Feature

Converged security

Converged security

Guy Koster
Guy Koster “Lack of competence can at best hinder introduction of an advanced technology, at worst it can destroy credibility…”

Today the term ‘convergence’ incorporates voice and data solutions including presence, voice mail, video, call recording etc. but such a positioning also requires security skills – and VoIP solutions create specific security needs peculiar to convergence. This has led to the rise of technologies such as SIP-based firewalls, VPN tunnelling, encrypted storage and end-point security solutions for intelligent mobile devices.

In addition voice over WiFi requires the network to be secured as well as site surveys to ensure coverage, high availability and QoS. All these issues offer VARs the opportunity to maximise their ‘wallet-share’ of the customer’s budget, make the customer more sticky, develop higher margin business, offer more services and to create a competitive advantage over non-security savvy VARs.

To validate this, the November 2008 BT VoIP survey, as well as in 2005 and 2007, noted that network reliability, voice quality and security Security VARs see the opportunity and are moving into this space and unless voice/convergence VARs grasp the opportunity and move the other way, they may find someone else at their customer’s breakfast table nibbling at their voice applications as well.

Ian Kilpatrick, Chairman at security distributor Wick Hill says:“Security is a major overlooked area in the deployment of VoIP, whether it is in the securing

of SIP connections which is a major vulnerability area, or analysing VoIP traffic in priority to encrypted data traffic. Alongside security, you have to consider high availability. Losing part or all of a data network is a major crisis for most organisations. However, losing voice and data simultaneously can be catastrophic. Resellers that can offer skills in both security and high availability will be at an enormous advantage in selling converged systems.”

 

Exposed

SIP is just as exposed to security threats as any other IP protocol. These threats include line hijacking, call monitoring and recording by stealth and DDoS (Distributed Denial of Service) attacks. As a result companies like Ingate and Sipera offer SIP-based firewalls designed specifically to address these issues in a voice environment.

Adam Boone, CEO at Sipera says: “Unified Communications security has very different requirements to standard data security which means that the standard data security vendors struggle to provide comprehensive competitive solutions - SIP awareness is not enough and Sipera has learnt this through the work carried out in its vulnerability assessment lab VIPER (Voice over IP Exploitation Research).” Boon continues “Each application using UC infrastructure - including VoIP, IM, video conferencing, web-based collaboration, presence-enabled applications and others - demands appropriate security controls, especially as the communication extends beyond the traditional boundaries of the secure enterprise.”

But the opportunity does not stop here – there is growing demand to address security concerns around Fixed-Mobile Convergence as companies exploit the power and capability of smartphones. Symbian is the leading operating system for smartphones with approx. 60%+ market share globally with Windows Mobile at around 25% and RIM at 10%. Smartphones are capable of supporting multiple types of applications and have become security targets.

 

Hand Held Problems

TrendMicro are aware of 80+ (and growing) known viruses in the wild targeting Symbian and Windows Mobile devices. Nigel Seddon, Regional Director for Northern Europe at TrendMicro, told me, “A growing number of malware writers are targeting iPhones and smartphones to spy on financial data and steal corporate and personal identities. With webbased mobile applications continuing to proliferate, there is a real need to adhere to the same security habits we have adopted to keep PCs safe from online threats.”

Nokia have sold in excess of 100m Series 60 smartphone devices globally and these devices are perceived by the network as simply another IP-based computing device. They are capable of accessing non-voice applications, running applications and acting independently of the corporate IP network e.g. accessing the web and being exposed to malicious downloads, inappropriate content and all the other web-based threats. They are more prone to being lost, stolen or mislaid. The 2007 Taxi Survey reported that in excess of 50,000 mobile phones were left in Black Cabs in London alone. As such they must be managed, monitored and secured in the same way as a fixed desktop or remote access device.

If your customer is adopting smartphones at some stage they plan to deliver line-ofbusiness applications to the devices to maximise the utilisation and enable remote working. Birdstep Oy in Finland offer an IPSec-based VPN client for both Symbian and Windows Mobile capable of accessing any server-based application over GSM, GPRS, 3G – and as smartphones continue to increase in power and capability this market will develop quickly.

 

Wider Issues

Customers using private WLAN for voice in order to minimise call costs also have to consider security issues as well as SLAs. AirMagnet offer a WiFi analyser to assess coverage, quality and security requirements. They are able to identify rogue access points, prevent unauthorised use, advise on coverage and monitor the network for potential harmful intrusions.

The major Systems Integrators already have security practices to draw upon but how could a mid-tier VAR unfamiliar with security technology and maybe unwilling or unable to invest in gaining the necessary skills approach security?

One option is to form an alliance with a distributor with skills in both markets to support such a move. Guy Koster, Director of European Product Management at Westcon Group comments:

“Increasingly business is taking a multidimensional view of IT systems functional definition, development and procurement putting pressure on established supply relationships. Therefore it is clear that mid-tier VARs should strongly consider partnering with distributors offering not only the broadest technology coverage but also the requisite skills capability.” Koster added; “Distributors with broad technology and market coverage can also play a role in introducing channel partners with complementary skills in order to maximise business satisfaction.

“There is also an important role for vendors to play in terms of ensuring their increasingly multi-technology portfolios are adequately represented in the channel from accreditation, capability and go-to-market readiness perspectives. Lack of competence can at best hinder introduction of an advanced technology, at worst it can destroy credibility of a given product or technology” Koster concluded.

Convergence VARs should see security as an opportunity not a threat and a natural evolution and development of their core skills into a new and lucrative market.