Vendors Step Into VOIP Void

VOIP poses a major security hazard for data center managers. Data centers in a number of industries are potentially at risk as VOIP rollouts gain momentum, and concerns about emerging VOIP protocols remain (see VOIP Security Poses a Problem and Vendor Points to VOIP Vulnerabilities).

Now help may be at hand from a new consortium of vendors and service providers (see VOIP Security Alliance Formed).

Austin, Texas-based TippingPoint Technologies Inc. is the prime mover behind the consortium, which is called the VOIP Security Alliance (VOIPSA). Other members include rival security vendor Symantec Corp. (Nasdaq: SYMC), service provider Qwest Communications International Inc. (NYSE: Q), and experts from Columbia University and Southern Methodist University.The group will work together on tools to tackle VOIP vulnerabilities, as well as churn out research and educational materials for users, says David Endler, Tipping Points director of digital vaccines.

Getting a disparate group of vendors to work together can be tough going, however. Last week, for example, security vendor Webroot Software Inc. parted company with an anti-spyware consortium it had founded. In a statement, the Boulder, Colo.-based firm said it was concerned with the direction the Consortium of Anti-Spyware Technology Vendors (COAST) was taking (see Webroot Splits With COAST).

Tipping Point takes pains to highlight VOIPSA's open, vendor-neutral nature, and the security specialist has already donated a software tool to the initiative. The tools developed by the consortium will also be open source, Endler says.Jon Oltsik, senior analyst at The Enterprise Strategy Group Inc. believes VOIPSA is a step in the right direction. “VOIP is a potential security nightmare,” he says. The consortium “helps bring awareness of the problem to users and helps consolidate technology solutions.”

But Oltsik admits that building an effective alliance of vendors can be like the proverbial herding of cats. “It’s always a challenge in any kind of consortium, because people have mixed agendas,” he says. ”But if it helps raise awareness and secure IP telephony, then it’s a good thing, even if it isn’t a perfect marriage."

Next month, the organization will announce which VOIP projects it will tackle first, and Endler says a number of new members will be announced in the next few weeks.

Although Endler told NDCF that VOIPSA has not been set up to develop specific standards for VOIP, it remains to be seen whether the group will develop into a de facto standards body. In other parts of the IT industry, such as the storage networking arena, issues such as interoperability have been resolved by vendors, rather than by user-driven initiatives.

— James Rogers, Site Editor, Next-Gen Data Center Forum0