Service providers are relieved to rid themselves of the performance and interoperability constraints of working with extremely large hardware infrastructure in exchange for softswitch and IP network build-outs that open the door to economies of scale, flexibility and creative partnering.
Despite the advantages, service providers should consider the vulnerabilities that could offset the productivity and flexibility gains. They should think about network-to-enterprise vulnerabilities, in particular, as more and more enterprises "piggyback" on their networks through popular IP PBX and SIP trunking services.
SIP is the principle protocol in IMS that has proven itself to be valuable to enterprises and their service providers. In the last 18 months, SIP-savvy companies - usually small-to-midsized companies - have increasingly used SIP trunking to connect IP-PBXs directly to NGN/IMS networks. As operators use SIP-over-packet networks to enable real-time voice, video and multimedia services, they open the door to converged services that could leverage seamless roaming between mobile, public Wi-Fi and private networks for a wider range of services and devices. With SIP, they can also operate independently of any underlying transport protocols. For that reason, SIP has become prevalent for call control in VoIP for wireline and wireless 3G networks.
With all the advantages, it's easy to make security between the enterprise and service provider network an afterthought.
"When you think of the vulnerabilities at the border between enterprise and service provider, there are potential vulnerabilities for hackers, criminal organizations, or people looking to obtain information for free services," says Ed Elkin, director of marketing of IMS at Alcatel-Lucent. "With broadband continuing to spread and more interconnections through IP PBX or trunking services, not to mention the pervasive IP environment, there's more traffic than ever passing between enterprise customers' networks and service providers' edge equipment."
For that reason, softswitch networks, and the peer-to-peer interconnections have created a somewhat unruly Wild West atmosphere as operators move away from centrally managed networks. It's a very different environment than the days of TDM where enterprises connected media switches or gateways to service providers through a "known quantity" such as ISDN. Rather, the IP networks of today lack centrally managed security policies, protocols and technologies. What's needed is some sort of centrally located management or control over the core, access networks and clients; otherwise, it becomes challenging to manage security at the network boundary, and to manage interoperability and monitoring capabilities.
"If service providers don't consider how to secure and manage these services, they will have a tough time sustaining performance and security levels as demand grows," says Elkin, noting that already, configuration and provisioning headaches are being invoked by such problems as network avalanches or registration floods resulting from IP PBX problems. That of course can also touch off residual customer experience issues resulting from the subsequent loss of service and dissatisfaction among enterprise customers.