The risk of converged networks
Converged networks represent a greater security risk.
While certainly not new, there's still a lot of talk and increasing momentum behind UC (Unified Communications) and converged networks. The premise is simple, the blending or convergence of various enterprise communication services such as: phones, email, chat, CRM, video, whiteboards, voicemail, SMS and other forms of unified messaging.
On the surface, it sounds fine, but the reality from a data security perspective is very concerning. In order for UC to work, the traditional voice and data networks need to be intertwined or converged using marketing terminology. Well, okay, that sounds tame on the first blush and theoretically sounds like it might even save money.
However, it means that now the combined network needs the same level of security throughout and its exposure is the lowest common denominator of cyber security from either (voice or data). After numerous years of dealing with phone and telco providers, it's HIGHLY concerning. In at least 90% of the installs, phone engineers will require if not demand that firewalls be removed from the equations. Barely any of them truly understand the ports needed, less even in which direction and few still the applications (e.g. SIP, RTP, etc.) riding on those ports. They certainly don't understand the risk of connecting to the data network and allowing routing to freely flow between the voice and data worlds. From a security perspective that's essential knowledge to have and we expect that for anything connecting to our networks and even more so with public access or exposure.
It gets even worse as they'll often times create a parallel network of switches and routers to make their installs easier. That's just a fancy way of saying cheaper, less secure, less complex and basically ignorant of the surrounding data networking and cyber security. That alone could be tolerable if it were truly standalone, but since we're talking about UC (Unified Communications) we have to "connect" with the other data services. What ends up happening is somewhere the two shall meet and we do the dreaded crossing of the streams. Crossing the streams is bad!
We then create a gaping security hole that most people don't even realize as the phone equipment becomes that pathway into the network and barely anyone is addressing the cyber defense needed for those systems and probably nobody is truly watching that part of the network.