Supplier group the VoIP Security Alliance has warned that low-cost telecoms based on converged voice and data networks may not be mature enough to use on the public internet, particularly for communicating with teleworkers and business partners.
At a conference in London in February, Paul Simmonds, director of global information security at chemical firm ICI, said that the protocols were only viable within a secure intranet.
"VoIP is not fit for purpose,” he said. “Companies need a strong corporate solution that works outside the traditional network perimeter.”
Brian Kelly, director of the Giuliani Advanced Security Center at Ernst & Young, said, "Despite the advantages of VoIP, if the technology is not implemented properly and securely, it can circumvent existing security controls and expose our networks."
The VoIP Security Alliance was formed by suppliers and consultants reacting to user criticism of the security of voice over IP technology. Members of the group include 3Com, Alcatel, Avaya, Ernst & Young's Giuliani Advanced Security Centre, Qualys, Siemens, Spirent, Symantec, the Sans Institute and TippingPoint.