. A large human effort would introduce a large cost, which would grow linearly with adoption of the service, and therefore would almost certainly not be scalable for a volume rollout with a telecom carrier”.

“The CallWave approach appears to be using speech recognition properly. It analyzes the voice mail message and extracts the “gist” of the message. This is precisely what users want. They want immediate notification that they received a voicemail, who it was from, and information that would permit the user to prioritize the message and respond appropriately. It does the VM-to-Text conversion without the use of human transcriptionists. This not only eliminates the cost of the human transcriptionists, but also delivers what the users want.”

Incidentally, the option for the recipient to selectively listen directly to any important message segment that could not be translated will always be useful for the exception cases.

What Do You Think?

You can contact me at: artr@ix.netcom.com or (310) 395-2360.

Confused About Implementing “UC?”

The experts at UCStrategies.com just published a comprehensive UC eBook that focuses very heavily on defining the various components of UC. Take a look and see if it answers your questions!

Friday, April 04, 2008

Voicemail-to-Text Services Picking Up Steam

Copyright © 2008 Unified-View, All Rights Reserved Worldwide

April 3, 2008

Will Voicemail-to-Text Messaging Services Close the Recipient’s Loop For Enterprise Unified Messaging?

Art Rosenberg, The Unified-View

The experts at UCStrategies.com just published a comprehensive UC eBook that focuses very heavily on defining the various components of UC, which are primarily:

  1. Real-time calls and conferencing (Person-to-person, customer contacts)
  2. All forms of asynchronous and real-time multimedia messaging
  3. Communications-enabled applications (Automated applications that act as “contact initiators” to individual people)
  4. The use of presence management technology to intelligently initiate a mode of contact and communication based on the accessibility and availability of the recipient(s)
  5. The ability for users to dynamically and easily move between the different forms of contact as the situation requires and allows.

From an end user perspective, UC’s objective is to enable complete user flexibility as either a contact initiator or contact recipient/respondent by enabling them to individually and independently choose any mode of communication at any time. If all parties want a real-time conversation, they can immediately activate or schedule a voice/video conference call, or initiate what I have termed an “as soon as possible,” (ASAP) call. The practical alternative would be any form of messaging that the contact initiator chooses, without worrying about how the recipient will get the message. That would bring into play the practical flexibility of unified messaging capabilities.

For business and service users, automated applications will also act as contact initiators by generating asynchronous messages that need to be delivered in the medium of the recipient’s choice (voice, text, image). Just as email and Instant Messaging enable online interactions with online “click-to” options, messages from a business process or service application can also provide access to either self-service applications (voice or visual), a simple structured message response in voice or text, or, if necessary, to live assistance (“click-to-call,” “click-to-chat,” “ click-to-message”). Such flexibility is geared to quickly notifying a user about an issue and minimizing “human contact latency” wherever possible.

The Problems With Voice Mail Messaging

UC technologies are still evolving by looking at the operational problems that end users have with legacy communication applications and eliminating or minimizing such problems by exploiting converged interfaces and functions. Even though legacy voice mail systems helped eliminate those paper “pink slips” that “message desk” staff used to transcribe an error-prone and often delayed telephone message (name, number, and cryptic “message”) user voice message retrieval and management was not very efficient with only the traditional Telephone User Interface (Touch-Tone command inputs and voice outputs).

Unified Messaging addressed the need converge the management of email and voice mail messages in several ways, including combining all forms of messaging into a single mailbox, enabling message retrieval to convert text messages to voice for retrieved with a telephone interface, and, with extending a screen-based email interface to include “visual voice mail” to selectively listen and dispose of specific voice messages from a screen GUI, rather than learn to navigate TUI Touch-Tone commands.

However, “visual voice mail” doesn’t really address the basic inefficiency of navigating through voice message content, i.e., having to skip backwards and forwards to repeat certain parts because they were hard to understand or needed to be transcribed as text notes. These are problems that text messages don’t have because the full message is immediately displayed, can be scanned quickly on a screen, stays visible as long as necessary, can be printed, copied and forwarded easily, can be archived for easy search and regulatory compliance, and doesn’t require the storage or the network bandwidth that voice messages do.

Voicemail-to-Text Message Transcription Services to the Rescue?

