Business and government customers will now be able to more effectively identify and manage security risks associated with voice over Internet protocol (VoIP) by using Verizon Business' newly enhanced VoIP Security Assessment Service.

The professional service offering -- supported by a Verizon Business team of nearly 300 expert security professionals -- addresses the growing concern over VoIP security at a time when more and more companies are deploying Internet-protocol telephony to anticipate future communications requirements, improve employee productivity and enable employee-mobility programs.

"Security is the No. 1 concern customers express about VoIP," said Nancy Gofus, vice president of product management, Verizon Business. "Addressing this issue helps ensure that customers will be able to depend on their next- generation VoIP networks for the high-quality performance and high-level availability they expect, and help increase efficiency and productivity."

According to market intelligence and advisory services firm IDC, demand for premises- and network-based VoIP services is expected to experience significant growth over the next five years, with revenue increasing from $2.9 billion to $6.9 billion. This growth, coupled with a corresponding increase in application-driven business processes and network complexity, will drive security awareness and requirements.

"The VoIP security assessment service launched by Verizon Business offers a comprehensive approach to identify, assess and mitigate potential threats to VoIP systems," said William Stofega, research manager for VoIP services, IDC. "Despite the growing interest in VoIP, security remains a primary customer concern. This type of security assessment service, with its focus on equipment, policies and network architecture, can be highly beneficial in helping to safeguard next-generation VoIP networks."

Verizon Business Approach to VoIP Security Assessments

The Verizon Business VoIP Security Assessment Service is designed to identify and address potential security vulnerabilities associated with customer premises-based VoIP and hosted IP PBX systems from any hardware and software vendor.

The vulnerabilities range from risks inherent in traditional voice and IP- based data networks, including loss of service, fraud, privacy, denial of service attacks, viruses and SPIT (spam over Internet telephony), as well as newer vulnerabilities related to the integration and interoperability of VoIP software and hardware. In addition, a host of new risk factors are created when traffic is handed off between traditional phone and next-generation VoIP networks.

The security assessment service includes a comprehensive review of customers' security policies, as well as an analysis of local- and wide-area network architecture.

Verizon Business' security team uses a holistic approach to provide customers with a detailed analysis to safeguard the confidentiality, integrity and availability of VoIP networks.

The analysis consists of a four-part evaluation to assess the security of a customer's VoIP network. The methodology is based on industry best practices and the threat categories and guidelines developed by the National Institute of Standards and Technology. These include:

-- VoIP Architecture Review - Comprehensive assessment of VoIP network architecture, designed to identify client-specific performance criteria and security objectives in terms of overall risk profile. Focuses on segmentation of VoIP traffic, presence of dedicated firewalls and VoIP servers and use of virtual private networks.

-- Network and Device Penetration Testing and Risk Assessment - All VoIP- related devices and underlying network hardware and software are scanned to test for vulnerabilities for unauthorized access, including identification of rogue devices and personal computer-based phones, or softphones. Access control lists, open ports and out-of-date software patches are evaluated and verified.

-- Evaluation of Standards, Policies and Procedures - Existing policies and procedures associated with a company's overall risk exposure and tolerance are reviewed, with a focus on policies related to personal handsets and softphones, connection of VoIP devices to local area networks, intrusion detection systems and VoIP traffic encryption.

-- Discussion of Findings and Action Plan - The assessment findings are reviewed in detail, with a focus on vulnerabilities discovered and detailed remediation plans containing prioritized recommendations for improving overall security.

Verizon Business Offers Strong Security Protection

Verizon Business provides professional and managed security services from the Internet backbone to the enterprise network. Applying the principles of security risk management to balance risk and resources, Verizon Business delivers pervasive security to help safeguard a customer's communications infrastructure and ensure continuous operation.

In addition, Verizon Business offers a comprehensive range of secure VoIP products and services, from network- to premises-based offerings, enabling VoIP customers to modernize their networks while leveraging existing investment more efficiently and effectively.