Life can get a tad frustrating for Colin Bradley. He works as a business development manager, security, for Cisco in Sydney. His employer ships VoIP gear with all the security bells and whistles, but still, some customer simply choose not to deploy solutions the secure way. "There are a lot of things that people don't bother with that they should do," he says.
Bradley admits that for many, the security of their voice system isn't a priority. "There are options that people have got there to enable, if and when they feel that it is appropriate," he explains. "Sometimes to complexity of the implementations actually outweigh the benefits that are going to come from a risk reduction perspective."
Part of the problem, Bradley argues, is that security is such an ordeal in general that organisations sometimes have time prioritising VoIP lockdowns. "I think the whole problem with the security environment is that it is such a large elephant that you're always constantly trying to decide which part of the elephant you're going to try to digest next," he says.
Like Sense of Security's Edelstein, Bradley says securing VoIP often comes down to securing the underlying infrastructure. "We can only make people aware that there are features built into the core switching and routing products, there are features built into unified communication products, and then there are the stand alone security solutions around firewalling and IPS, that you should actually ... to produce what we'd consider to be a truly secure voice environment," Bradley says.
Voice over IP and voice over copper are two completely different principles, Bradley says. Organisations must realise that VoIP solutions are simply not as reliable and robust as copper line technology, which has been around much, much longer. "In traditional PBX environments we expect to actually have 'five nines' availability on our voice solutions," he says. "The challenge that we actually have once we translate that through on to a converged infrastructure is that it's not always been the case that people have expected 'five nines' availability on their data infrastructure that they're going to overlay voice on to."
Yet voice is a critical asset. It's the last thing an organisation wants to lose access to, so Bradley urges clients to take its security seriously. "Voice is probably the most critical asset that anybody would consider that is necessary to keep running at all costs... therefore when you're going to put VoIP onto a converged infrastructure, the first thing you should be making sure is that the infrastructure you're going to put it on by its own very nature is inherently secure."
Monday: Are you mad to secure mobiles?