A security goal for VoIP

In a recent discussion with a group of CIOs, the consensus opinion was, “I don’t want my voice network to be just as secure as my data network – I want my voice to be MORE secure than my data network. I want my VoIP network to be as secure as the PSTN. I want my VoIP network to be at least as reliable as my PSTN connection.”

In our opinion, VoIP can be at least as secure as the PSTN; indeed it can be more secure and just as reliable. However, high levels of security and reliability aren’t free in any network, including the PSTN. As in the data world, each enterprise must weigh the costs of added security against the risk of voice network failure.

Appropriate steps must be taken to assure physical security and to assure employees are prevented from making intentional and unintentional security breaches. We know how to secure our data networks; we can apply the same experience to secure our VoIP networks.

As we move to a software-driven VoIP infrastructure, we need to make sure our internal staffs are trained with internal security and management procedures to maintain the highest level of business continuity that our budgets can afford. As we discovered when the recent H.323 vulnerability was exposed, our suppliers must (and do) stand ready with the capability to provide rapid responses if problems are discovered.

One CIO we talked to recently wished we could go back to the days when network upgrades were only made every few years; when the requirement for a quick-fix patch didn’t exist. But digital switching, custom calling features, unified messaging, and collaboration aren’t possible without software. And we’d rather keep these capabilities than go back to an electro-mechanical phone network.