Others, however, might not want to take that risk. The NIST report discourages the use of soft phone systems where security and privacy are a concern. "Worms, viruses and other malicious software are extraordinarily common on PCs connected to the Internet and very difficult to defend against," the report states.
The NIST report also warns that even if those deploying VoIP systems follow all of the recommendations by installing firewalls and intrusion detection systems and encrypting their voice traffic, they will still need locks and security guards to make sure attackers don't get access to the servers.
Heller agrees. "It's important with VoIP that you don't forget about the actual physical security of your voice servers," he says. While his legacy PBX system was housed in two large cabinets, the VoIP system uses a total of 50 voice servers to achieve complete redundancy. They are located in locked facilities, and only a few select people have access.
"VoIP has a lot of advantages, but there is no question it puts your voice system at greater risk," says Heller. "You've got to watch out for new dangers."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.