Mitigation of Security Concerns of VoIP in the Corporate Environment

Introduction

The business environment has changed dramatically within the last decade. Globalization and market liberalization has altered the way a firm competes within this environment and how the firm interacts both with its customers and suppliers. Currently, both customers and competition have become global. To cut costs and to ensure easy access to customers, production and sourcing have shifted overseas. On the other hand, more firms than ever are using technology for a variety of tasks and several options exist for technology procurement. The technology has become complex and sophisticated and, simultaneously, the use of communication networks is widely available at many parts of the world.

To compete during this new economy corporations are considering several strategic choices. Recent IT studies, conducted by Kaufman (2008) and Biggs (2009) agree that corporations, in several activities domains, are exploring the adoption of Voice over Web Protocol (VoIP) as a way to cut prices, to enhance productivity and, consequently, alter the firm’s strategic position.

VoIP is a technology that enables voice communication on a high speed Internet interconnection. It includes the software, a hardware and network protocol that enable the delivery of reliable service through the Internet instead of the local phone company. As shown in Figure 1 the communication can be initiated from a computer or a telephone to either a computer or to a phone via Internet. If an analog phone is used, a phone adapter is needed to convert the analog signal into a digital signal for transmission via the Internet. In many instances, the service comes with a special phone, VoIP phone, which does not require an adapter. This technology is cheap compared to the traditional phone service as international calls can be charged as local calls in some service packages.

Figure 1.

Structure of a VoIP communication schema (Kumar, 2011)

Unlike Public Switched Telephone Network (PSTN), an IP network is packet switched. In PSTN, when a phone call between two parties is initiated, there exists a physical circuit connecting the two parties. After the call is established, the parties communicated and the circuit is reserved until the parties finish the communication. In contrast, on an IP network, all communication is carried out using IP packets. When a calling party communicated with a called party, the analog signals are digitized, encoded, and packed into an IP packet at the transmitting end and converted back to analog signals at the receiving end (Wallingford, 2005).

With VoIP, widespread acceptance by telecommunication markets of all sizes, advanced features integrated in unified communications solutions, have started emerging (Ransone & Rittinghouse, 2005). However, the convergence of the voice and data worlds introduces not just opportunities but also security risks. According to Latif (2007), the much lower cost and greater flexibility are key factors attracting enterprises to transition to VoIP. However, VoIP should not be installed without careful consideration of the security problems it can introduce.

This chapter presents the main relevant security policies that could be adopted to mitigate the security vulnerabilities introduced by VoIP. Initially, Section 2 investigates the adoption status of VoIP in corporate environment. Then, Section 3 exposes the main security risks of a VoIP solution. Finally, Section 4 proposes some relevant mitigation strategies to deal with the main security issues, and Section 5 draws conclusions.