What Cisco isn't telling us about VoIP and data leakage - July 17, 2008
Orlando Florida -- Large software and infrastructure vendors have been pushing companies toward unified communications (UC), but many firms are viewing UC as another avenue for data leakage, according to a recent survey conducted by Black Diamond, Wash.-based Osterman Research Inc.
"Some firms are shopping for data leakage prevention tools as part of their unified communications projects. Many fear that sensitive company data could be difficult to control when email, Voice over Internet Protocol (VoIP) and instant messages meld with collaboration systems, multimedia services and transactional systems", says Brian McCarthy President and well-known Security Consultant for Sencilo solutions Lake Mary Florida.
Nearly 50% of respondents are concerned about information leak prevention in their current or planned unified communications implementations, and 23% of those view leak prevention as a top priority, according to an online survey of 109 mid-to-large IT organizations in North America, conducted last month by Osterman Research.
"The major vendors are really pushing that UC message, and I think companies are starting to respond and understand that UC is a good thing, but it creates even more opportunities for data leaks," said Michael Osterman, president and principal analyst at Osterman Research.
The survey was commissioned by Belmont, Calif.-based messaging security vendor FaceTime Communications Inc.
IT pros fear a number of threats posed by melding communications onto one common data network. An attacker can intercept VoIP, instant messaging (IM) and other traffic, or worse, they can conduct a distributed denial-of-service (DDoS) attack by using a VoIP protocol to flood systems with session requests. Others fear an increase in vishing, the VoIP-enabled form of phishing.
But the risk of those forms of attack is minimal, Osterman said. Insider threats from unintentional or accidental leaks pose a greater threat, he said, and the survey suggests that IT organizations are heeding that message. Forty-eight percent of respondents view unintentional or accidental leaks of information by employees as a serious concern, as compared with 31% who named data loss due to malicious software as a serious concern.
Osterman said he's still seeing companies willing to accept the risks involved with UC rather than being proactive by implementing technologies or sound security policies. For example, a consultant couldn't convince a company to implement an email archiving system. The firm decided to pay fines instead.
Companies need to begin with the basics and develop a multi-layer defense strategy, Osterman said. Companies can implement portions of a data leakage prevention system by focusing on the data governing rules outlined by their industry. For example, a merchant can implement a system that monitors all outbound email and IM for 16-digit character strings.
"We're starting to find organizations that are at least thinking about the issues, but there are a lot of companies that don't realize the negative ramifications of what they're doing," he said.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-compliance-management.php
Sencilo Solutions is a Florida-based integrator specializing in network storage and information security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, RSA, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Kissimmee, Lakeland, Maitland, Cape Canaveral, Lake Mary
Other products include Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp Compliance vs. Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare data leakage enVision Data Loss Prevention Encryption and Key Management CA Symantec Juniper
