Juniper and Integ are predicting the rising take-up of VoIP services in the enterprise will bring a new wave of IP telephony-based security threats to the fore.
Both companies have compiled a list of top VoIP security issues facing the enterprise. Top on the list is DoS attacks, which can cause all voice services to be lost. The pair cited an AusCert survey which, after abnormalities are taken out, cost an average of $70,000 per organisation in 2005.
The next impending threat is Spam over Internet Telephony, or SPIT, which the two claimed would be a growing problem as organisations plug holes in their email traffic and attackers seek new ways in. Virus and worm writers would also increasingly target IP telephones, forcing organisations to be prepared for eavesdropping and toll fraud, the research stated.
The Juniper/Integ data was based on a national survey conducted by the two companies as well as analyst data and on-the-ground implementation experiences.
"Imagine coming in to the office and getting 400 or more voice calls, with only three of them being any use," Integ CEO, Ian Poole, said to illustrate what the situation could be like by 2007 when, according to analysts, PBX replacement is likely to peak.
While Integ was seeing a definite and real shift to VoIP adoption, security was a top concern to customers, he said. As a result, the integrator had partnered with Juniper to deliver a series of seminars across the country focusing on the need for VoIP security.
"We are running the seminars to educate government and corporate customers about these issues, as it is better to be aware of the threats now and take preventative action," he said. "We don't want security issues to hamper adoption."
The channel would also need to be more aware of the security issues which could potentially plague VoIP and provide customers with the right tools to combat them right throughout the network, Poole said.
"Collaboration between voice, data and security vendors/integrators will be extremely important," he said. "For example, integrators will need to have the right vendor partnerships in place and broad skill sets across voice, data and security, as well as an understanding of their customers' infrastructure and business drivers for IP Telephony Applications."
IDC analyst, Landry Fevre, said both customers needed to ensure they had a full understanding on the issues surrounding IP telephony before taking the VoIP path.
"We are really seeing the momentum now where IP telephony is becoming mainstream but there are issues to be aware of and things that organisations need to get right," he said.
"With IP security there are no 'cookie cut' solutions- you can't just say to the market 'buy this product and it will all be alright'."
Fevre warned IP security would become even more complex with increased wireless IP, mobile convergence and web services offerings coming to market.
"Organisations need to secure the end-points, servers, applications as well as the network itself," he said. "It's all about finding the balance between risk and cost."