Rawpixel - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What VoLTE security risks should enterprises be aware of?

Mobile devices are coming enabled for VoLTE for voice and video calling, but what are the risks? Network security expert Kevin Beaver explains.

Mobile devices are now enabled for Voice over LTE for voice and video calling. While beneficial to users, what security impact could this trend have on the enterprise network? Are there any additional security measures we should adopt to mitigate potential risks?

Voice over LTE (VoLTE) is a way to utilize the data-only LTE cellular protocol for actual voice transmission. It's a Voice over Internet Protocol (VoIP)-like transmission inside the cellular network that sends voice calls over LTE via IP packets as if it were regular data. This begs the question whether these packets are exposed at any point along the communication stream. The way I understand it, LTE data packets are encrypted between the mobile device and its base station, but anything beyond that is fair game.

What are the VoLTE security risks? Given its young age, we've yet to see anything significant. I'm sure that will change, as the technology is further adopted in the enterprise. One thing I can think of is voice privacy -- keeping government snoops out of enterprise business. Obviously, if there is no true end-to-end encryption, then voice calls are just as vulnerable to prying eyes as they are on most other mediums.

If VoLTE appears to be on the horizon for your business, you might consider analyzing your current voice and data usage, determining how voice over the LTE network could impact your business, and incorporating this technology into your security policies and procedures. For instance, you might include this technology in the scope of your mobile/travel and acceptable usage policies so your users understand what's at stake.

That being said, the pragmatist in me doesn't see any reason to be overly concerned about this for the time being. Most enterprises are struggling to keep up with the basic security principles that have been around for decades. Attempting to control yet another set of systems in your environment that we know little about is certainly not going to make things better -- unless you can justify doing so.

Ask the Expert:
Have a question about network security? Send it via email today. (All questions are anonymous.)

Next Steps

Don't miss these five VoIP security recommendations

This was last published in July 2015

Dig Deeper on Wireless network security