VoIP Security Alliance To Form Standards

The recently formed Voice over IP Security Alliance (VOIPSA) announced this week that it has created a new committee to define security requirements for Internet telephony networks. Analysts said the outcome could be a significant boon for the industry.

"This is a significant step toward improving VoIP security standards," Aaron Nutt, Atlantic-ACM analyst covering the VoIP sector, told TechNewsWorld. "When you look at enterprise adoption of VoIP, one of the chief concerns is security. A concentrated and cohesive effort to improve and establish security standards is important."

VoIP Set for Global Growth

By all accounts, the VoIP industry is on a global growth path. In-Stat/MDR reported that the overall percentage of companies using VoIP communications quadrupled in 2004, growing from 3 percent in 2003 to 12 percent in 2004, and showed substantially higher growth rates among larger enterprises.

In-Stat/MDR forecasted that by the end of 2004, VoIP penetration would reach 34 percent among mid-sized businesses, and 43 percent in large enterprises. But the sticking point is security. Industry vendors and researchers have recently begun to raise concerns that VoIP and its underlying communications protocols are vulnerable to a number of exploits such as faked Caller ID.

"The formation of VOIPSA reflects both the growing market acceptance of this cost-saving technology, and recognition of the potential issues of integrating VoIP into existing security networks," said Jonathan Zar. "In large networks, the significant bandwidth and time associated with routing traffic creates a latency problem for VoIP traffic through the firewall."

Security Standard Challenges

Indeed, Nutt said the major challenge to creating security standards for VoIP is individuality versus universality. While security standards that allow greater interoperability would improve the efficiency of new application development, he said, individual companies still want their own firewalls and unique security configurations.

Only time will tell how significant today's announcement ultimately is. But what is certain is that security issues are at the fore in the enterprise, where most vendors are hoping to cash in with their solutions.

"Executives understand the cost benefits and, to a lesser extent some of the soft benefits in terms of employee productivity," Nutt said. "Security is the chief concern."