In the rush to implement new technology, security concerns may sometimes beleft behind, but doing so can mean the difference between widespreadadoption and failure. This, David Endler, director of Digital Vaccine atTippingPoint Technologies, told CRM Buyer, is the impetus behind the VoIPSecurity Alliance, announced today.
TippingPoint, a division of 3Com, has brought together 22 organizations — fromcall center operators to universities to security firms — to aggregate andexpand security information and technology for VoIP.
VoIP Adoption Growing
By the end of 2004, 12.3 percent of U.S. enterprises had deployed some typeof VoIP in their businesses, Darryl Schoolar, senior analyst at InStat, toldCRM Buyer. That figure is up from 3.4 percent in 2003. He’s projecting itwill climb to 19.2 percent by the end of this year.
But Endler said that although adoption rates are growing, there had been nocentral repository for information on how best to implement and secure aVoIP network.
“A year ago, when TippingPoint was getting into the VoIP space, we got a lotof questions from enterprise customers who wanted to know what are theissues around VoIP and security,” he said. It prompted the company toconsider a joint effort to look at those very issues.
While many call centers and other businesses are attracted to VoIP becauseof the potential for cost savings, the potential for denial of serviceattacks and other hacks could slow or stop the technology’s adoption.
Threat to Business Performance
Call centers that rely on VoIP without proper security measures could findthemselves facing degraded quality of service, slowdowns or no service atall. In addition, insecure lines could lead to information theft, leaving a callcenter liable.
Right now VoIP is most vulnerable to the same typesof attacks that plague the Web, Endler said, but in the future he expects hackers to developattacks that specifically target VoIP, such as hijacking service, datainterception and eavesdropping.
Technology Attracts Hackers
Those who have deployed VoIP must examine their entire application stack forsecurity weaknesses and then add a layer of VoIP protection, Endler said.
“As a group, we want to make sure that the threats are identified,” he said.”It’s just a matter of time before hackers start taking advantage.”
The security alliance will meet next week to prioritize specific goals. In addition to acting as a library for VoIPsecurity information, the alliance wants to develop tools for mitigating risk and to enhance VoIP testing tools, which can be used to find vulnerabilities in existing networks and prevent future vulnerabilities.
Endler said TippingPoint, which creates network-based security systems, facilitated the creation of the alliance, but is not its leader. He said the group is vendor-neutral and has an open membershippolicy.