But how will this phenomenon affect the information security field? From a long-term perspective, it can benefit security professionals the same way it benefits networkers -- it provides a single place to look for vulnerabilities, control gaps and security opportunities. However, in the short term, there are a number of security issues to tackle, some of which are outlined below.
The first issue is inherent to the technology's benefit -- it consolidates communications onto a single media. Think of it as the proverbial putting all of your eggs in one basket. While it's a grand idea to conserve bandwidth and consolidate equipment by converging disparate media, the confidentiality, integrity and availability risks inherent in this convergence must be examined. Consider what would happen to your organization's current business continuity plan. Do you currently pick up the phone and notify the on-call engineer to handle a "network down" emergency in the middle of the night? If so, this would have to be revised, since the telephone, and possibly the engineer's mobile phone, all depend upon the very network that's down. Therefore, with convergence, extra attention must be paid to the available options for "out-of-band" communication in the event of an emergency.
Quadplay also brings a wide array of new technology devices. There are networked VoIP telephones, streaming media to mobile devices and many other convergent innovations (some of us even have networked coffee makers). This explosion of new technology though brings with it a great deal of early adopter risk. Security professionals know all too well that early plunges often sacrifice security in exchange for functionality and/or speed-to-market. And, with this wave of new product releases, there will most likely be a wave of security bulletins, hotfixes and critical patches to follow.
Finally, moving toward quadplay will move away from some well-trusted technology, specifically, the plain old telephone service (POTS) network, which has worked well for decades. While POTS may be reaching the end of its useful life, don't underestimate the value of years of institutional knowledge. Engineers and technicians understand this network inside-out. Comparatively speaking, it's simple and gets the job done. If your organization decides to embrace quadplay, it would be wise to leave some substantial POTS infrastructure in place for at least a few years, just in case.
What's the bottom line? Quadplay is definitely a good thing. Convergence can only benefit security professionals as it reduces the overall complexity of systems and enables the ability to focus on confidentiality, integrity and availability efforts. Though security professionals must be prudent and move toward this digital convergence with an open mind, there's no reason to avoid quadplay.
About the author:
Mike Chapple, CISA, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine, and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.
This was first published in October 2006