Research commissioned by Viatel
has found that 43% of IT directors still believe that VoIP networks are inherently insecure. This figure rises to over half in the financial services and manufacturing sectors (56%). However, it is significant that despite this continued concern over the security of VoIP, companies aren't being put off adopting the technology with two thirds saying they don't see the perceived security issues as a deterrent. Organisations clearly see the 50% cost savings and advanced functionality of VoIP as significant enough reason to make the switch and are overriding their security fears in favour of cost savings and features. In addition, companies are clearly comfortable with the reliability of VoIP - with two thirds (67%) of those questioned saying they believe that today's IP networks are robust enough to carry voice, rising to an astounding 80% in the financial services sector.
DoS attacks and viruses are viewed by IT Directors as the most significant VoIP security threats (53%). This is due to the consequences of such attacks leading to lost revenues, system downtime, lost productivity and unplanned maintenance costs. The second most significant threat (25%) identified by the survey is eavesdropping attacks - where those connected to the IP network hack into important calls. Not surprisingly, those in financial services (44%) see this as a greater threat than those in other sectors, possibly due to the highly sensitive information they are discussing.
"There has been a lot of discussion recently about the VoIP security. Yet, in reality, when you cut through all the hype, securing voice traffic really isn't any different from securing data traffic - it's all about ensuring your IP network is secure. However, there are some key security measures that companies should follow to put their minds at rest, such as encrypting voice traffic, running it over a VPN, making sure firewalls are properly configured and choosing a provider where you don't have to completely overhaul your firewall configuration." commented Roberto Bonanzinga, senior vice president, business development and marketing, Viatel. "Also an option worth bearing in mind for businesses keen to minimise the headache of security is to opt for a fully converged provider of IP services, both voice and data, so that a single vendor is in charge of designing the security policy of the company."
The research also showed that organisations viewed the use of VoIP systems by hackers for free calls and spam over Internet telephony (spit) as the least significant threats. Considering the low cost and in many cases flat rates of VoIP calls this might explain why the former is not a big concern for companies. Despite spam being considered as less of a threat than DoS attacks and viruses, 14% of companies considered spam as their most significant threat so this does suggest it might become a growing concern for companies.
"Essentially there has been a lot of miscommunication in the industry which has created mistrust in the technology. With carriers keen to protect legacy voice revenues, misconceptions about VoIP as an insecure early adopter technology have not been stamped out," commented Roberto. "In addition to this is the lack of awareness and education on the differences between business VoIP services and Internet-based consumer services such as Skype. Internet-based services are insecure for two reasons: firstly because they aren't on a private network but on the open internet which means that intra-company calls are more open to hackers, this also means they cant provide quality of service guarantees. Secondly, peer 2 peer clients are often insecure in their nature because they do not allow the IT administrator full control at the desktop level."
The survey was conducted in order to understand companies' thoughts on VoIP security and was carried out by Vanson Bourne. The results represent the opinions of 100 IT Directors.