Is a Cloud PBX or On-Premise More Secure?

The growing number of cyberattacks targeting businesses across the globe is landing IT leaders in the hot seat, forcing them to rethink and restructure their security strategy. 

Geo-political climates, macroeconomic trends and poor cybersecurity posture have created the perfect playgrounds for hackers. With organizations victimized in every size and industry, it’s easy to see why they're growing concerned over their data and infrastructure. 

Navigating these turbulences has proven tough on businesses. And with the looming threat of system breaches, protecting their stack is vital for continuing effective inbound and outbound communications. 

If you’re re-evaluating your communications, but have had some concerns about the security surrounding a cloud PBX or an on-premise, then read on. 

Cloud PBX Security Concerns

There are security concerns around cloud-native applications, such as a hosted PBX, since everything is based over the web. When technology advances, so do the hackers’ motivation to exploit the system. 

Some of the most common concerns among IT leaders are:

1. Telecom fraud

With telecommunications fraud up nearly 28% since 2019, businesses risk financial loss and a hit to customer satisfaction. 

Unlawful access to your organization can have a significant effect on the trust your customers place in your business. Say your phone lines were hijacked and resulted in the suspension of your inbound and outbound call traffic, your customers would (rightfully) be upset. 

2. No visibility

There’s apprehension around call quality and traffic visibility for cloud migration. Without the infrastructure on-site, IT leaders may feel they have no control and accessibility to their data which could jeopardize their corporate compliance, security and governance processes.

3. Disruption to business

You may feel concerned about how your staff responds to new technology. Some team members may see the move as a disruption without truly knowing its benefits. They may also be worried about its complexity, setup and time-to-proficiency in learning a new system. 

On-Prem PBX Security Concerns

The reliability of hardware infrastructure is a major concern for growing businesses and their IT staff. The security level of an on-premise PBX system is a curious one to IT leaders, including: 

1. Recovery

A business continuity plan is crucial for ongoing operations if an attack or disaster causes your PBX to fail. On-premise phone systems are known as “single points of failure” meaning when it goes down, calls can’t be carried out and you experience more downtime. 

On-prem PBXs lack geo-based contingency plans because of the stationary infrastructure. And when part of the business goes dark, it can take days to weeks to resume service especially if a bad actor dealt the blow. If the vendor is nearing the end-of-life (EOL) product stage, users will no longer receive the updates required to continue using the system. 

2. Scalability

Just as hackers get savvier, cybersecurity detection and defense tools should too. On-premise systems are limited in scalability - and on the slight chance you can expand functionality and phone lines, the cost can be exorbitant. 

3. Manual Optimization

You must constantly optimize your on-premise PBX to maintain security. Your team is responsible for making that happen over the course of its lifetime to ensure the phone system's integrity. The more optimizing you have to do, the more resources you have to allocate from your budget to keep up with maintenance. 

Cloud Communications Software is Serving Network Security Well

You might be thinking it’s either this or that for your communications solution. But, you can have both. An integrated CPaaS software provider does the work for you to ensure your network is sound and reliable. A cloud communications solution can enhance your phone system independently or via SIP trunk to your existing infrastructure. 

With a robust all-in-one application, IT leaders can proactively manage and defend against telecom fraud activity, remain in operation, and quickly adapt their services when the time is right. This technology helps alleviate the burdens of manual and time-consuming updates generally required of IT and security teams. 

Software companies like AVOXI were purpose-built to elevate your communications strategy and provide reliable voice, messaging and contact center services. We aim to protect your infrastructure and mitigate fraud activities. Watch our webinar to learn the tools to safeguard your business and reduce security gaps.

Cloud PBX vs On-Premise Security FAQs

Is a cloud or on-premise PBX more secure?

While both systems have their appeals, a cloud PBX solution offers more security benefits than an on-prem which are limited to what they can offer. But, an on-prem can be safe as long as best security practices are applied and maintained. 

Hosted platforms provide users access to telecom fraud detection and prevention tools, full transparency into data, quick setups, recovery routing, scalability and optimization tools. As an example, AVOXI offers automatic and intentional high-security standards.

Your network admins don’t have to worry about firewalls or router configurations, firmware updates, periodic security scans or misconfigurations with a CPaaS provider that uses end-to-end WebRTC encryption to ensure a highly stable and secure business communications network. 

What are the biggest obstacles to dealing with a telecom fraud incident?

