BT Cloud Phone

Secure Voice and SIP over TCP in BT Cloud Work

« Go Back



BT Cloud Work includes a number of features that improves call quality and security protocols, such as Secure Voice and SIP over TCP. The BT Cloud Work system supports secure VoIP calls across all supported desk phones, conference phones, mobile and desktop apps.

Whether it is hackers attempting to disrupt service or breach confidential data, most successful attacks target the application layer. This threat vector applies to corporate web servers and databases as well as cloud communications service applications. A voice over IP (VoIP) application inherently exposes both the control plane and the data plane, providing major attack targets for VoIP hackers. To prevent hackers from exploiting these vulnerabilities, BT Cloud Work deploys best-of-breed network protections that are optimized for voice and data. These protections, together with BT Cloud Work experts continuously monitoring systems for anomalies, help to prevent service disruption, data breaches, fraud, and service hijacking. In addition, an advanced suite of intrusion prevention technologies protects against malformed packets and fuzzing techniques, which can be used to confuse or overwhelm border controllers resulting in service disruption, system restart interruption, and endpoint resets.

Advanced BT Cloud Work border session management is immune to many of the forms of attack that have disrupted the services of other VoIP and UCaaS vendors. BT Cloud Work security also protects against spoofed messages by validating the value of ‘Call-ID,’ ‘Tag,’ and ‘branch’ while processing control NOTIFY messages. BT Cloud Work security also overcomes the typical set of firewall traversal problems in VoIP systems with network address translation (NAT) support for static IP configuration and “KeepAlive” SIP signalling. This maintains user addressability without providing attackers with the opportunity to infiltrate further.

Click the topics below to learn more about Secure Voice and SIP over TCP:

What is Secure Voice

Secure Voice is a feature that adds robust security protocols to both signalling and media for supported endpoints.  Secure Voice uses two enterprise-grade security protocols (TLS and sRTP) to provide additional security for phone calls.  

Transport Layer Security (TLS) is a cryptographic protocol that provides encryption on the SIP signalling data in the application layer. This protocol secures the SIP signalling communication between supported endpoint devices and the BT Cloud Phone servers.

Secure Real-time Transport Protocol (sRTP) is a profile of the Real-time Transport Protocol (RTP) that provides encryption, message authentication and integrity, as well as replay protection to the RTP packet stream that is transported between supported endpoint devices and the BT Cloud Phone servers.

What is SIP over TCP

BT Cloud Work supports Session Initiation Protocol (SIP) signalling over the Transmission Control Protocol (TCP). SIP lets you run numerous communications applications over your IP network or internet connection. In other words, you can make voice calls over the internet. The TCP protocol provides reliable, ordered, and error-checked delivery of packet streams between supported endpoints and the BT Cloud Work servers. This means improved call signalling resulting in fewer dropped calls, reduced one-way audio issues, improved firewall compatibility, improved call handling capabilities over wireless, and is generally better able to withstand packet loss in high traffic office environments or while using mobile devices on bandwidth-limited wireless networks.

Working together to secure your communications

Getting the best from Cloud Work’s security features is a team effort:

Customer manages:

  • Account policies
  • User permissions
  • Login information

We manage:

  • Service delivery
  • Architecture and design of the product
  • Physical security of the service
  • Environmental security of the service
  • A multi-layered security model with:
    • security at the perimeter
    • security at the services delivery layer
    • TLS on web applications
    • top tier data centres
  • Customer-controlled settings in the application interface

Security considered from every angle

BT Cloud Work has seven layers of application security built-in to cover all bases.

Robust application

The Cloud Work application is resilient. Security considerations are taken into account during design, development and QA phases; rigorous testing is performed throughout the year. And, because we see your desktops, laptops, smartphones and tablets as a key part of the UCaaS data ecosystem, our mobile and desktop applications also support encryption of your data at rest.

Secure account

You’re in control of your account policies and your users. You can add or remove extensions, set permission levels and manage passwords. You can allow international calling, or just set specific destinations; you can block inbound caller IDs. Simply set your limits to suit your business.

Proactive network

Cloud Work’s service perimeter is protected by firewalls and session border controllers. We provide two-factor authentication for admin access. You’ll have intrusion detection systems, system logs and fraud analytics, system and service-level monitoring, system hardening, change management and regular vulnerability scans. We weave security into everything, then proactively monitor it all.

Seven layers of built-in security

Cloud Work has seven layers of application security; we have a range of services that reduce the risk, cost and complexity of connecting to the cloud.

Transmission security

Cloud Work uses TLS 1.2 to encrypt your web-session traffic and phone provisioning sessions. Desk phones, mobile applications and desktop applications also support encrypted calls using SIP over TLS for signalling and SRTP for media.

Protected data centres

Cloud Work’s services are hosted in data centres that undergo SSAE18 and or ISO 27001 audits. We share these spaces with some of the largest internet companies and financial institutions in the world. The geographic diversity of our locations acts as an additional safeguard, minimising the risk of loss and service interruption due to natural disasters and other catastrophic situations.

Preventing fraud

We do all we can to stop fraud. Access control, detection controls, usage throttling with daily and monthly spending limits that you control. Settings so you can enable or disable international calling to approved destinations. We also actively monitor your account to keep you aware of any unusual calling patterns.

Disaster recovery

We give you a guarantee of 99.99 per cent uptime for Cloud Work. The service is architected to support failover conditions in case of emergency; it is built with geographically-distributed redundancy. Primary and backup locations remain online simultaneously, with a primary pod in active mode and a secondary pod in standby mode. Database replication between locations is in real-time, with failover being built into the service. If one data centre goes down, we automatically switch to another, so you can continue working.

More information can be found in the Feature Comparison Matrix Datasheet.

Steps To Reproduce
Affected Environment
TitleSecure Voice and SIP over TCP in BT Cloud Work
URL Name8098
Was this information helpful?

Tell us why and what can we do to improve this information