200 OK Voice Security: Failure to Imagine Your Network At Scale


  • Building a new service? Think about the security when it's thousands of times bigger

  • Will you be able to update authentication, replace TLS certificates, replace software, or do other critical changes after years of growing your service?

 

One of the most common network cybersecurity problems is can't be quickly fixed with a keyboard: it's failure to imagine your network at scale. Networks that start small can grow to be large and unwieldy. Consider the Mergers and Acquisitions in the VoIP space -- all the companies bought by Vonage buying Vocalocity; BluIP buying The Voice Factory; Comcast buying Blueface; Momentum buying IBBS and others; rollups like Fusion including Megapath. Many of the component networks began small, but rapidly grew.

Most networks, new services and features, get built exactly once. And during that time, you might manually fine-tune all the settings, and deploy the services very carefully. Customers may really enjoy the white-glove treatment. 

Think about the handsets -- CPE, SIP phones, ATAs, User Endpoints like those from Poly/Polycom, Cisco, Yealink, Obihai, and others. Typically a lot of thought is given to choosing the right endpoint and pricing it well. But too often, engineers overlook the network design where that phone can be put on a desk and then security can be maintained all the way through. It can happen that ease of use -- especially for the network engineering and deployment team -- trumps a solid provisioning and deployment regime that ensures security.

After these devices are deployed -- thousands of them -- it's too late to go back and wish you had made them secure. In the worst case, they're deployed manually, so any time security changes are needed, somebody has to go back and manually touch the devices.