But while it may be easier in a general sense to hack into a data network because such skills are more commonplace, traditional switched circuit networks are far from 100 percent secure themselves.
"It's not as if people haven't been able to hack into traditional PBXs or voicemail or commit toll fraud in the past. It requires a highly specialised degree of knowledge, but it is and has been possible," says Williams.
As for fears of Spam for Internet Telephony (SPIT) becoming as much of a nuisance as its email equivalent, James Allen, a principal consultant at Analysys, is sceptical.
"Under UK rules, marketeers aren't allowed to use automated recording machines or you can report them. This limits their activities as does having to pay to make the call, which means that it's only worth their while if they have something valuable to sell. But just as spamming is very cheap for the person doing it because email is free, if, over time, VoIP calls also became free, you might expect many more unwanted messages," he says.
According to Williams, the most likely security threats actually relate to availability and resilience. "One of the biggest inhibitors to the growth of VoIP has been the question of availability. The 'phone service' is seen as much more reliable and doesn't go down nearly as much as the average data network due to the historical time and investment that's gone into research and development," he says.
Another concern is that running voice and data over one network provides a single point of failure if something goes wrong, such as the power supply being cut off.
"If you rely on your data network as your sole source of communication for email, voice, faxes and the like and it's disrupted, you're cut off from the world. So if a denial-of-service attack occurs or network worms create a lot of traffic and dramatically reduce the amount of available bandwidth, it can cause real problems," says Williams.
In the latter scenario, for example, lack of bandwidth can result in latency problems. This causes ongoing conversations to sound garbled or leads to long pauses or echoes that make discussions difficult to listen to. "This is a serious concern when people are moving to VoIP because voice is a valuable application," Williams explains.
Jon Collins, service director at Quocirca, agrees that putting all your communication eggs in one IP basket could be a risky option. "Today, most organisations do about 50 percent of their business through voice, 30 percent via email and 20 percent using paper, so if the network goes down and you're relying on it for voice, you could lose 80 percent of your traffic rather than just 30 percent, which is both significant and serious."
Talkback
I was very interested to read Ian Williams’ take on the adoption of internet telephony, and support his view that one of the biggest inhibitors to the growth of VoIP is the question of availability. Telephony "dial-tone" requirements for VoIP will raise the bar for performance and increase the complexity of the network.
I think it can be agreed that network hiccups can be a frustrating phenomenon regardless of when and where they occur. Despite the problems they nurture, however, they seem to have become a widely embedded and accepted facet of organisational culture. Today, if the always-on network is disrupted, few people will even notice. Do you really care if your email took a few minutes to be delivered, or that your browser page did not load? Things inevitably get slow(er) at peak times, but in truth, these performance inconsistencies are considered minor annoyances. Conversely, I don’t think the same would be true if you went to pick up the phone and there was no dial tone. With VoIP, people will notice if a connection takes more than 500ms or if the VoIP phone cannot get an address on the network.
Consider this example; if you were relying solely on VoIP to place an emergency services call, a disrupted internet connection could be potentially disastrous. An extreme example perhaps, but the underlying premise is the same; having your avenues for communication severed, for any period of time, can be a costly and dangerous thing for business. That said, VoIP in itself is not an inherently risky technology. Essentially, it is more a case of network availability. If all of an organisations’ communication devices, such as voice, fax and email, are 100% reliant on a singular network, the availability of that network does become mission critical to the business.
Therefore, the bigger picture for rolling out VoIP is not whether or not companies can protect themselves from any specific security attack; rather, it is more a case of investing in the network infrastructure to ensure your data network is capable of handling the increased complexity.