understanding and managing the technology risks of adoption
TRANSCRIPT
ADVISORY
Voice over IP – Decipher and decideUnderstanding and managing the technologyrisks of adoption
INFORMATION RISK MANAGEMENT
If you only have time to read one page:
Context
• Voice over Internet Protocol (VoIP) and Internet Protocol (IP)Telephony are less than a decade old, replacing traditionaltelephone networks and overturning a century-old convention.
• There is a distinct lack of long-term implementation experiencesfrom which to obtain precedents for VoIP and IP Telephony.
• Implementation of VoIP and IP Telephony must be driven by theorganisation's business strategy, not technology imperatives.
• Although the desire for cost savings and efficiencies is drivingmost VoIP and IP Telephony implementations, the savings are notalways as substantial as anticipated.
• Business expansion and 'future-proofing' are additional and morecompelling driving factors.
Risks
• With VoIP, voice traffic becomes data and is therefore exposed toconfidentiality, integrity and availability threats.
• VoIP and IP Telephony implementations carry the risk of any majorIT project - inadequate benefits realisation, misalignment withstrategic objectives and cost overruns.
• IT management, operational and technical controls are essential inmanaging VoIP and IP Telephony-related risks.
The information contained herein is of a general nature and is not intended to address thecircumstances of any particular individual or entity. Although we endeavour to provide accurate andtimely information, there can be no guarantee that such information is accurate as of the date it isreceived or that it will continue to be accurate in the future. No one should act on such informationwithout appropriate professional advice after a thorough examination of the particular situation.
The views and opinions expressed herein are those of the authors and do not necessarily representthe views and opinions of KPMG International.
Introduction 2
Defined and differentiated 4
Context 6
Consider the risks 9
Next steps 16
Glossary of terms 18
Contact us 19
Contents
VoIP and IP Telephony are revolutionising the way businesses communicate. These
technologies are providing capabilities for additional business services, enhanced
productivity and competitive advantage, while offering streamlined customer service.
In the Asia Pacific region alone, industry estimates suggest that within the next few
years, VoIP could represent more than 80 percent of business telephony.
There is no shortage of expert groups, emerging service providers and press coverage
devoted to promoting the benefits of VoIP and IP Telephony. For many organisations,
questions remain unresolved on such issues as: the business benefits; the technology;
the drivers for change; the costs; maturity of the market; and the right time to adopt.
A question many organisations are not contemplating is 'what is the impact on my
risk profile?'.
An increasing number of organisations are considering the potential of implementing
these technologies. In the future, we will see a maturing market for VoIP and IP
Telephony as the business applications develop, and both drivers and business
imperatives become clearer. There will be more reasons to adopt the technologies and
in many cases it will be a competitive necessity.
The information presented in this paper will provide you with guidance when
contemplating the implementation of VoIP and IP Telephony for your organisation.
Egidio Zarrella
Global and Asia Pacific Partner in Charge
Information Risk Management
KPMG in Australia
Introduction
Risks are inevitable in the early phases of adoption of any new or upcoming
technology, largely due to limited precedents or past experiences. As the technologies
mature and organisations become more dependent on them, certain risks including
security will increase as vulnerabilities and opportunities for misuse are identified.
The risks associated with adopting VoIP and IP Telephony require appropriate
consideration to present a sound business decision prior to implementation. That is,
these technologies must be aligned with the organisation's strategic business plan.
Applying measures to minimise the risks of implementation will facilitate the
realisation of potential benefits.
Regulatory and shareholder expectations are driving governance principles in the
Asia Pacific region. This is compelling organisations to comprehensively consider
their risks, particularly those related to IT.
The security and associated risks with the implementation of VoIP and IP Telephony
must figure strongly in a well-structured business case for adoption. In an
unforgiving market, the consequences of a major security incident can be substantial
in terms of business interruptions, loss of customer confidence or cost through fraud
or missed opportunities.
Peter McNally
Asia Pacific Leader
Security, Privacy and Continuity
Information Risk Management
KPMG in Australia
4 Voice over IP - Dec ipher and dec ide
When considering VoIP and IP Telephony, it is fittingto acknowledge their potential to overturn theexpectations of more than 100 years of traditionaltelephone communication.
Before adopting new technologies, a clear understanding of the differences between
existing and potential telephony options is essential. Here, we define and differentiate
between traditional and available technologies.
