December 13, 2000, 4:42 PM — An uneasy hush fell over the boardroom. We had just finished our presentation, an
elaborate battle plan detailing the best way for our client to advance toward an all-IP
telephony environment. A half-dozen of the client's executives sat at one end of the
conference table; an equal number of our people sat around the other end.
Everyone was waiting for the client's senior man, a distinguished chap on the high
side of 50, whose hair was more gray than blond, to break the ice. He leaned forward,
knowing he had the floor, and looked me in the eye.
"Are we heading in the right direction," he asked, "I mean, putting all this over
I was dumbfounded. The company had already spent millions of dollars and well over a
year in mapping its strategy. I had assumed that an irrevocable decision to go ahead
had been made months ago. It was like Eisenhower, on the day after the D-Day invasion,
turning to a junior intelligence officer and asking, "Are we doing the right thing?"
This was an aggressive company, one that had long ago decided to ride the crest of
many new technologies. However, in this particular briefing, it was my company's job to
detail the risks involved in taking the next big step. And we had to lay two potential
showstoppers on the table: features and security.
The feature set of today's VoIP and IP PBX gear, while racing to catch up to the
leading, traditional PBX vendors, still pales in comparison to them. Nortel and Avaya
(née Lucent, née AT&T) had nearly a two-decade head start. And not even
the most aggressive company is willing to sacrifice the bulk of its phone features and
head off towards an IP-based telecom future without a lot of assurances.
Then there's security. No matter what platform the VoIP vendor uses for call routing
and call control, an IP telephony infrastructure is still a lot more vulnerable to hack
attacks than are traditional PBXs.
Everyone in the boardroom noted my hesitation in responding to the client's
question. I started with a safe prognostication, which I hoped would soothe the concern
"There's no question but that, in a few years, whenever you make a phone call, your
voice will be traveling within IP packets." I added that, given the pace that IP
telephony is advancing, the decision to proceed with a wholesale transformation of his
company's communications infrastructure would be much easier to make six months or a
year from now.
On security, I replied, "Yes, it's a concern. A big one. But the whole Internet
Engineering Task Force is working on security measures. And they're a clever bunch. I
think before too long there will be widespread use of VPNs and IPSec encryption, even
in the IP telephony sector."