Will Lax Security Trip IP Telephony?

Like a kick returner outrunning his blockers, the advance of corporate Internet Protocol telephony is getting ahead of its security measures — but could be heading for a paralyzing hit, according to new research report.

Current IP telephony offerings show an “alarming lack” of safeguards, exposing companies to privacy invasions, data theft and malicious attacks, Elizabeth Ussher, a
META Group vice president concluded in a research note.

“(Enterprise IT staffs) are not accustomed to having to worry about this type of thing with voice,” Ussher told internetnews.com. “It’s just not been part of the process.”

The recent run-up of worms and virus attacks were a wake-up call for IP telephony users who felt safe behind their firewall. But an employee that brings his laptop to the office and hooks-up the local area network can unknowingly compromise the network, Ussher said.

In addition to worms, hackers may view IP phone systems as an increasingly attractive target, as the size of installations grows to an average of nearly 200 users (about double the number two years ago).

“Hackers don’t usually target Barbie’s Beauty Salon, but will take a swat at medium size company and certainly a large sized one,” Ussher added.

META, an IT research firm based in Stamford, Conn., suggested incorporating IP telephony security practices into an enterprise’s overall IT plan. For those thinking about deploying the systems, security must be a key consideration in choosing equipment, Ussher said.

The point isn’t lost on network and telephony equipment vendors. Although customers are rolling out the technology because of costs savings and added calling features, the adoption rate could be faster if not for security concerns among the holdouts, Ussher said.

Several makers of IP networking gear are trumpeting security improvements. Some are fortifications of existing features, while others added from are new partners.

For example, Lucent on Monday signed a wide-ranging pact with network infrastructure and security specialist Enterasys . Enterasys’ intrusion detection tool and other security features will be integrated into Lucent’s firewall product.

Lucent’s deal came two weeks after rival Juniper offered $4 billion in stock for NetScreen Technologies, a deal that would buy Juniper a proven line of security and access
products. Meanwhile, another IP telephony hardware player, Cisco , has built a relationship with IBM’s services arm, which includes security work.

However, a fundamental problem with many of the security offerings is that they aren’t compatible with the voice or data systems of their competitors, which could limit their potential for adoption, Ussher said.