|
VoIP Vendors and Integrators |
With the emergence of VoIP in business scenarios, a bevy of startup pure-play security companies like Sipera Systems Inc. have cropped up as legacy vendors scurried to adapt. Ditto networking gear vendors.
"Traditional security companies are stepping in and picking up VoIP -- look at Enterasys and Tipping Point, and then there are the pure IP security providers," says Charlotte Dunlap, an analyst at Current Analysis Inc. in Sterling, Va.
Zeus Kerravala, senior vice president of global enterprise research at Yankee Group Research Inc. in Boston, recommends CIOs talk to Cisco Systems Inc., Juniper Networks Inc. and Checkpoint Systems Inc. about their traditional network security needs. "As you start doing more business-to-business VoIP, you can start checking out the specialty security providers," he says.
It may seem counterintuitive, but for many midmarket companies it may make sense to let the telcos do the heavy lifting in any migration. The Tile Shop Inc., for example, is relying on Qwest Communications International Inc. to move its 41 stores to VoIP. The work began after 14 months of negotiation, says Keith Cooney, IT manager at the Plymouth, Minn.-based retail chain. "We think we'll realize savings simply on the long distance charges," he says.
For those who don't like the idea of their carrier being their VoIP integrator, there is another route: Pundits think managed services providers will play a growing role in providing VoIP capabilities for midmarket customers.
-- BD |
Security experts expect phone phishing incidents to increase as more companies adopt VoIP. In these incidents, the attacker sends a spoofed email telling the recipient to call a number to reactivate a bank or credit card account. Companies should periodically remind employees to fend off such pleas and never respond to unsolicited email from seemingly real financial institutions.
Several midmarket executives advised keeping the security bugaboo in perspective, stressing that traditional telephony had its own security issues. "Traditional voice was a lot easier to get to," said Bob Glaze, CTO for the city of Oakland, Calif. "Any technician could get into your basement with a headset and listen. That's harder to do with voice in data packets."
Glaze estimates his VoIP enablement project is about halfway done. When completed, VoIP will cover 115 locations ranging from small recreational centers to fire and police departments. The project, which started with pilots in 1998, has already saved money. "For what we were spending on Centrex" -- Centrex switches reside at telco providers that are rented out to customers -- "we did a license with Enterasys and ShoreTel for six years of service including maintenance," Glaze reports. (ShoreTel Inc. provides VoIP-enabled PBXs, and Enterasys Networks Inc. provides a range of VoIP hardware and security products.)
He acknowledges that, on the security front, denial-of-service issues were a concern. One way to allay the fear is to segregate voice from other data traffic. "We subnetted it so voice is separated out from data traffic and has a QoS [quality of service]," he says. "Our pipe is split so voice gets the priority."
Implementers also need to be wary of promised "silver bullet," all-in-one security solutions. Before even bringing in a consultant, a CIO should examine the network as it exists and at least generally assess future needs, Thermos says. "If you can come up with five to 10 security requirements, you can go out to vendors and mandate that they have these controls in place if they want to deploy in your environment." (See sidebar.)
|
 |
|
|