Defined and differentiated
Traditional
Circuit switched
Over a century old
Third generation technology1
Wide user base
Well understood
Requires specialised knowledge
to maintain
Proven quality of service
VoIP/IP Telephony
Packet switched
Less than a decade old
First generation technology
Expanding user base
No long-term experiences
Uses widely understood IT
management concepts
Potential quality of service issues
Traditional voice networksPublic Switched Telephone Networks (PSTN) and PABXs are the traditional circuit-
switched voice infrastructure dedicated to providing a high level of reliability and
quality of service. Building, maintaining and operating these networks incurs
significant infrastructure cost, in addition to specific carrier reliance for the provision
of PSTN services.
1 Manual exchanges, automatic exchanges and digital exchanges
Voice over IP - Dec ipher and dec ide 5
Available technologiesThe wide adoption of IP has fostered the acceptance and reduced the cost of alternative
communication methods, including video conferencing and instant messaging. It is also
revolutionising how voice services are delivered through the introduction of VoIP and IP
Telephony applications. It is important to differentiate the two:
• VoIP is the practice of encoding spoken words into digitised packets (data segments)
and transporting them over data network connections (packet switched)
• IP Telephony applications refers to the applications that utilise VoIP. These can
include the simple applications that facilitate the making of a telephone call, through
to integrated applications with customer relationship management systems (CRM).
6 Voice over IP - Dec ipher and dec ide
The driversBusiness benefits can be achieved from the adoption of VoIP and IP Telephony if the
decision to implement is business driven rather than technology driven. Project
success is dependent on having a clear understanding of the business needs and
strategic organisational goals that can be satisfied by new IP Telephony applications.
Since the commercial availability of VoIP, cost reduction has been the major driver.
Using data lines instead of the PSTN enables toll-bypass between an organisation’s
sites. However, many organisations have been able to postpone the implementation
of VoIP by negotiating volume discounts on their traditional telephone service.
In addition to toll-bypass, there are many cases of cost savings being demonstrated
by factors such as: reduced maintenance; reduction in the number of PSTN access
points; standardised infrastructure; and simplified administration. For most large
organisations, however, these cost savings alone will not provide a compelling
argument for adoption compared to the risks of change and implementation.
For organisations considering the change, potential cost savings need to be balanced
against:
• Associated costs of replacing or updating data network infrastructure including
servers, switches, routers and cabling (especially older cabling installations)
• Extra bandwidth required (Local Area Network (LAN), Wide Area Network
(WAN), internet)
• Additional devices to be managed in its data network (such as handsets).
Real business benefits can be achieved when the organisation can identify new
service offerings, new channels or improvements in customer service that might
otherwise not be possible. In anticipation of ‘killer applications’ entering the market,
some organisations are implementing VoIP as a means to future-proof their telephony
infrastructure.
With maturity of the applications, the drivers for VoIP and IP Telephony will become
clearer and finding a compelling business case will probably be as easy as justifying
a corporate website today.
“To date, almost all VoIPinvestments were strictly for toll-bypass cost savings.While this still drives mostinvestments, we are seeingmore business justification from other benefits,” says Sage Research PresidentKathryn Korostoff2.
A Japanese financial institutionincurred higher than budgetedcosts after conducting a pilotimplementation of thetechnology at one of its sites. The additional costsrevolved around additionalbandwidth, handsets andupgrading cabling.
2 Intelligent Asia, http://www.intelligentasia.com/ieasiaViewArt.cfm?Artid=21631&catid=5&subcat=55, 16/08/04
Context
Voice over IP - Dec ipher and dec ide 7
Some of the other common drivers today are:
• Improved productivity enabled by integrated collaboration tools
• Standardisation across the organisation
• Consolidation of operational support and functions. For example, the functions of
end-user management are simplified to mostly keyboard tasks.
VoIP and IP Telephony make the implementation of complex features easier and
more flexible than traditional telephony. Examples of some features are outlined in
the table below.
VoIP and IP Telephonyimplementation must be linkedto clear business benefits.
Lastminute.com is using an IPTelephony-based application(VoiceXML) in the UnitedKingdom to process thousandsof accommodation bookingswith no human interaction. Thisapplication allows real-timeinformation to becommunicated to callers bytelephone, based on individualcustomer queries3.
