Besides stealing data, security vulnerabilities within an IP-based communications infrastructure can introduce denial-of-service (DoS) attacks and other threats that compromise business continuity, lower productivity in call centers or block customer transactions that result in lower revenues.
Mobility trends, including "bring-your-own-device" (BYOD) initiatives, introduce additional challenges for IT teams responsible for protecting business assets and ensuring infrastructure availability. Mobile users and smart devices must be authenticated and adequately monitored for suspicious behaviors.
Voice communications channels are also the target of toll fraud. A growing number of hackers and Internet crawlers are continually searching out unprotected voice channels. Without adequate protection, a business might see VoIP savings significantly reduced as unapproved voice calls are being routed through a VoIP gateway or SIP trunking service that lacks adequate security.
Solution: Every business-class VoIP solution should include eavesdropping prevention and VoIP-aware security that can address the above-listed types of threats. For those businesses, government agencies and contractors with the most stringent compliance requirements, the VoIP or unified communications solutions should support encryption of communications traffic. External communications are obviously the most critical but some organizations also require encryption of internal communications or communications in and out of critical departments. Any attempts of unauthorized access should be automatically detected, blocked and logged with enough forensic evidence to help track down the offenders.
Visibility and troubleshooting
Challenges: Fraud prevention is just one reason that VoIP infrastructure requires a high degree of visibility. Security without visibility is to a large extent unverifiable. Therefore, secure IP-based communications must include the ability to monitor and manage calls and communication traffic. Additionally, enterprises need affordable managed services with service level agreements designed to ensure reliable, high-quality connections and communication experiences. The service provider, in this case, would require high levels of visibility of voice and video traffic as part of a comprehensive troubleshooting toolset.
