VoIP in financial services: Balancing the benefits with infrastructure and security concerns

Mark Vernon discusses the use of VoIP in the financial services industry. While it has the potential to dramatically cut operational costs, it is not without its problems. He illustrates this with one success story, and a couple of recent reports that urge caution.

Stay up to date with the latest IT news and information affecting the world of finance with TechRepublic's free Financial Services IT newsletter, delivered each Wednesday. Automatically sign up today!

Voice over IP (VoIP) is an attractive proposition to financial services firms. With frequent calling between widely dispersed locations, telephony is a major cost to banks, which VoIP promises to cut. In addition, the integration of IP-based communications channels has the potential to increase productivity while saving money. Converging voice and data systems makes it possible to merge operations that were once separate, and to control the system from a central location. Benefits abound, but there are also potential disadvantages. First, let's look at a success story.

Consider SouthTrust, the Birmingham, AL-based bank that merged with Wachovia in November 2004. Before the merger, in 2000, SouthTrust completed what was then the world's largest multisite deployment of Cisco's VoIP technology, embracing more than 10,000 users across nine states.

SouthTrust reported that the number one benefit of the Cisco solution was cutting costs. In the first year of deployment, it cut more than $5 million in telephony costs compared to actual costs in the previous year—and since then it reports annual savings of about $5.7 million.

Perhaps more importantly, SouthTrust's users liked VoIP too. A post-implementation survey, with 438 sites or departments responding, ranked overall system performance as good, with reliability of calls, quality of voice mail, quality of local and long distance calls, and VoIP features all rating good, or between good and excellent. Because of the success of SouthTrust's VoIP implementation in 2000, Wachovia plans to roll out telephony to most of the newly-merged company over the next two and a half years. However, despite the positive results in this case, two recent reports are raising other questions as to the use of VoIP in financial services.

The first is from the business consultant company BearingPoint. Its report makes a general observation about the global networks of many financial services firms, pointing out that they are often "networks of networks"—that is, systems that are not integrated so much as cobbled together. "The result is often inefficiency, high cost, inadequate disaster recovery, and an inability to deliver new bandwidth-intensive applications," the report says.

This is not news to most banks. Heterogeneous systems that have been poorly linked together, particularly after mergers and acquisitions, struggle to provide the bandwidth or quality of service that IP telephony requires. In reality, then, BearingPoint suggests that the global deployment of VoIP—the scenario in which it should offer its greatest benefit to banks—may not, in many cases, be possible.

While BearingPoint's report points out the problems with the networking infrastructure that is required for VoIP, the second report concerns security and comes from a new body, the VoIP Security Alliance. It was launched in February of this year and aims to promote the security of VoIP networks.

One of its first acts was to issue a warning. Founding members from VOIPSA and security vendors such as Avaya, Qualys, and 3Com agreed that as VoIP deployments become more widespread, the technology becomes a more attractive target for hackers, increasing the potential for harm from cyberattacks. The implication is simple: VoIP application attacks will increase as hackers become more familiar with the technology. The fear is that they will discover ways of snooping in on VoIP calls, or even rerouting them.

Coupled to this alert is another one from the National Institute of Standards and Technology (NIST). This U.S. government body recently warned organizations switching to VoIP to "proceed with caution." The report, "Security Considerations for Voice Over IP Systems"(draft SP800-58) includes nine specific recommendations for IT managers, such as building separate voice and data networks, configuring firewalls, and conducting security testing.

The message is clear. If the reliability, quality, and economics of VoIP are now proven, market vendors must turn their attention to the limitations of current network infrastructures as well as the increasing burden of securing those networks once VoIP is implemented.

Editor's Picks

Free Newsletters, In your Inbox