3 Communications Convergence,http://www.cconvergence.com/article/CTM20020804S0008, 04/08/02
Features in practice
Unified messaging
Mobility
Integration with CRM
Integration with Enterprise
Resource Planning (ERP)
systems
Description
Integration of several communication modes
(such as email, telephone, instant messaging,
fax) to enable sending and receiving from a
single interface
IP Telephony allows organisations to further
harness Virtual Private Network (VPN) technology
to improve workforce mobility, as phone numbers
follow staff wherever they log in
VoIP allows a caller to be recognised by their
number and have the information on-screen in
the call centre before the call is answered. Whilst
this technology is currently available with
traditional PABX, it is easier with VoIP
Integration of IP handsets with Enterprise
Resource Planning (ERP) applications (such as
SAP) for improved billing and call monitoring.
This enables organisations to internally charge
departments for phone usage
Mr Tim Gadsby, Manager Telecommunications & Security Servicesat Australia’s Challenger Financial Services, stated that the coredriver of the VoIP project was the requirement of a flexibletelephony system over a number of sites to meet the physicalexpansion of the business.
8 Voice over IP - Dec ipher and dec ide
The marketThe market for VoIP and IP Telephony is being led by the U.S. The Asia Pacific
region is also demonstrating aggressive adoption.
Current market activity includes the following developments:
• Enterprise IP phone shipments in Japan are expected to grow at 150-250 percent
per year from 2004 to 20075
• Implementation is usually a phased approach and mainly based around pilot
programmes at one site
• Based on discussions with a number of clients, many organisations in the Asia
Pacific region only consider implementing VoIP when traditional PABX systems
have reached their end-of-life
• The rapid uptake of broadband in countries like Korea6 provides an attractive
framework for the deployment of VoIP and IP Telephony direct to consumers.
4 New Voice over Internet technology, http://www.voipbox.de/archive.php?blogid=1=2004=07<http://www.voipbox.de/archive.php?blogid=1&y=2004&m=07> , 31/07/04
5 Enterprise VoIP in Japan Accelerates with Broadcom's IP Phone Chips,http://www.embeddedstar.com/press/content/2003/9/embedded10346.html, 6/08/04
6 Leaders or Laggards - Australia's Broadband Future, KPMG, 2004
“A few years ago they said itwas a toy. Now, the biggestcompanies in the U.S. areadopting the technology.”4
Mr Fu Chi-chung, Vice President,
Seednet (Internet Service
Provider), Taiwan.
Voice over IP - Dec ipher and dec ide 9
There is extensive information available fromnumerous sources including vendors, researchersand the media, regarding the benefits of VoIP and IP Telephony. However, there is a distinct absence of information detailing the risks and associated riskmanagement practices. As a result, organisations’preparedness for these new technologies isinadequate.
Without adequate risk management, VoIP implementations can result in reputation
damage, a negative impact on customer service or affect the bottom line. The
overriding risk is that the implementation of VoIP and IP Telephony will not meet the
requirements of the business. Organisations need to understand the impacts that these
technologies have on their business processes, and then match them to the business
strategy.
Discussions with our member firms’ clients and recent project examples of VoIP
project failure demonstrate that organisations require a greater focus on risk
management as the level of technology sophistication increases over time (refer to
diagram below).
Consider the risks
Risk management of projects such as VoIP is crucialconsidering there are no long-term experiences to draw upon.
$
Technologysophistication
Capital expenditureOperating costs
Risk management requirements
Technology sophistication over time
10 Voice over IP - Dec ipher and dec ide
We believe that the risks of VoIP and IP Telephony implementation can be broadly
categorised into two core areas:
• Project risks
• Security risks.
Project risksThe implementation of VoIP and IP Telephony may be organisation-wide or in key
lines of business (such as the customer service call centre) where the most immediate
benefits might be realised. In either case, they are likely to represent a dramatic
change to critical organisational infrastructure and therefore, require strong project
management principles to be followed. Examples of implementation risks and the
potential effects are outlined in the table below.
