January 28, 2015

Security: SIP-Based Contact Centers

Thumbnail image for SAT-for-TechNotes.jpg
As SIP explodes beyond connecting VoIP calls to a plethora of modes of communication, the hyper-connected contact center must adopt security measures to provide a whole new level of protection.

SIP is rapidly expanding far beyond a being mechanism for simply connecting VoIP calls.  In fact, there is a veritable explosion of additional modes of SIP-enabled communications that users are adopting in an IP-based world. Not surprisingly, many of these additional modes include capabilities that are a part of the hyper-connected contact center.  Rather than the contact center being based on traditional telephony, the contact center is now a conglomeration of media supporting a wide range of activities.

Our recent report, "2015 Unified Communications, SIP, and SBC Plans and Priorities," demonstrated that the number of SIP based applications has mushroomed over the past couple of years.  Growth for areas that are related to the contact center include:
  • Web conferencing - 131%
  • Collaborative workspaces - 101%
  • Desktop sharing - 99%
  • APIs to integrate other applications - 98%
  • Instant messaging - 89%
  • Presence - 86%
  • Desktop video conferencing - 50%

This hyper-connectivity presents a range of challenges, especially from a security perspective.  The most basic security threat is a Distributed Denial-of-Service (DDOS) attack.  Since VoIP calls must involve a call setup, DDoS attacks for VoIP calls are easily mounted, just as they are for any other IP-based communications; a rogue process sends out a flood of connection requests, and, when the host system responds, the process never responds, wasting precious bandwidth and processing resources over the network.  And unlike the simplicity of TCP-SYN attacks, DDOS attacks have now evolved to include UDP flood attacks, GET flood attacks, and other variations.  Additionally, as the Internet of Things (IoT) evolves, there are many new devices that can initiate such attacks on a network.

As the trend to support these different applications grows within the contact center, so does the need for additional SIP trunks and the need to secure the applications that run over them.  
The need for contact center security solutions can be seen on several levels.  So far, we've only addressed availability of the infrastructure - making sure that communications (calls) can be established. From a systems perspective, the databases that provide information for the contact center personnel to be able to work effectively must be protected.  Virtually all web sites endure a constant barrage of SQL-injection attacks.  Further, contact center personnel are highly trained professionals, and their time must be protected so that they can work efficiently.

The security question is greatly exacerbated by the rapid change in network architecture for the contact center.  Several years ago, the "call center" was housed in a central location, often accommodating hundreds or even thousands of individual agents.  Relative to what we live with today, building a "digital moat" around this castle was rather straight-forward.

Those days are long gone.  The infrastructure of the contact center may span across several data centers, including both main and branch offices.  Additionally, the infrastructure may be comprised of a hybrid model of dedicated and virtual systems and as well as a mix of premises-based and cloud-based systems.  In addition to infrastructure changes, the distributed contact center, whereby agents may work from literally anywhere - including a home office - are becoming the norm rather than the exception.  All of these components bring with them their own set of security concerns.

But is there a light at the end of this tunnel?  Fortunately, the answer is "yes."

In our report, we explored on the integral link between SIP and the Session Border Controler (SBC), which supports a wide range of functions for SIP-based communications.  The respondents to the survey for the report naturally ranked "Security for SIP Sessions" as the most important job of a Session Border Controller (SBC).  However, other desired SBC features that are relevant to the contact center include:
  • Voice transcoding: VoIP-to-VoIP - because the callers to the contact center may come in using a wise variety of packet-voice algorithms.  Further, all major carriers have already announced the intent to discontinue traditional voice (PCM).
  • Support for integrating mobile devices - because the contact center must support "callers" on any device from a phone to a tablet to a computer.  (Hopefully fax support won't continue to be needed!)
  • Call Admission Control - to help ensure that bandwidth is available for the calls. 
  • Video conferencing transcoding - which will increasingly need to support formats such as WebRTC.
  • Voice transcoding: PCM-to-VoIP - because some degree of traditional voice will be around for a while.
  • Presence - to determine agent availability.
  • Collaboration (desktop sharing) transcoding/translation - in order to provide more customized support.
  • Voice over Wi-Fi support and VoLTE - because phones will continue to evolve.
  • Instant messaging translation - especially for SMS services.

The SBC has become an integral component for enabling IP-based communications across a network,  Regardless of the deployment model (appliance vs. virtualized, cloud-based vs. premises based, etc.), it's critical that  a contact center takes advantage of the value SBCs bring to their network when it comes to providing authentication, encryption, transcoding, and DDoS protection.

This TechNote is brought to you in part due to the generous support of:

1 Comment

The State-of-the-Internet report from Prolexic provided some great technical background for this TechNote.

Leave a comment

Search Webtorials

Get E-News and Notices via Email




I accept Webtorials' Terms and Conditions.

Trending Discussions

See more discussions...

Featured Sponsor Microsites



Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Continuing past this point indicates your acceptance of our terms of use as specified at Terms of Use.

Webtorial® is a registered servicemark of Distributed Networking Associates. The Webtorial logo is a servicemark of Distributed Networking Associates. Copyright 1999-2018, Distributed Networking Associates, Inc.