VoIPshield, a global provider of Voice over Internet Protocol (VoIP) security solutions, announces third party confirmation that VoIP systems can create significant enterprise information security gaps. Since 2007, the company has been developing products to address these security concerns and recently launched VoIPaudit 3.1™, which enables organisations to easily assess, monitor and secure their VoIP communications environment.
“We engaged J Arnold and Associates to conduct a thorough analysis of the VoIP market,” stated Rob Gowans, President and Chief Executive Officer of VoIPshield. “We believe we have a valuable solution to help enterprises better manage security exposure and internal control requirements when deploying VoIP, and wanted to verify market demand. The resulting white paper, VoIP Security: More than Just IT Risk, points to a growing and serious situation whereby organizations must address their voice security risks.”
“Having followed VoIP since 2001, I’ve seen a lot of evolution, but little attention has been paid to network security,” said Jon Arnold, principal of J Arnold & Associates and author of the white paper. “A lot still needs to be learned about the security risks not only within VoIP systems but also the risks that VoIP poses to the wider enterprise network, and that was clearly validated by our research.”
Three key outcomes of the white paper:
1. Auditors may not fully understand the nature and extent of IP voice communications within their or their clients’ organisations, and as a result, VoIP is not typically included in their audit planning. As VoIP and Unified Communications (UC) are both being heavily adopted by enterprises, it is time to include this technology into risk-based audit plans.
2. As enterprises adopt VoIP and UC, security risk is a growing concern. Increasingly, when organizations are hacked, they are not aware of the nature or extent of how they are being compromised. These threats remain one step ahead of existing security programs.
3. Because voice communication is often not included in enterprise security audits, simply meeting current control and compliance requirements excluding voice may not ensure a fully secured network.
“VoIP causes blind spots for organisations. In order to obtain its benefits, VoIP has to be integrated with existing systems and networks, but at the same time, they introduce new risks,” noted Chris Anderson, CISA, CISSP, principal of Castlekeep Inc. and advisor to the company. “Threats can harm VoIP’s operations by, for example, causing disruption to customer service, but they can also be a path for hackers to penetrate an enterprise’s entire network.”