Inherent risk
Unclear business case
Unclear roles and
responsibilities of involved
parties (eg. vendor, integrator,
organisation, outsourcer)
Inappropriate vendor
selection
Inappropriate system
selection
Failure to accurately evaluate
bandwidth and other capacity
requirements
Lack of internal resources
with the necessary skill sets
Potential effect
Unrealised benefits (eg. technology goals
achieved, but no business advantage)
Lack of accountability and key tasks
incomplete
Unable to meet project needs (eg.
hardware lacks required functionality)
Unable to meet business requirements
(eg. applications do not fully integrate with
VoIP infrastructure)
Unexpected cost increases (eg. additional
bandwidth required or cabling upgrades)
Degraded project quality and/or delays (eg.
unable to effectively negotiate with vendor
or integrator to achieve stated security and
other business objectives)
Example controls7
Clear cost/benefit and business impact
analyses, project metrics and appropriate
project monitoring controls
Clear definition of roles and responsibilities
(the importance of this is magnified when a
business function is outsourced)
Vendor selection due diligence
Definition and matching of business
requirements
Definition of business requirements
Understanding of business strategies and
direction
Technical understanding of network,
applications and devices
Skills inventory
Appropriate training
Use of appropriate external resources
7 These controls are examples only. Control design would require detailed analysis based on specific network characteristics and business needs. Controls cannot be totally effective in all circumstances and some residualrisks might remain.
Voice over IP - Dec ipher and dec ide 11
A retailer based in Singapore has recently implemented VoIPwithin one of its main outlets. During the planning phase, theproject team underestimated the volume of traffic that wouldtraverse the network. Due to congestion, it was necessary toredesign and upgrade the network infrastructure, which had cost implications that had not been factored into the originalproject plan.
Part of project risk management requires consideration of the cultural impact to the
organisation. Any technology implementation will affect end users.
Some of the cultural risks associated with the uptake of VoIP and IP
Telephony include:
• Changing telephony (a key working tool) without consultation and end user
buy-in could have consequences such as rejection of new features or functionality
• In many organisations, voice and data communications are managed by separate
groups. For example, PPL Services Corporation (a U.S. energy utility company),
identified the merging of staff and duties as an issue and started planning a
restructure prior to implementation8
• Ownership of the IP Telephony service, with one party looking after networking
and another looking after application servers. There may be a lack of clarity over
key roles and responsibilities, which leads to inefficiencies.
Widespread dissatisfaction wasexperienced when a Philippines-based hospitality companyreplaced its handsets withphone applications running onindividual computers. To make aphone call, users were requiredto have their computerswitched on and be logged ontothe network. Consequently,mobile phone usage increased.
8 Computerworld, http://www.computerworld.com/networkingtopics/networking/voip/story/0,10801,90808,00.html, 18/08/04
Security risksThe introduction of VoIP means that voice traffic needs to be treated in the same
context as data for security purposes since it will share a common medium.
The increased technical complexity of integrating voice and data into one network
further increases an organisation’s dependence on network availability. Many
organisations fail to recognise that with this increased technical complexity comes
increased security and availability risks that must be appropriately assessed, and the
necessary risk management measures applied.
As hardware PABX systems are replaced with computers and network hardware
running common operating systems, networks will become increasingly vulnerable
to common threats such as viruses and denial of service (DoS) attacks. Exposures
that were experienced with traditional systems are more prevalent with VoIP and IP
Telephony, as networking awareness is more widespread. Each entry point to a
network is a potential point of attack and therefore risk management is essential. This
logically includes every IP-enabled telephone handset or other IP Telephony device.
Hacking techniques for VoIP networks are widely published (refer to the table
below).
12 Voice over IP - Dec ipher and dec ide
Hacking technique
Call redirection
Use of inactive handsets as listening
devices
Use of IT network tools to intercept
data packets
Reprogramming handset
Potential outcome
All calls diverted to a premium cost
service such as '1900' services in
Australia or the U.S.
Eavesdropping on sensitive
discussions eg. Board meetings
Eavesdropping or retransmission of
telephone conversations
Network flooded with meaningless
traffic
A disgruntled employee of a multi-national insurancecompany used a recentlyinstalled VoIP/IP Telephonysystem to eavesdrop on aBoard meeting. The employeeintercepted confidentialinformation that wassubsequently leaked to the press.
Voice over IP - Dec ipher and dec ide 13
9 These controls are examples only. Control design would require detailed analysis based on specific network characteristics and business needs. Controls cannot be totally effective in all circumstances and some residualrisks might remain.
