While considered by many organizations to be a viable alternative to popular WAN applications, current IP telephony products and implementations demonstrate an alarming lack of protective security measures, leaving the enterprise open to privacy violation, fraud, and malicious attacks, warns META Group. As voice over the internet gains popularity as a cost-saving communication application, early IP telephony deployments are still basic and focused more on voice quality and interoperability issues while remaining, in most cases, interconnected to the public switched telephone network.
Although current telephony implementations require security measures to deter basic toll fraud and voice-mail intrusion, these systems are not connected with the corporate data infrastructure and are thereby detached from corporate security. For this reason, Meta Group defends organisations must include all IP telephony implementations in overall corporate security initiatives.
‘Organizations that adopt voice over IP without a cross-discipline security review are at risk for lost revenue and productivity, including data theft,’ said Elisabeth Ussher, a vice president at META Group. ‘Enterprises must consider security in the initial IP telephony design and must adopt holistic security policies.’
META Group predicts that, as more enterprises deploy IP telephony solutions through 2005, an increased effort will be made to deploy appropriate holistic security policies.