Whether you’re just looking into VoIP or have been using it for a while, there are important security risks with this technology you may not be aware of. In this regard, you’re not alone, and my recently-published white paper sheds new light on an issue that is poorly understood and poised to become a problem for businesses that do not take proper precautions.
Anyone managing a network understands the need to protect data and keep it secure. After all, this is the lifeblood of any business, and there is a host of established technology solutions that address data security. Not only that, but there is a well-defined set of regulatory guidelines across many industries to ensure compliance requirements are met on an ongoing basis. In the data world, security threats are generally well understood, allowing IT to mitigate the risks fairly well.
VoIP-related security breaches, however, are more common than you might think, although they don’t often make the news. The main reason for this is most people – including IT – think of VoIP only as telephony. This may be true in a literal sense, but in many ways, VoIP and legacy telephony are really apples and oranges.
As you well know, legacy telephony exists in a parallel but separate world from your data network. To clarify, legacy phone service runs over the PSTN until it reaches your front door, after which the service runs over a dedicated voice network inside the business to power your desk phones. At no point does the service touch your data network, and while the user experience is consistently very good, telephony functions independently from all your other modes of communication.
By comparison, VoIP is designed from the ground up to run over a data network. The intent may be to replace or augment legacy service, but not by using the voice network. VoIP is based on IP – Internet Protocol – which defines how data flows over today’s IP networks, with the public Internet being the best-known example. The key point here is that VoIP is really a data application just like any other form of traffic going over your LAN.
This means that VoIP is a form of data just as much as it is a mode of telephony. However, these two ideas have different implications for your network, and if you don’t view VoIP as a data application, then you’re putting your network at risk. In fact, you’ll be putting your entire business at risk, especially if you understand how sophisticated hackers and malicious network attacks are becoming.
While VoIP is a data application, its real-time nature makes it more challenging to address from an IT security standpoint. This means that conventional data security solutions will not be sufficient for VoIP; they are either not equipped to detect threats directed at IP addresses, or if they can, call quality will be compromised. Neither is acceptable for any business, and to whatever extent you believe that VoIP-based security threats are a legitimate risk, a re-think is in order.
Legacy phone systems typically have minimal security measures, but since there isn’t really that much of value for hackers to go after, businesses haven’t had to worry too much. The story is much different with VoIP, since voice traffic flows over the data network, and that’s a more lucrative target for a variety of reasons. In that regard, it’s a mistake to think VoIP won’t attract unwanted attention because telephony isn’t of great value. They’re not after the phones; rather, your IP phones are the weak link in the chain and the easiest point of entry into your data network. Whether using legacy or IP phones, security measures tend to be quite lax in businesses and this is well-known to hackers.
As such, without even knowing it, you may be putting your business at risk. You may not be able to block these threats out 100%, but it’s very possible that you’re close to 0% effectiveness today. On its own, VoIP has solid business value with many promising benefits yet to come. You shouldn’t miss out on this due to security threats, and the best path forward is to understand the risks and learn more about how to properly address them.
That’s the focus of my white paper, and if VoIP security is becoming a hot button issue for your business, I invite you to download a copy at your convenience. Being an analyst, I would urge you to cast a wider net to learn as much as possible, but I think you’ll find this paper a good starting point on your journey. Further details are available here, and after reading the paper, I’ll be happy to continue the dialog back here on GetVoIP.
About the author:
Jon Arnold is Principal of J Arnold & Associates, an independent telecom analyst and strategy firm based in Toronto, Ontario. The consultancy’s primary focus is providing thought leadership and go-to-market counsel regarding IP communications and disruptive technologies, such as VoIP, mobile broadband, contact centers, unified communications, collaboration, SIP, security, cloud communications, SBCs, and social media.