Costs, security vex VoIP users

Return on investment and budget constraints are the biggest roadblocks to convergence projects. Or so say large corporate customers attending last week’s VoiceCon conference, where discussions focused on the business of planning, securing and cost-justifying IP telephony.

WASHINGTON, D.C. – Return on investment and budget constraints are the biggest roadblocks to convergence  projects.

Or so say large corporate customers attending last week’s VoiceCon conference, where discussions focused on the business of planning, securing and cost-justifying IP telephony.

Despite the snow that inundated the East Coast last week, more than 3,000 attendees came to Washington to see keynote addresses, lively vendor debates and educational sessions. Money issues took center stage.

“We have to look at our current infrastructure and all the [computer telephony] applications that are out there, and ask – what can be done on our current system that can’t be done with IP? – before we go to the board [of directors] and ask them for money for a major technology change that will make them nervous,” said Doug Crawford, director of network services for Kaiser Permanente, the largest nonprofit HMO in the U.S.

Crawford has hundreds of PBXs, thousands of pieces of network equipment to support and a $25-million-a-year budget.

David Morgan, vice president of architecture and planning at Fidelity Investment Systems, said, “ROI is a real issue with the expansion of any of our IP telephony plans. I ask other people in my position, who may have IP telephony pilots out, why they don’t go all the way, and they say it’s a money issue,” and the ability to show ROI.

“I have a fixed IT budget and a lot of other projects that I can get at least a six-month ROI on before I go forward with IP telephony,” which might have a longer ROI, and is harder to prove, he says.

Fidelity is still moving cautiously with IP telephony. Morgan talked about the company’s deployment of homegrown softphone applications and USB handsets as a way to deploy IP telephony cost effectively.

Morgan said the ROI on hard phones is a “tough sell” because they are almost twice as expensive to deploy as a software-based phone and headset. Fidelity’s softphone is based on the Telephony API standard and operates with a Cisco CallManager. The software integrates the company’s IBM Lotus Sametime instant messaging client, as well as Microsoft Outlook, with telephony, letting end users click on a name in a directory and choose a method of communication – e-mail, chat or phone call.

Morgan said the company has about 3,200 softphones deployed among several departments and with teleworkers, but he is dealing with issues such as E-911 emergency reporting, and the reliance on a PC to make phone calls.

Voice-over-IP security issues were on the minds of many VoiceCon attendees because of all the reports of high-profile network attacks lately.

In a debate at the show on IP telephony security, Karyn Mashima, Avaya’s vice president of strategy and technology, squared off with Lee Sutterfield, president of SecureLogix, which makes equipment for securing traditional PBX voice systems.

“In legacy voice, the risk has been very low” for system misuse or attack from individuals or groups outside a company, Sutterfield said. But he added that TDM toll fraud is still a threat, costing U.S. businesses around $12 billion per year.

“When you deploy [IP telephony], you get many benefits and new features, but you also have to worry, and I mean really worry, about viruses, targeted denial-of-service attacks,” and the security of packetized voice conversations, which are not impossible to intercept, he added.

Mashima agreed that IP telephony security can be a problem, but said that the risks are similar to ones taken by millions of businesses that send confidential e-mail, or do business over the Internet, where credit card numbers are sent to and stored on Web-based servers.

“So is IP telephony technology inherently secure? No,” she said. “Can it be secured? Yes.”

Other vendors and users at the show agreed that IP telephony vulnerability is a problem that is fixable with standard security practices and technologies, such as firewalls, intrusion detection and VPNs.

“The security threats that exist for the infrastructure today are real and are a major concern, even without voice,” said Don Proctor, vice president for Cisco’s voice technology group, who gave a keynote address at VoiceCon. “Certainly, putting voice traffic on that infrastructure makes people more aware.”

On the security issue, Fidelity’s Morgan agreed that security is the same for any server or IP PBX.

“Your network security is no better than the weakest part,” Morgan said. “If one server is not patched and an attack comes, it’s going to get hammered on.” And if that server happens to be an IP PBX, that could be seen as a negative consequence of running voice over an Internet-attached network, he added.

Technology questions on how call-processing intelligence should be deployed on a converged network and the ever-present issue of quality of service were hot topics among attendees.

“We’re not hearing what infrastructure upgrades will be necessary to make this work,” said Kaiser’s Crawford on IP telephony. “It’s a simple dollar-amount issue. We have to make sure the infrastructure is capable of supporting what an IP telephony system can do today.” And that could be expensive, he added.

The idea of increased IP phone features also made some users take a hard look at how convergence would change their infrastructures.

“I’m nervous about how much intelligence will ultimately end up in the desktop device,” said Hartley Hoskins, a data and telecom administrator at the Woods Hole Oceanographic Institution in Woods Hole, Mass. While increased intelligence at IP phones and endpoints, such as ones based on Session Initiation Protocol (SIP), could allow for advanced voice/data applications, those devices could get expensive.

“If we are eventually going to drift to the [SIP] model,” Hoskins said, “does that mean the cost of the thing out on your desk, collectively, will be three or four times the cost of the servers? The dust hasn’t settled on that. It’s a hardware issue that could be a ‘gotcha.'”

Meanwhile, there were some products introduced at the show to help users install and troubleshoot IP telephony:

• Viola Networks  released its NetAlly software for measuring IP voice quality over a LAN or WAN.

• SecureLogix  displayed a new version of its Enterprise Telephony Management System, which is designed to protect PBXs from toll fraud and dial-up port intrusions.

• ACE*COMM  announced a new version of its NetPlus 6 Enterprise Operations Support System software, which can track packet and TDM telephony usage.