An Ottawa start-up company has secured seed financing to help it develop software solutions for what it has identified as the soft underbelly of the Voice over IP revolution: security.
VoIPShield Systems has been in business and
product development for about a year, and recently received $2 million from Toronto’s Brightspark Ventures to complete development of two products, VoIP Audit and VoIP Guard.
Co-founder and CEO Paul Slaby said VoIP is really starting to take off, and will eventually replace old telephony systems at the enterprise and carrier levels. But there’s a piece of the puzzle still missing.
“Security hasn’t properly addressed yet, there’s an awareness in the industry this needs to be strengthened and done properly,” said Slaby. “There’s a pretty good opportunity here.”
Unlike data service, with a VoIP network uptime and quality of service are much more important. While you can wait for your e-mail to download, people expect a dial tone right away.
There are also new challenges arising from moving voice from an isolated telephony network to an IP network. By its nature, an IP network is far more open and less isolated, opening voice service to a whole new range of security risks.
Equipment vendors like Cisco Systems, Nortel Networks and Avaya are building security features into their products. While that’s a good thing, Slaby said enterprises and carriers need to operate in a multi-vendor environment, and need tools to evaluate vendor claims. “There is no such thing as bullet-proof security, we know that from data networks and it’s the same for voice,” said Slaby.
VoIPShield’s first product, VoIP Audit, is currently in Alpha testing and beta customers have been lined-up for a June release. Slaby said there has been strong interest from security consultants and integrators who could offer services around the product.
“As VoIP technology is being deployed there’s a lot of confusion and lack of understanding around how it needs to be done and the security risks,” said Slaby. “These security management tools will allow them to manage and assess the situation pre- and post-deployment.”
They’re also working on a more complex product, VoIP Guard, scheduled for Beta release by the end of the year. It is designed to protect networks from those risks identified, like a rapidly propagating worm.
“It’s a VoIP-specific threat mitigation system,” said Slaby. “This product will be able to manage that situation so you maintain voice communications even in the presence of a worm or other threat.
In the U.S., an industry group has been formed to identify and research VoIP security risks, and raise awareness of the issue. Members of the VoIP Security Alliance include Avaya, Symantec and 3Com, as well as Nortel Networks and Bell Canada.
“It’s a fairly nascent market still but there are definitely companies that are working on and marketing voice-specific solutions,” said spokesperson Laura Craddick. “I think you’ll see more and more of that as VoIP becomes more prevalent.”
Because it’s still a fairly new technology and not much research has been done, Craddick said there’s not a lot of known VoIP security threats. As with most technologies, as it becomes more prevalent it becomes more of a target for hackers. The alliance aims to address that by researching the threats and sharing best practices
While it’s a new technology, IDC Canada’s vice-president of IT security research, Joe Greene, said security fears have been one of the factors limiting wider adoption of VoIP. By moving onto an open IT system, it becomes wide open to the same kinds of risks faced by data networks, like denial of service attacks and spamming to identity theft and manipulation.
“We’re already seeing that in the voice world with cell phone attacks,” said Greene. “Anything that is attackable, (hackers) are going to turn their attention to it eventually.”
As more companies do turn their attention to developing security products for VoIP, Greene said those types of fears will eventually go away, letting users have more faith in the technology and fueling wider adoption.
“Any products and services that help protect the network will obviously help the service providers market and sell their services,” said Greene.