News

12:38 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Converged Communications

Traditionally touted for their cost savings and enhanced functionality, Voice Over Internet Protocol (VOIP) and IP telephony now are helping banks to improve resource management, business continuity, customer service and overall performance.

Traditionally touted for their cost savings and enhanced functionality, Voice Over Internet Protocol (VOIP) and IP telephony now are helping banks to improve resource management, business continuity, customer service and overall performance.

Q: How/why are banks using VOIP and related IP telephony solutions?

Jeff Van Houten, Parish National Bank: Primarily, PNB has chosen VOIP as a cost-savings measure. As the bank expanded, we recognized a need for a telephony technology that would give us low up-front costs [and] low maintenance costs, and allow us to spend our recurring telecom budget productively. By using VOIP we gained efficiency in our WAN lines, freeing up needed bandwidth for other technologies, such as videoconferencing and remote security monitoring. If your telecom budget is more or less fixed, you might as well transport higher-value-added services over those lines, as opposed to leaving large blocks of bandwidth strictly for voice calls.

Martyn Roetter, Arthur D. Little: Savings from IP telephony can include reductions in charges for circuits and conference calls; lower expenditures on moves, adds and changes, and on voice and data systems maintenance; plus improvements in areas such as call center productivity and disaster recovery capability. However, these benefits do not come automatically. Careful planning is required to avoid some pitfalls unknown in traditional telephony.

Jim Bright, Cisco Systems: While cost savings is almost always the starting point for banks, most are experiencing better employee productivity and flexibility, which very often translate into better customer service.

Q: What are the risks and/or security concerns for banks implementing VOIP?

Van Houten, Parish National Bank: You need to distinguish between VOIP as a technology and VOIP as a popular press term when addressing security concerns. VOIP in the popular press refers to two distinct technologies: the transport of phone calls via packet-based IP and the use of Internet-based carriers to connect callers. Internally, VOIP can be made more secure than traditional hardwired technologies through advanced techniques such as encryption. If using an Internet-based carrier, there are some legitimate concerns, however. But I would expect most bank deployments to use traditional carriers as a gateway to external callers; therefore, inadequate security shouldn't be a deterrent to adoption.

Roetter, Arthur D. Little: Some risks, such as network unreliability, can be managed by applying existing well-established engineering practices for IP networks, while for others - including security risks - comprehensive best practices are still being developed. Networks can be designed with prioritization or even separation of voice and data traffic so that delay-sensitive voice is not blocked by data traffic during periods of network congestion.

However, although the security of VOIP has not yet become a major threat, it is a legitimate concern for banks. Customer voice mails could overflow with spam audio files sent to millions of IP phone addresses. Banks should build in security from the beginning with, for example, special firewalls to restrict VOIP network access and detect intrusions. Nevertheless, the greatest risks to security still may lie with people, not technology - if laptops or flash drives containing account information are lost or stolen through carelessness, or a bank hires a criminal hacker, for example.

Brian L. Buffington, AT&T: VOIP has to be treated in the same way a firm would treat its data - it needs to be highly secure, particularly for financial services organizations. When VOIP is introduced, the security requirements for voice applications become much more stringent than with traditional telephony. Security must be inherent to a bank's network, and banks must have clear governance policies. Businesses should perform a security audit to make sure all the pieces are in place before launching a VOIP solution.

Peggy Bresnick Kendler has been a writer for 30 years. She has worked as an editor, publicist and school district technology coordinator. During the past decade, Bresnick Kendler has worked for UBM TechWeb on special financialservices technology-centered ... View Full Bio

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.