The following table summarises VoIP and IP Telephony security risks and controls
based upon the three tenets of security - confidentiality, integrity and availability.
Security characteristic
Confidentiality
Integrity
Availability
Definition
Assurance that only the
intended recipient receives
the communication
Assurance that the
communication is unaltered
Assurance that the VoIP
communication medium is
efficient and effective
Inherent risk
Eavesdropping through
interception or duplication
Packet loss, insertion or
alteration
Lack of capacity
Inadequate system
management
Denial of service attacks
Viruses and other malicious
software
Increased number of
attack points
Example controls9
VoIP encryption
Use of strong authentication
and access controls
Confidentiality controls plus:
Quality of service protocols
Integrity controls plus:
Gateway security controls
and configuration
Segmentation of voice
and data components
Anti-virus software
Hardware redundancy,
Service Level Agreement
(SLA) with vendor
Endpoint operating
system controls
14 Voice over IP - Dec ipher and dec ide
A potential implication of notencrypting is having a user'sphone banking details (accountnumber or pin tones)intercepted across the network.
A Korean utilities companyimplemented encryption overits entire VoIP network acrossthe country. This wasundertaken to mitigate againstintegrity and confidentialitythreats.
ConfidentialityTraditional telephony operating over a dedicated PSTN network does not require
encryption. A confidentiality breach in the traditional network generally requires
physical connection to the network to eavesdrop on conversations from selected
lines. This can be complex in large networks.
With VoIP, the nature of the underlying protocol makes it relatively easy to identify
calls from a particular location from anywhere in the direct network. Tools to enable
eavesdropping are widely available and encryption of voice traffic is the essential
means to combat this. In the event that voice traffic is carried over an external
network (such as the internet) eavesdropping would be a risk. An example of the
potential implication of not encrypting is having a user's phone banking details
(account number or pin tones) intercepted across the network.
Encryption can minimise the threat of VoIP eavesdropping, however, a risk
assessment must be made based on the sensitivity of calls and the level of control
over the network infrastructure. That is, use of Private IP networks as opposed to the
public internet. A dedicated VoIP VPN can be used to encrypt data over disparate
locations, however, if encryption is not performed between the appropriate endpoints
(for example, between gateways instead of between handsets), the encryption might
not be effective.
Another consideration is the risk that infrastructure might not be compliant with the requirements of future privacy ortelecommunications legislation, particularly where there aremultiple jurisdictions involved.
IntegrityVoIP packets travel independently of one another, and like data packets are
vulnerable to loss. This does not generally pose a problem for data packets, however,
this may have implications for VoIP communication. Out-of-sequence or lost data
packets can result in degraded voice quality.
Strategies to minimise this data loss include jitter control, sending duplicate data or
concealing lost data. Jitter occurs where the timing between VoIP traffic varies. Jitter
control holds VoIP packets in memory until the slowest packets arrive and then
transmits them in the correct sequence10. Correct sequencing of voice packets will be
aided by prioritising voice data over conventional data on the network.
The risk of insertion and alteration of packets can be reduced by the adoption ofencryption. Without knowledge of the encryption key (ordinarily kept confidential),encryption makes it very difficult for a packet to be altered, or for a rogue packet to be inserted.10 Achieving voice quality in packet networks, Sandeep Sharma, Express Computer, 11/11/02
Voice over IP - Dec ipher and dec ide 15
AvailabilityWith voice and data now sharing the same medium, the risks associated with
availability increase and require appropriate assessment by management. Voice is
a critical real-time application for every organisation, and quality cannot be
compromised. Threats to availability range from small errors which affect voice
quality through to system outages affecting part or all of the network.
One concept that has been used to deal with availability is quality of service (QoS).
VoIP requires a different approach to the way in which information is delivered
compared to traditional data networks. This is because historically, IP was designed
to deliver data on a 'best effort' basis, whereas, VoIP must deliver voice on a much
more reliable, low-latency basis.
VoIP availability is complicated further due to the links between local and wide area
networks over which the data must transfer. To combat these issues, a level of
intelligence must be built into the network to give voice priority over regular data.
Therefore, QoS protocols have been designed to provide for some level of control
over latency and delivery issues. Furthermore, as IP Telephony applications are
implemented, the bandwidth availability will increase and this will require
appropriate planning. Failure to accurately predict or manage overall network
capacity needs can lead to service degradation and outages.
