Voice over IP technology is too insecure to replace traditional business telephone networks, the chief security officers of two City banks warned last week.
Andrew Yeomans, vice-president of global security at Dresdner Kleinwort Wasserstein, and John Meakin, group head of information security at Standard Chartered Bank told the Infosecurity conference that VoIP had a long way to go before it was secure enough for major business use.
“There are business advantages. The big problem is trying to balance these against the security flaws. VoIP solutions have been designed on the assumption that everyone is good and not out to attack systems,” he said.
Businesses were likely to face a rude awakening if they switched to VoIP expecting to make significant savings, Yeomans said.
“Many cost savings are illusory. People have seen their phone bills with Skype and assume they get free calls, but they do not include the broadband tariffs,” he said.
A high-end analogue phone costs £40, but an equivalent voice over IP phone can cost £120 – a cost that can rapidly add up for firms with thousands of staff.
Meakin said having voice and data on the same network was the communications equivalent to putting all your eggs in one basket. “I think VoIP can be secure, but the price is too high, given the state of security,” he said.
Although risks can be mitigated by using separate virtual networks and encryption, this can be difficult, and can play havoc with firewall settings, said Meakin.
The banks said it was only a matter of time before hackers started writing viruses designed to intercept VoIP communications, or which exploited VoIP networks to infect IT systems.
But Andy Thompson, head of infrastructure security services at Capgemini, said security issues were surmountable with proper planning. “Cafe chain Pret a Manger is using VoIP to save £10,000 a month. There are hundreds of other examples of real business benefits. This stuff really works,” he said.
Read: Infosecurity Europe
Voice over Wi-Fi for business on way
Cisco Systems is working with chipmaker Intel, mobile phone company Nokia and Blackberry maker Research In Motion to provide voice over Wi-Fi systems for enterprises, writes Tash Shifrin.
The move towards voice-ready wireless networks is in response to increasing business interest in the benefits of wireless working and voice over IP technology.
The collaboration aims to ensure mobile device manufacturers can produce handsets that are interoperable with Cisco’s wireless local area network infrastructure, are secure and can support advanced voice features through updates to Cisco’s Compatible Extensions (CCX) programme.
The devices will connect with Cisco’s “voice-ready” Unified Wireless Network, which offers secure roaming across a series of access points.
Other developments under the CCX programme are designed to extend mobile device battery life, improve call prioritisation to boost service quality and analyse voice call attributes such as jitter, delay and sound loss.