To minimize those problems, the next phase of unified messaging technology has already appeared in the form of voicemail-to-text message automated transcription services. Using the power of mature speech recognition, coupled with human transcription services to handle “exception” cases, voice messages can be quickly converted to text email or SMS messages before delivery to the recipients. This will typically be a service subscribed to by a voice message recipient, not a voice message originator, although the latter may also be a useful service option in the future.

Because the convenience of speech input is particularly important for eyes-free/hands-free input with handheld mobile devices, there have been a number of noteworthy announcements about voicemail-to-text messaging in conjunction with the big CTIA show. These included:

· New partnering announcements with telephony service providers from voicemail-to-text message developers Spinvox and SimulScribe

· A Senior Cisco executive joining the board of CallWave, which offers Vtxt services that delivers the “gist” of a voice message as a text message

· Last, but not least, the entry of leading speech recognition developer, Nuance, into the Voicemail-to-Text Message services market through major carriers

http://ipcommunications.tmcnet.com/hot-topics/ip-transition-enterprise/articles/5309-fading-away-the-tui-long-live-visual-call.htm

Voicemail-to-text technology can’t be perfect because of the difficulties in understanding speech in different dialects and varying voice qualities. So, although automatic speech recognition technology (ASR) is used for the bulk of the transcription, manual transcription is brought into play when ASR runs into any kind of problem. In addition, the original voice message recording is also available for selective access by the service subscriber.

Underscoring Nuance’s entry into the Voicemail-to-Text service business, their announcement highlights their use of over 3,000 Nuance transcriptionists in a centralized Nuance facility. Since this clearly a responsibility that enterprise organizations won’t want to do themselves, it is clear that this chunk of unified messaging is another piece of the UC puzzle that will exploit outsourced, hosted services.

What Do You Think?

You can contact me at: artr@ix.netcom.com or (310) 395-2360.

Tuesday, April 01, 2008

How Will Your Organization Use UC? New UC eBook

Copyright © 2008 Unified-View, All Rights Reserved Worldwide

April 1, 2008

So You Think You Know What “UC” Really Means – Then What?

Read The New UC eBook!

By Art Rosenberg, The Unified-View

It seems that the business communications headlines are continuously talking about new developments in IP telephony and UC, as the traditional voice and button telephone morphs into a screen-enabled multimodal UC device. That could be a desktop PC, a portable laptop combined with a cell phone, or a new “smart-phone.” These new devices are exploiting the converged IP networks, wired and wireless, that are knocking down the walls of legacy communication silos between telephony voice conversations, messaging, and information access.

While the business and consumer worlds watches this transition taking place, they are certainly confused as to what it will all mean to them as users of the new “UC” technologies. IT management is also confused, because, although they understand the fundamental technology change issues at the various infrastructure levels of the networks, application servers, and endpoint software clients, they don’t really know how that will change business process interactions at both the “person-to-person” and “process-to-person” levels.

In the meantime, business technology providers are scrambling to identify themselves as supporting migration to UC capabilities in one way or another. This may be with “VoIP” network connections and management, desktop and mobile telephony, unified messaging (UM), and presence-based real-time person-to-person contacts. More recently, business UC technologies have targeted communications-enabled business process (CEBP) applications that can exploit presence and UC flexibility to directly initiate and coordinate real-time contacts with specific individuals (what I call “people I/O”). UC is definitely not a “one size fits all” technology, and the name of the game is both business process customization and individual user, device-independent personalization.

So, understanding both the functionality of UC, as well as the benefits to individual end users, “groups” of end users inside and outside an enterprise, and to business processes, is a prerequisite to moving forward with any kind of implementation planning. The big planning challenge is to identify operational business priorities for the organization, in order to provide a practical requirements “roadmap” for strategically migrating critical telephony technologies into a UC environment. That is not something that IT departments can do and it won’t be simple or easy for business management either!

The industry-recognized thought leaders and experts at UCStrategies.com, have teamed up to create a very objective and useful “eBook” about business UC that goes beyond the superficial UC hype and infrastructure issues into how business organizations need to approach the challenge and benefits of UC applications. If nothing else, it will clarify your understanding of what UC is all about and give you a dose of reality to move forward in strategically and selectively implementing any key piece of the evolving UC puzzle.

And this is not an “April Fool’s” joke!

What Do You Think?

Let us know your comments and opinions by sending them to artr@ix.netcom.com