Remote working has exponentially increased awareness about SBCs in the VoIP world. Now, a lot more people know what an SBC is and where it is used. The adoption of 5G is also driving a macro change in the telecom service provider space. As they upgrade their core network to support 5G, they are also nudging their enterprise customers to move to SIP. This means that thousands of media gateways out there will soon be replaced with SBCs. Today about 50% of US customers use SBC for SIP Trunking, a number that is expected to reach 100% in the next 3 years. But this awareness is yet to translate into the world of SBC security. But why exactly should a security device like the SBC be secured?
Read on to find out. But before that, let’s look at how companies procure and install SBCs.
1. SBCs come along with a UC/CC solution
The software and license are given as an entitlement as part of a combo deal, with no $$ attached to it. Leaders like Cisco and Avaya provide one SBC channel license for 7 to 8 users. So, if you purchased 20,000 user licenses from Avaya, you would receive approx 2850 SBC channel licenses. Voila! You have a spanking new security guard for your perimeter. All for free!
2. SBCs are given by Telecom service providers
Moving customers from ISDN or PRI to SIP saves the Telecom service provider 50% cost. Therefore, they love it when you move to SIP. And they want to accelerate the move. It will help them get more margins and is less of a headache to maintain cables running around the country or city. Many providers offer free SBCs along with their service.
3. SBCs are sometimes purchased
In some cases, customers purchase SBCs either for additional capacity needs, or when they have a corporate standard to stick to, and what they have obtained as entitlement may not meet the standard.
Why SBC security matters
The SBC, just like a firewall, is a security device. It sits on the perimeter and ensures only authorized connections are allowed. But someone needs to secure the security system! SBC is like the fence of your communication network. It does a lot of heavy lifting in protecting your network from getting attacked. But wouldn’t you want to know if the SBC itself is being attacked? If there are any holes (in the configuration)? If anyone is getting through?
SBCs are complex pieces of software, and it is easy to misconfigure them. Also, many of the capabilities that SBCs provide are switched off by default. Know what to enable, and how to configure it – these are the little details that make the difference between an ‘almost secure’ and a ‘super-secure’ perimeter!
The Cost of SBC Security
Getting an SBC might be free, but using it has a cost – configuration, integration, security, and management – these are the overheads. So, how much should you pay for SBC security?
Going back to the fence analogy. If the SBC is the fence of your system, to truly secure your system, you’d need to invest in making the fence stronger, and keeping an eye on it to detect intrusion attempts, something a CCTV camera can help you do.
The CCTV is not to protect the fence, but to protect the contents inside your farm. The cost of a CCTV setup may be many times that of the fence, not a fraction of it.
So, the way to look at it is, what is the risk it is protecting me against? The risk of loss is the sum total of the value of the farm, its contents, your safety and privacy. If the cost of the CCTV is a fraction of this “risk”, then it makes sense to invest in it.
On the same lines, when you think about investing in securing your VoIP perimeter, you need to know the costs associated with the risks that such SBC security protects you from. Check out our article on the real cost of not investing in SBC security.