Hold the phone: IT execs are starting to foresee VoIP security issues

As voice-over-IP matures to the point where more businesses see it as a cost-effective and flexible alternative to traditional phone services, CIOs may have to start paying greater attention to the possible security issues, according to IT executives who gathered for a roundtable discussion earlier this week.

Ned Zecevic, vice-president of information systems at Canaccord, told the Avema Corp.-hosted event that his firm switched to VoIP nine years ago and hasn’t looked back. However, the increased reach of such communications technology may open the door for greater risk exposure.

“We have never had any issues on VoIP where we needed to have more security. I think at this point, it’s a very solid system,” he said, adding that part of VoIP’s appeal is the ability to centralize and manage phone services from one location. On the other hand, the geographic reach of VoIP users is spreading as employees work remotely, which may require some double-checking.

“People may want to be able to change settings on the phone from home, but that needs to be secured. That’s the next generation that’s coming,” he said. “In that case, you need to talk more about security and make sure your network is set up to handle it. And you have to make sure if you’re at home and have Wi-FI on, to make sure it’s hidden, that no one can see those kind of things.”

Most people probably think of voice mail or phone conversations as being less important than e-mail and other confidential files that travel across corporate networks. That’s a mistake, suggested Eric Boehm, a partner in the IT practice at law firm Borden Ladner Gervais LLP. He said that in some cases, the legal liability around what gets discussed via VoIP can be huge.

“There are no particular rules based on privacy laws, but the law does say you have to take reasonable safeguards (to protect personal information). As we have more security breaches in organizations, the standard for what is reasonable is going up,” he said. “There’s considerable liability if you don’t meet that standard.”

Perhaps even more challenging are relatively new areas of legislation such as the Canadian Anti-Spam Law (CASL), which may influence the way VoIP calls are treated. Boehm pointed out that just as CASL tends to consider all e-mail as spam unless the recipient has given clear consent to receive a message, most mobile device management software has some kind of monitoring features to identify possible malware or other threats. That could mean a need for greater transparency towards end users, he said. “Vendors need to be disclosing this kind of stuff,” he said, citing the NSA wiretapping scandal in the U.S. as an example of the potential fallout. “Companies will have to start telling these people what’s happening, and be proactive in updating policies and describing the things that are going on.”

Aldo Fazzalari, sales engineering director at Avaya Canada, urged CIOs to treat voice apps as distinct from data applications, and securing the traffic separately. Session border controllers (SBCs) are a help in this area, he said, as they provide a greater ability to capture, prioritize and analyze voice traffic from a soft client.

“A big part of this is doing a network assessment to make sure your network will support the voice traffic you’re generating. Do you have holes in ports, in your firewalls?” he said. “That strikes at the heart of a change from legacy voice technology to new technology like VoIP.”

For Zecevic, it’s been more than worth the effort. He said VoIP has also brought Canaccord greater disaster recovery and business continuity planning, as well as a way to move beyond the old days of installing small private branch exchanges (PBXes) everywhere.

“The infrastructure is easier to run. You don’t need to have an expert in certain areas anymore,” he said. “You just don’t have a choice, I think. It’s not easy to make ROI initially, but it’s a case of making a strategic approach and a decision to go with VoIP and seeing the benefits over time.”

photo credit: Per Olof Forsberg via photopin cc

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Shane Schick
Shane Schickhttp://shaneschick.com
Your guide to the ongoing story of how technology is changing the world

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now