What will generate the real heat in ’06? Let’s start with VoIP security

OK, it’s the time of year when pundits are supposed to talk about the Issues that Alter and Illuminate Our Times. Boring. Instead, let’s talk about the issues that will give us indigestion and keep us up at night. There will be plenty.

Issue No. 1 is the Dark Side of VoIP. Everyone likes free stuff, and there will still be a lot of free VoIP this year, even with the cable companies blowing past everyone else in revenue generation. But this also will be the year that corporations earnestly begin blocking Session Initiation Protocol and Skype calling, that lawsuits hit providers that have failed to respond to 911 calls and that some players are threatened with injunctions for not complying with the Communications Assistance for Law Enforcement Act. It will be the year of voice spam and of the first Trojans, viruses and scams targeted at VoIP rather than at browsers. For the enterprise, there will be denial-of-service attacks on VoIP trunks and even a few call-hijacking scams.

What do you think? Discuss the dark side of VoIP and other topics in the forum on this column.

VoIP security isn’t the same as IP or Internet security. There are tremendous differences among VoIP providers with respect to the security precautions they take with your information and traffic and their own infrastructures. Attacks are targeted at publicity, which means things that are widely used are more likely to be attacked. VoIP will become more widely used this year, which means we’ll have to face the security issues for real.

Some of VoIP’s issues could be resolved without attacking the second and perhaps more difficult issue: the very nature of a public IP infrastructure such as the Internet. Anyone who reads the papers knows that public carriers now dominate IP investment, and these providers are not looking to deploy free services for others to exploit. The success of the IPsphere Forum (formerly the Infranet Initiative Council) in attracting enthusiastic carrier support speaks to the determination of the major network players to make IP a business, as TDM, frame relay and ATM were before it.

The question of whether public network services should be free is a public-policy issue that’s decided by the business structure that regulations put into place. Carriers are public corporations and thus are bound to the profit motive. Those who believe that the Internet should be free need to pursue the notion of carrier nationalization, the elimination of private enterprise in the services market. If that doesn’t sound practical, we have to move beyond mythology and expect these guys to make a buck.

That means getting standards groups such as the IETF, which have forsworn any accommodation to regulation or profit in their work, to get real. The IETF has done a lot for us, but it has marginalized itself with an unrealistic attitude. That’s what has made the IPsphere Forum popular: It’s realistic. If we lose the IETF, we lose the popular voice of the Internet. Can the body save itself in 2006?

The final issue is service-oriented architecture (SOA). SOA principles are being built into every application from every major software vendor. SOA changes everything, from how workers get their information to how network traffic is generated. We’re embarking on a major SOA investment, perhaps the largest IT change since Y2K, and we’re not doing anything different. Private networks, public networks and network technology are mission driven, and the mission is changing. We need to be thinking about what the optimum network for SOA deployment would look like and how SOA would change our notions of reliability, complexity, security and traffic management. How can something that BusinessWeek called “the most important trend to hit software in a decade” be treated at the network level as business as usual? Well, how many companies do you know that understand the impact of SOA? Do you?

This year is going to be one of the most significant in the history of networking, and the issues that I’ve mentioned here all will be addressed – even resolved – this year. The question is whether it will be a reasoned resolution or simply an accidental one.

Nolle is president of CIMI Corp., a technology assessment firm in Voorhees, N.J. He can be reached at (856) 753-0004 or tnolle@cimicorp.com.