For health and safety reasons, a manufacturing company in Hong Kong installed a small number of ordinary phone lines foremergency purposes in the event of a power or network outagewhich would affect VoIP.
DoS attacks can occur when a network or device is overloaded with meaningless
traffic or sent a specific command that will disable it, rendering the network
unavailable. One example of a DoS attack is repeatedly sending a hang-up command
to each handset, which is difficult to detect or prevent11. As voice is sharing a
network with traditional data, it is susceptible to the DoS techniques that have been
applied against data networks for many years. A malfunctioning or manipulated
handset has the ability to cause a DoS attack by flooding the network with traffic.
VoIP is also susceptible to viruses and therefore requires an appropriate management
framework. Depending on the telephone handset operating system, handsets might
also require virus protection.
11 Lurking threats to VoIP, Adam Turner, The Age, 20/07/04
Service quality and availabilityare now your problem.
16 Voice over IP - Dec ipher and dec ide
For organisations to have confidence that the introduction of VoIP and IP Telephony
will not increase their risk profile, they must give consideration to project and
security risks.
There are a number of management, operational and technical controls to consider.
These are summarised in the diagram below.
From the initial decision to implement VoIP and IP Telephony, organisations must
assess a number of critical areas including a clear understanding of:
• Business benefits and opportunities
• Appropriate processes to identify technologies, suppliers and implementation
requirements
• Ongoing maintenance and operational requirements
• Security and availability risks relative to the organisation's risk profile and how
these will be dealt with.
As with the adoption of all new technology, the benefits are widely discussed in the
market, however the risks to the organisation are often overlooked. Assessment of the
critical areas, in conjunction with implementation of the appropriate controls, will
ultimately shape the outcome of the project and VoIP's ongoing success. It is
important not to lose sight of the overall objective of the project and ensure that the
technology supports the strategic directions of the organisation.
Next steps
Key IT
management controls
Key IT
technical controls
Key IT
operational controls • Perform cost-benefit analysis • Perform benchmarking of technologies against successful implementation projects at other organisations • Perform formal product/system selection of potential solutions • Implement pilot project • Implement formal project risk management controls • Integrate VoIP and IP Telephony into existing security policy • End user acceptance
• Configuration management (inc. asset management) • IT change management • Security control design • Include VoIP and IP Telephony requirements as part of business continuity and disaster recovery planning • Physical security • Capacity and performance planning • Effective risk management
• Encryption • Network segmentation • Gateway security configuration • High availability network architecture • Authentication • Periodic security testing and assessment
Effective
risk
management
Voice over IP - Dec ipher and dec ide 17
Key elements of VoIP and IP Telephony implementations
Define needs
Assess risks
Manage change
Plan the project
Develop controls
Understand your organisation's needs and businessstrategies to develop a business case with clear andmeasurable success criteria
Conduct a risk assessment based on your unique businessfeatures, including the Business Continuity Managementimplications
Consider the impact on your workforce, work practices and organisation
Define a technology implementation plan considering pilotsand phased introduction
Implement key management, operational and technical controls
18 Voice over IP - Dec ipher and dec ide
pull-out quotes
Glossary of terms
Customer Relationship
Management (CRM)
Denial of service (DoS)
Enterprise Resource
Planning (ERP)
Extensible Markup
Language (XML)
IP Telephony application
Internet Protocol (IP)
Killer application
Local Area Network (LAN)
Packet
Private Automated Branch
Exchange (PABX)
Publicly Switched Telephone
Network (PSTN)
Quality of service (QoS)
Router
Service Level Agreement (SLA)
Switch
Toll-bypass
Toll expenses
Virtual Private Network (VPN)
Voice over IP (VoIP)
Wide Area Network (WAN)
VoiceXML
Methodologies and software that help an organisation manage customer relationships
Incident in which a user or organisation is deprived of the services or a resource they would
normally expect to have
A system that permits organisations to manage resources across the business
A new technology for web applications, which allows for simple data interchange between
disparate systems
Application that uses VoIP to provide enhanced functions
