We should be careful to neither understate nor overstate the significance of data security within the context of your enterprise VoIP projects. Fundamentally, we all understand that the security discussion is important and must take place early, but few of us have the desire to spend enormous amounts of energy on this topic.

We cannot ignore the fact that reasonable and prudent security planning must be viewed as a foundational building block of your VoIP deployment strategy. The trick is to determine what “reasonable and prudent” means to your enterprise, what the cost-benefit analysis reveals and where additional layering of security strategies yields diminishing returns.

Naturally, steps need to be taken to ensure that your telephone conversations are confidential and that your voice system is not opening your data network to new vulnerabilities. But every security measure and countermeasure should be subject to the same risk-benefit analysis that you would make for any other strategic technology.

For example, ordinary voice conversations have always been subject to eavesdropping by anyone with physical access to the wire and with a little technical knowledge. Eavesdropping on unsecured VoIP calls takes a little more sophistication. But this is not a new threat – only the modification of an existing threat. Payload encryption is easily reconcilable from a cost-benefit standpoint - as such this discussion is really less about whether to encrypt and more about identifying the internal and external threats and your plans for accepting or mitigating each of those risks.

Discussion points for your analysis may include:

• ‑How to ensure you are protected from internal and external eavesdropping

• ‑How you continuously guard against ever-evolving hacking that might open your network to other threats

• ‑The interplay between your VoIP solution and your broader business continuity planning

1. Establish Enterprise-wide Security Policies

• ‑Start with a top-down analysis, and determine whether the security policies meet the business needs of the organization.

• ‑Decide whether to encrypt voice payloads and what level of encryption to deploy across all devices. Ensure that the necessity for end-to-end encryption outweighs the additional complexity and administration costs.

2. Determine Perimeter Protection Strategy

• ‑Firewalls that are simple and necessary for data traffic may not be the best solution for voice due to complexity and vulnerabilities.

• ‑Session Border Controllers (SBC), which direct voice traffic around the firewall, are less vulnerable due to their hardened nature and they offload the traffic from the firewall.

• ‑Virtual Private Networks (VPNs) or encrypted “tunnels”, technology you may already have deployed, minimize the changes to your existing environment.

3. Choose Inherently Secure Technologies

• ‑Consider geographical separation of your core servers into two or more data centers.

• ‑Solutions built on Unix Linux operating systems are less likely to be the target of hackers than those built on Windows.

While many prefer to use an outside consultant to help navigate these discussions, a trusted relationship with your key vendors will prove to be equally fruitful.

Robert J. Doroshewitz, esq is Director, Professional Services, SIP Platforms and Network Integration at Siemens Communications (www.siemens.com/open). He can be reached at bob.doroshewitz@siemens.com.