Survey Highlights Security Failings
N
N
0Overall Score

Communications specialist Integ surveyed 200 medium to large corporate and Government users on a national roadshow held in late 2005. While the results might lean slightly toward organisations with a healthy interest in VoIP, the results of the survey are interesting.

Integ worked out that 97 per cent of these organisations didn’t have adequate security measures in place when they implement IP Telephony. Those that did have taken a much more strategic approach with long-term plans that cover systems processes and policies from the switch and router level right through to password control.

Of the 200, 65 per cent are already running VoIP trials and most of those (44% overall) will complete their deployment within the next two years. When it came to the security questions it gets really interesting. Only 25 per cent of the potential adopters of IP Telephony recognised security as their biggest concern, yet 57 per cent reported frequent breaches to the security of their data networks. Integ classified frequent as more than two per year.

The there’s the fact that 93 per cent reported they had anti-virus solutions in place, but 48 per cent reported they had been affected by virus attack. It is interesting to note that more than 15 per cent indicated these breaches caused significant or extensive damage to their business operations.

Despite all this a staggering 33 per cent of these large to medium private and government organizations had either never undertaken a security audit of their networks or hadn’t done one for more than a year.

“Despite the concerns about IP Telephony security, there appears to be a real lack of understanding about what the threats are and how to guard against them,” said Ian Poole, CEO, Integ.

“When you move voice onto a single data network it naturally becomes exposed to increased security threats. For example a Denial of Service attack which may have previously disrupted data services, can significantly impact an organisation’s entire voice network. This is unacceptable for day-to-day business communications,” continued Poole.

“Companies need to think about IP Telephony security as part of their broader IT security strategy. This means identifying the points of the network that are vulnerable to attack and undertaking effective security measures, preferably prior to the adoption of IP Telephony systems, and on an ongoing basis,” said Poole.

Integ’s Six steps to IP Telephony Security

1.      Securing handsets and soft phones
2.      Securing PBX and call management systems
3.      Securing switches and routers
4.      Securing LAN and WAN
5.      Securing desktops and servers
6.      Securing knowledge

“In simple terms, if an organisation identifies and manages security effectively across these six areas, then they should be able to guard themselves against potential threats, realise enhanced network performance and reduce deployment costs,” said Poole.