Home » Data Protection » Wireless/Mobile

VoIP Security: When Voice Becomes Data

With voice over IP picking up speed, CSOs face the challenge of navigating an entirely new security threat landscape for the phone system

Today, most of the PSTN, public switched telephone network, is digital, not analog. But the so-called first mile (the part of the connection from home or office phone across tall wooden poles along the street and into a switching office) remains predominantly analog. As long as that's part of a phone call, some of those inherent beliefs about the security and availability of the phone can remain.

Users of VoIP will have to adjust expectations. Most VoIP or voice over Internet calls completed today sidestep the first (or, if it's an incoming call, last) mile. In the consumer setting, VoIP comes in two ways, either as a dedicated service over broadband data lines like the cable companies' coaxial wires, or as an Internet service, such as Skype. In a corporate setting, most VoIP deployments to date have been as internal corporate voice networks. It's early on, especially in the corporate setting, where customers are starting by using it just as a (potentially) less expensive voice line and easing into the advanced applications VoIP services promise.

Eventually, VoIP phone companies want to eliminate the last mile of POTS that runs into houses and offices to open up a huge potential consumer and business market for VoIP. They want "pure" IP voice for two reasons. One: cost. It's cheaper for them to carry voice over public and private IP networks than it is to transmit over proprietary networks, so they can charge less. And two: It opens new applications. The open protocols that are used to support a pure VoIP phone call can support countless new services. To get an idea of what kind of services, one can look to the cell phone world where e-mail, Web access, games, photos and video are all getting mashed up with phone calls. A so-called killer app for businesses would be combining voice with documents, collaboration software and presentation materials to get many people located in several places talking and working together. Still

other applications will come, many not yet imagined, all of which promise to generate new revenue.

But that openness and application-rich environment, as the vendors would call it, also mean that all of that inherent, culturally ingrained faith in the phone goes away.

"Dedicated protocols give you control," says Robert Garigue, chief security executive and VP for information integrity at Bell Canada Enterprises. "The reality of living on open protocols [like IP] is that the complexity is beyond the imagination of the designers. As you extend them, you realize there are new points of concern. We have a baseline service. How it can be extended, plugged in or mashed up to other applications — it's just the start. The bad guys are going to find new opportunities with VoIP that will turn into business models."