- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
If you were to ask most IT professionals to connect CRM or ERP applications to an external IP network without some form of network security, they would look at you as if you had lost your mind. Even the most basic cloud-based business applications integrate security to help ensure the integrity of data and continuity of the service. Yet many organizations today are deploying business critical IP-based voice and video communications without applying standard corporate security policies.
For a variety of reasons, IP-based voice is treated differently. This traffic is generally not perceived as a substantial security risk, mostly due to decades' worth of experience using the TDM-based public switched telephony network (PSTN). These "walled gardens" are generally perceived as among the most trusted networks in the world, supporting millions of business users daily in the U.S. alone.
OUTLOOK: Top UC predictions for 2013
However, as businesses migrate away from traditional PSTN telephony toward more affordable and feature-rich IP telephony and unified communications, security concerns should rise to the top of the list. Once-private business conversations can now be carried over multiple service provider networks as well as public Internet backbones, where security can be nonexistent for voice and video traffic or inconsistent and disjointed end to end.
Let's review some of the challenges related to securing unified communications traffic and the solution selection criteria that can result in a secure, enterprise-class deployment suitable for headquarters, branch offices and remote or mobile workers.
Challenges: Converging voice and video onto IP networks can cause a pileup at the corporate gateway. NAT/firewalls and other gateway security devices are designed for data security. These data-centric solutions end up blocking IP-based voice and video calls at the boundary between trusted and non-trusted IP networks.
Not only that, existing data security deployments have usually been in place for some time and changing the associated policies and equipment to protect voice and video traffic would result in invasive changes to communications and business processes that are otherwise fully operational. Modifications to existing data security policies also leave the organization vulnerable to security breaches without substantial regression testing to ensure all critical network assets remain secure. Finally, enterprises typically want to preserve their investments in data security infrastructure and do not want to fund a "rip and replace" type of network upgrade.
Solution: A VoIP or unified communications (UC) security solution can and must coexist with existing data networking and security equipment. This means introducing application-aware firewall protection for the voice and video traffic using a network design that works in conjunction with existing security devices. A VoIP/UC security gateway must also offer broad interoperability with PBX systems, video content distribution networks and external carrier networks, which requires support for a wide range of protocols and interface standards.