| VoIP – is it really suitable for mission critical telecoms? Iain Franklin, European VP of Entercept, gives his opinion. Voice over Internet Protocol (VoIP) and converged networks are fast becoming an attractive alternative to traditional office networks, in terms of cost, return on investment and ability to integrate with other enterprise applications, such as customer relationship management systems. Vendors are telling customers that the quality of service (QoS) of a traditional telephony system can be achieved over IP using intelligent routing and packet optimisation, but one area many vendors are a little grey on, is how security fits into the QoS equation... Matthew Kover, a Yankee Group analyst recently said of VoIP: 'voice is just a different application that's running over the same IP infrastructure, so all the vulnerabilities that exist in your other IP applications, also exist in this application.' On this basis, is it really safe to talk? VoIP is now a practical reality for any organisation reviewing its communications infrastructure: issues surrounding bandwidth, standards and QoS have all been addressed and deployment is becoming easier all the time. There is still however, one core obstacle that could blight the success of any implementation and indeed industry-wide confidence in the technology: many VoIP gateways and applications are based on traditional operating systems and IP technology, leaving them victim to all the same vulnerabilities and hacking problems of any IT infrastructure. A traditional phone system is isolated from its organisation's IT infrastructure and is largely hard-wired, key factors in its availability and stability. Conversely, VoIP runs as standard network traffic on the LAN infrastructure, and in many cases the hardware supporting VoIP runs on platforms that utilise standard operating systems. Suddenly a corporate telephone system is exposed to all the vulnerabilities, viruses and risks of the LAN. It is difficult to see how IT managers and employees will cope without IT and telephony systems in the event of unplanned downtime. VoIP technology may be reliable in the lab, but in the wild it is only as safe as the weakest security link. As we all know it is not uncommon to have an e-mail 'outage' for a few minutes or sometimes longer due to unforeseen network problems. This is normally tolerated in a typical office environment, however this kind of failure would be totally unacceptable with the phone system. "In the past, when IT systems have failed, employees could turn to the phones to remain productive, but where can they turn if the entire communications infrastructure is offline? More importantly, what will customers think when they cannot get through? Typically in our time critical world probably not much - they will just phone the competition. It will be a lot harder to hide downtime from the outside world. The paradox is simply that a technology designed to save money could end up costing more than you imagined in lost business opportunities. The security risks associated with VoIP cannot be totally eliminated, but can be reduced. Best-of-breed security products exist to protect all areas of the network from the gateway, to the server, to the desktop, but these must be pro-active tools. Technologies like firewall, IDS and anti-virus software can only protect an organisation from what is already out there, so are always one step behind the hackers. Any hack targeted at the VoIP server will have to be proactively and transparently dealt with if major downtime is not to be inflicted on a critical piece of your business infrastructure - the phone system. The success of VoIP within organisations will not be decided by the quality of the technology, but by the security implementations in those companies. So, is it safe to talk? Ask your IT manager....
•Date:
29th April 2003 •Region: Worldwide •Type:
Article •Topic: Telecoms
Cont.
|
