Security concerns still represent the top deterrent for implementing Voice over IP (VoIP) in the enterprise, but all other indications point to a steadily increasing satisfaction rate among those firms that have deployed the technology, according to a recent global survey of networking professionals.
The survey, dubbed VoIP State of the Market Report, probed 375 networking professionals who are involved in planning the next generation of networks for their companies. VoIP security was cited by 42 per cent of the respondents as the top impediment for implementing the technology, the report said.
Despite security concerns, over 70 per cent of the respondents had already deployed some level of VoIP in their companies in 2005, a huge jump from the 2004 figure of 58 per cent. The overall satisfaction rating also increased, albeit slightly, from 5.03 per cent in 2004 to 5.19 per cent last year, the report said.
Organizations are typically concerned about three types of VoIP threats: denial of service (DoS) attacks, eavesdropping and spam for Internet telephony (SPIT), said Phil Edholm, vice-president, enterprise networks at Nortel Networks Corp.
While these issues are valid, many of the risks associated with enterprise VoIP are being addressed with implementation, said Edholm. Most enterprise-level VoIP adoptions, for instance, are deployed within the bounds of the corporate network and are seldom used for direct IP-to-IP communications externally, therefore, the risk of VoIP spam is low, he explained.
Eavesdropping on IP communications, on the other hand, while theoretically possible, would require sophisticated expertise to pull off, Edholm explained.
“Networks (today) have natural security built into them that makes some of these (VoIP) attacks much harder than people think,” said the Nortel executive.
One Canadian analyst pointed out that VoIP security is only as good as the level of security of the entire corporate network.
Companies generally assume that IP-based communications are inherently less secure, said Carmi Levy, research analyst at Info-Tech Research in London, Ont. “The reality is that any traffic is only as secure as the security processes, tools, protocols and training that are in place within the organization.”
He said companies that are considering a VoIP implementation should initially make an assessment of their security infrastructure as a whole, ensuring that all traffic going through the corporate network is secured.
“If a company is very well on top of its data security model, has the right people in place and properly trained…and the network is locked down and is not vulnerable to emerging threats, then it makes sense to put voice traffic on because then, voice traffic will be secure,” explained Levy.
Security may not be the only VoIP-related issue where misconceptions potentially exist.
As with many new technologies, companies often need guidance to understand and quantify the cost savings and efficiency improvements a new implementation would bring, said Levy. Being able to demonstrate a return on investment (ROI) for VoIP would allow companies to maximize the deployment, he added.
According to the VoIP State of the Market Report, 49 per cent of the respondents either did not know or have not tried to calculate the ROI on their VoIP deployment.
Levy said many new technology implementations, such as VoIP, are pursued without a clear understanding of what the ROI is. “It’s not that there isn’t an ROI because there clearly is, if it’s done for the right reasons in the right environment.”
He added that, “Many organizations either lack the ability or the will to try and figure out [the ROI] and as a result they might not be getting as much out of the implementation as they might otherwise get.”
The Info-Tech analyst advised in order to gauge the tangible benefits of a VoIP implementation, companies should “come out of the fantasy land” and acknowledge that VoIP is not “free Internet telephony.”
Companies should first figure out what the costs of the current telephony are, and then list all the new costs that will be incurred as a result of moving the telephone service to an IP-based network.
“There are costs that need to be quantified on a number of levels in the organization. It’s going to fundamentally change how you configure, deploy and manage your network,” Levy said.
Once the cost side of the equation has been determined, organizations should then quantify the benefits VoIP will bring to the company, Levy added.