Overcoming the SIP trunking security challenge

Security padlock on a cloud

For businesses of every size, the benefits of Voice over Internet Protocol (VoIP) are becoming ever clearer: reduced costs, greater scalability, improved disaster recovery options and access to the productivity benefits enabled by Unified Communications (UC). For the reseller and vendor community alike, this provides a significant revenue opportunity in sales of the underpinning SIP trunking technology.

However, in an era of near continuous security breaches, SIP trunking is inherently vulnerable. Unsecured environments are at risk of voicemail hacking, denial of service attacks and toll fraud – and despite the fact that no business would deploy email or any web application without security, this area remains a key solution requirement that is too often overlooked.

So how can vendors and resellers ensure the cost benefits of SIP trunking are not outweighed by the security risks, and help deliver a successful implementation and long-term, secure SIP trunking strategy?

Weighing up the Financials

Singularly, the number one reason for any business to migrate to SIP trunking is financial, from the ability to connect different business locations or provide customers with low cost calls irrespective of international location. In addition, SIP is scalable, supporting business peaks and troughs, and it facilitates effective disaster recovery planning. But despite its benefits, SIP trunking is inherently vulnerable. And for the channel, the cost of making SIP trunking secure has, to date, presented a sales inhibitor that has sat at odds with the financial benefits of VoIP.

At a typical cost of £1,000, the traditional SIP security solution – the hardware based Session Border Controller (SBC) - has undoubtedly undermined the entire SIP trunking sale. What would have been a straightforward Opex deal with a 12 month ROI now demands Capex sign off and the ROI is pushed out significantly. Add in the additional sales knowledge and expertise plus the engineering experience required for the hardware implementation, it hardly becomes a wonder that most resellers, VoIP and UC suppliers and vendors have put security on the ‘too difficult’ pile.

Secure Solution Bundle

Fortunately, in the last 12 months, the SIP security landscape has fundamentally changed. The latest generation of cloud based, freemium voice firewall products can be downloaded and deployed within minutes, securing the voice network without impacting the cost benefits of SIP trunking.

For SIP trunk providers it offers the ability to provide the customer with a viable and easy to deploy ‘virtual’ SBC solution, aligning with the ‘per channel, per month’ cost model typically used. Moreover, the provider can also increase their value offering without risk of damaging the overall ROI.

For resellers, it becomes a simple option to bundle security into a complete package for a fixed monthly fee per channel. There is no additional hardware to be installed on site and the customer’s own IT department can setup and manage it within its existing network environment. And while there is, of course, a small incremental increase in monthly cost per channel that extends the ROI by a few months, the ability to gain market differentiation by addressing SIP security up front should offer more than enough compensation.

Building a long-term SIP Security Strategy

This cloud-based approach also offers vendors and resellers alike a significant additional benefit, above and beyond the initial SIP sale. It empowers a completely different way of thinking about security, one that delivers a long-term customer solution and commercial differentiation.

The deploy once, update many times model adopted by AV, web security and email security over the past two decades is well established and organisations recognise the clear vulnerabilities associated with failing to update routinely. Companies understand the importance of buying not just a security product, but a vendor’s continuous research into emerging threats and a commitment not only to routine updates but also emergency patches in response to new hacking vulnerabilities. In effect, when it comes to a continuously changing security situation, organisations recognise the need to buy products and solutions that utilise research, existing users and community to stay ahead of the hacker.

Cloud-based SBCs enable the application of this well-established approach to the VoIP & SIP trunking market, empowering vendors and resellers to pass the benefits of continuous investment in security research and routine updates on to the end customer, and deliver a reactive, real time and intelligent level of security to protect against these new world threats.

Conclusion

Despite its increasing cost benefit appeal, VoIP is vulnerable, and organisations are increasingly waking up to the security risks. With 84 percent of UK businesses considered to be unsafe from hacking according to NEC, these implications are significant and extend far beyond the obvious financial costs of huge phone bills, data breaches from voicemail hacking or the increasingly common Telephone Denial of Service threats.

Static fit-and-forget security is also not an option due to this ever-evolving threat landscape.

For vendors and resellers alike, actively raising the issue of security is therefore an opportunity to increase revenue, gain competitive advantage and build long-term customer engagement.

Paul German is CEO, VoipSec