Voice over Internet Protocol (VoIP) has become an increasingly hot market, with new players such as Vonage touting the ability to deliver voice communications for less cost. While there are technical, regulatory and other issues that remain ahead for VoIP, security was highlighted as a chief concern at the VON conference in the UK this week.
Speakers said that despite the cost savings and increased capabilities of a converged, voice-data network running over traditional technology, there are still significant security issues around VoIP’s reliance on the Internet, which has proven a ripe target for virus and worm writers and other attackers at the same time VoIP has matured.
Executives from Cisco, Nortel and other major telecom providers indicated at VON that the threat to VoIP from the Internet’s denial of service (DoS) and worm attacks is one that must take priority.
Trouble and Time
“In general, VoIP is less secure than a comparable circuit-switch call,” Gartner principal analyst David Fraley told TechNewsWorld. “When looking at a next level and the ability to hack a network. VoIP is very sensitive to latency. Add a half a second or a tenth of a second delay, and you’ve killed the quality of the voice (communication).”
Nevertheless, Fraley added that despite the hot VoIP market and increasing adoption of the improving technology, there is still ample time to solve security and other issues.
“The bad news is there’s a real problem there [with security],” Fraley said. “The good news is while uptake is strong, the actual deployments are slim. The industry as a whole is working to see that they can resolve these significant issues.”
Maturing, But Still Young
Fraley, who said the matter of security in VoIP boils down to a product-development issue, said that even though VoIP has grown in both use and acceptance, it is still relegated to “a hobbyist, informal communication.”
“It’s taken VoIP a long time to get to the point where it’s real, and it’s there, but it’s still a pretty immature technology,” Fraley said. “If you can’t crawl, you don’t need to worry about what you’re going to wear for running shoes.”
Fraley added that while a lack of security would not be very significant considering today’s Internet voice communication — which is more prevalent among teenagers than CEOs — corporate communications will require at least as good security and privacy measures as traditional, circuit-switch voice communications.
Attack Threat Overrated
Yankee Group senior analyst Zeus Kerravala said that although it is unlikely that the data packets used in VoIP communication could fall victim to a computer virus, the impact of a worm or DoS slowdown would hurt VoIP network performance.
“The real-time nature of using VoIP makes it a problem,” Kerravala told TechNewsWorld. “You could have a denial of service or worm and it’s even more of an issue.”
Nevertheless, Kerravala said VoIP was proving its value and was indeed “here to stay,” adding that the security issues might not be as serious as some have argued.
“I think there is a concern, but I think it’s overrated,” Kerravala said.