The method by which data is sent from one device to another (eg. one computer to another
on the internet) where each device has at least one IP address that uniquely identifies it from
all other devices on the network
The use of an innovative technology in business that disrupts traditional business models and
undermines customer relationships, distribution networks, competitor behaviour and
economies of scale and size
A group of computers and associated devices that share a common communications line or
wireless link and typically share the resources of a single processor or server within a small
geographic area
A unit of data that is routed between an origin and a destination on the internet or any other
packet switched network
An automatic telephone switching system within a private organisation. Sometimes known
as a PBX
The world's collection of interconnected voice-oriented public telephone networks, both
commercial and government-owned, also referred to as the Plain Old Telephone System
(POTS)
The use of certain technologies to obtain a high degree of quality for VoIP systems
Device or software in a computer that determines the next network point to which a packet
should be forwarded on its way to its destination
An agreement between a customer and a service provider that guarantees an agreed level of
service delivery
Device that channels incoming data from any number of multiple input ports to the specific
output port that will take the data toward its intended destination
Avoidance of telephone company long distance telephone charges over the Public Switched
Telephone Network (PSTN)
The costs associated with making telephone calls over the PSTN
Method of using a telecommunication infrastructure, such as the internet, to provide remote
offices or individual users with secure access to their organisation's network
The delivery of voice services (such as local and international telephone calls) over a data
network using the Internet Protocol
Geographically dispersed telecommunications network
Use of eXtensible Markup Language to enable the conversion of text to spoken words
Voice over IP - Dec ipher and dec ide 19
Contact us
Egidio Zarrella
Global and Asia Pacific Partner in Charge
Information Risk Management
KPMG in Australia
+61 2 9335 7590
Peter McNally
Asia Pacific Leader
Security, Privacy and Continuity
Information Risk Management
KPMG in Australia
+61 2 9335 7987
Sean Choi
Asia Pacific Head
Information, Communications & Entertainment
KPMG in Korea
+82 2 2112 0300
For further information on the services offered by KPMG's Information Risk
Management or Information, Communications & Entertainment practices, please
contact:
20 Voice over IP - Dec ipher and dec ide
KPMG’s Information Risk ManagementRobert Goldberg
+61 2 9335 7728
John Barnes
+852 2978 8248
Iwan Atmawidjaja
+62 21 574 2333
Hiromi Iwashita
+81 3 3266 7617
Chang Soo Lee
+82 2 2112 0600
Huckhai Lim
+60 3 2095 3388
Graeme Sinclair
+64 4 802 1218
Jorge Ma. S. Sanagustin
+63 2 885 7000
Ho Wah Lee
+65 6213 2563
Richard Chen
+886 2 2715 9813
Chainarong Kaeowaranonchai
+66 2 677 2000
KPMG’s Information, Communications & EntertainmentBruce Phillips
+61 2 9335 8200
David Collins
+852 2826 7204
Istata Siddharta
+62 21 574 2333
Hideki Amano
+81 3 3266 7002
Sean Choi
+82 2 2112 0300
Nicholas Crist
+60 3 2095 3388
Ross Buckley
+64 4 802 1203
Jose Valencia
+63 2 885 7000
David Leaver
+65 6213 2538
Alfred Wei
+886 3 5782479
Somboon Supasiripinyo
+66 2 677 2000
Location
Australia
China/Hong Kong
Indonesia
Japan
Korea
Malaysia
New Zealand
Philippines
Singapore
Taiwan
Thailand
Leaders or Laggards? Australia's Broadband Future
Security Strategies - Adopting a strategic approach to security management
Asia Pacific Business Continuity Management Benchmarking Survey
Wireless Networking - Issues to consider
International Programme Management Survey
KPMG thought leadership publications
kpmg.com
© 2004 KPMG International. KPMGInternational is a Swiss cooperative of whichall KPMG firms are members. KPMGInternational provides no services to clients.Each member firm is a separate andindependent legal entity and each describesitself as such. All rights reserved. Printed inAustralia.
KPMG International is a Swiss cooperative that serves as a coordinating entity for a network ofindependent member firms. KPMG International provides no audit or other client services. Suchservices are provided solely by member firms in their respective geographic areas. KPMGInternational and its member firms are legally distinct and separate entities. They are not and nothingcontained herein shall be construed to place these entities in the relationship of parents, subsidiaries,agents, partners, or joint venturers. No member firm has any authority (actual, apparent, implied orotherwise) to obligate or bind KPMG International or any other member firm in any mannerwhatsoever, or vice versa.