Who's listening in on your VoIP calls?
This week's highlighted research:
In-Stat. "Integrating into tomorrow: Exploring market drivers for VoIP and integrated data services."
Forrester Research. "Europe's enterprise VoIP future: Gradual and managed."
Researchandmarkets. "2004: A VoIP security assessment."
Gartner Group. "Announcement of VoIP Security Alliance fuels scaremongering."
Gartner Group. "Voice over IP communications must be secured."
Broadband operators are falling over themselves to deploy VoIP as a way to increase revenue, provide new services, and just to keep up with the competition and stay in business. Bigger pipes and new QoS protocols have made VoIP telephony approximately equal to POTS (plain old telephone service) in terms of voice quality, but using IP to carry voice does bring up another factor: security.
Anyone who's ever watched Mission: Impossible knows that tapping into standard telephone lines is something that can be done, and no doubt frequently still is, by those on both sides of the law enforcement fence. It's not as hard as you think. Every parent of a teenager has committed at least one act of electronic eavesdropping by quietly picking up the telephone extension to see what the kids are up to. Since my own teenager never reads this column, I'll admit it, I've done it too.
Hacking into a VoIP call is a little more involved than that, but it's not rocket science, either. Securing VoIP calls is going to become a big issue in the immediate future. In-Stat's report indicates that half of enterprise decision makers surveyed plan to purchase new telecom services such as VoIP within the next 12 months. The report says conditions are right for adoption of VoIP services. In-Stat claims the key drivers for these IP services include security, the need to connect remote workers, and the need to promote collaboration. Despite the inherent risks of IP, can VoIP actually enhance security? If it's done right, yes.
And the VoIP boom isn't just limited to the US, either. Forrester's report shows that VoIP is the hottest area in the European enterprise this year. With the technology maturing, the business case for VoIP is becoming more and more convincing. But the security card is still a big concern, and Forrester notes that most enterprises are opting for a gradual VoIP migration strategy, to give them time to address major concerns that include security, as well as organizational issues and use of managed offerings.
ResearchandMarkets takes a close look at the security environment surrounding VoIP in its report, showing some good insight from hands-on testing of several VoIP and IP telephony systems. The report also includes a useful guideline for protecting VoIP and IP telephony. In fact, following a set of guidelines such as this, and adhering to standard best practices regarding security, will bring your VoIP environment down to an acceptable level of risk. Gartner's report announcing the formation of the VoIP Security Alliance notes that concern over VoIP security is real and security must be a priority--although there is some "scaremongering" within the industry, claiming that the threats have been overhyped and noting that VoIP attacks, while certainly possible, are rare. Gartner's second report listed, "Voice over IP communications must be secured," outlines a sensible plan of action for VoIP security, and suggests that it must be treated differently than other IP networks in order to achieve maximum security.