Fast-action and quick response is required from each team member involved in the incident. One of the biggest obstacles is assertive communication

Many of the communications sent between AVOXI and our clients are truncated by multiple blockers, such as out-of-office (OOO) hours, holidays, vacations, weekends or non-existent contacts. During our traffic validation attempts, many times, we have to deal with all those blockers that lead to two possible scenarios:

  1. The calls are valid, and we’re interrupting legitimate traffic, or…
  2. The calls are illegitimate due to criminal activity. The financial repercussions increase as time passes waiting for confirmation from one of our clients. 

So to overcome this, we recommend building work teams that can be attentive to receive calls and emails to validate or deny our queries about suspicious activity. By assigning individuals or groups to monitor suspicious call patterns and keep your contact list up-to-date, you can better handle and reduce telecom fraud incidents. 

What’s the best way to secure remote access to my hosted platform?

Always use a VPN (Virtual Private Network) to connect remotely to websites. VPNs offer direct access to your internal network through an encrypted tunnel. This means that no matter where you are, even on a public Wi-Fi network, your communications and the administration of your remote PBX will always be protected by the VPN’s security. 

What are some best practices in case of vulnerability?

Existing vulnerabilities require special handling, and for this reason, they’re ranked from low to medium, high to critical. 

How do you do this? Begin here:

  1. Measure the impact of the vulnerability on your teams and business.
  2. Measure the probability or likelihood of the vulnerability.
  3. Measure the complexity of the attack. 

Once these three pieces are assembled, begin to collect more information such as, whether the remediation will bring more significant impact (severe outages) and if additional maneuvers are required (update another application, program, library, etc.) that could potentially cause the interruption of your business continuity. 

And once these assessments are added to your company’s vulnerability remediation plan, you must:

  1. Set up a time in which this remediation will take place.
  2. Communicate these actions to all of your staff.
  3. Communicate these actions to all potentially-affected clients.
  4. Carry out the verification that this vulnerability has been successfully resolved with utmost care and satisfaction.
  5. That all of your services continue to operate normally. 

How do spam calls happen and how can I prevent them?

  1. Spam calls to your PBX

A fraudster has discovered a free number that lands on your PBX. Unfortunately, the IVR is often poorly built (misconfigured) and doesn’t end the call after 3 failed attempts. 

Fraudsters do this to map your PBX and discover applications like DISA, callback, voicemail callback, etc., that they can later exploit to interconnect calls to premium destinations. 

Prevention tip: Mitigate spam calls to your PBX by…

    1. Building intelligent IVRs that terminate outsiders’ failed attempts into essential applications. 
    2. Creating strong passwords for your voicemail user accounts.
    3. Checking your CDRs to identify correlations from source PBX numbers.
    4. Blocking all source numbers from identified spammers. 

2. Spam calls to your team member

Fraudsters do this to identify the working hours of your company and staff so they can exploit vulnerabilities or attack your PBX without the supervision or observance of anyone on your work team. 

Prevention tip: It’s important to provide consistent internal security awareness training to educate your staff on what to look out for and report suspicious activity. 

Oftentimes the fraudsters use social engineering attacks (vishing) to manipulate employees to divulge information. The phisher makes phone calls to the user and asks the user to dial a number. This is to bypass a call, gain privileged access to another application or make a bigger attack elsewhere. 

3. Spam calls directly to your devices

Fraudsters can recognize that you use a device already out of its useful life, or with old firmware (software) with some vulnerabilities. They recognize this equipment through Open Source intelligence search engines like Shodan

Once the target country and device version are searched, the attacker can identify from which IP address you’re connected to. Their next action would be to send you the spam (test calls) to try to exploit your device, bypassing calls to premium destinations. 

Prevention tip: You can easily reduce or avoid spam calls to your devices by…

    1. Removing EOL devices from your network. The lifespan of most devices on the market is set to 5 years. 
    2. Keep a strict watch on the communications from your hardware providers. (i.e. security and productivity improvements and bug-fix announcements)
    3. Use a personal password on your device. Never use factory default settings and change your passwords every 6 months. 
    4. Separate your telephony network from the data network.
Featured Resource

Telecom Security Toolkit
(Free Download)

A set of free resources for detecting and preventing security risks in your communication networks and technology.


Safeguard Your Telecom Systems

Phone fraud is a big deal. Learn from security experts on how to reduce vulnerabilities and prevent fraud before it starts.