VoIP Security: When is a PBX not a PBX?

With the rise in popularity of VoIP telephone systems, and more specifically Cloud based “Hosted” phone systems, there is an increasing concern over their security.

Companies have always been accepting of the fact that whilst their calls could be “tapped”, the hassle someone would have to go through outweighed the risk. It does still happen and those companies whose conversations really must remain secret put special (normally expensive) measures in place to protect themselves.

Historically, business telephony has been split. You have a PBX in your office – the “phone system”, and you have your external lines, be they ISDN or analogue. The “P” in PBX stands for Private. That means that all calls between handsets attached to that system remain private, or at least remain on the company network and never leave your building. If they do, it’s across private networks to another system within your control. However, if you make an external call to someone outside your organisation calls were passed by the PBX, over the ISDN or analogue lines to the PSTN. The “P” in PSTN stands for public. That’s the good old public telephone network, generally provided by BT in the UK. So, it is generally accepted that internal business calls are private and external ones may not be.

How is Hosted VoIP different? Well, the fact it is hosted in the cloud normally means it is accessible via the PUBLIC internet. This means that ALL calls, both internal and external are now being transmitted over public networks. There are very few commercial hosted VoIP providers offering call encryption which is where potential problems arise. Take your “Road warriors”. They are sitting in their hotel rooms or airport lounge, chuffed at the fact they can talk to their office-bound colleagues for free on their internal extension. The fact is that with a laptop and some free software, chances are that anyone else in that hotel or lounge can intercept and record their calls with very little effort.

All that said, Hosted VoIP is not all bad. For many, the convenience, ease of setup and cost savings far outweigh the risks from potential eavesdroppers. The risk is not really much higher than it ever was, it’s just changed focus. For those more concerned, many of the benefits of a Hosted VoIP platform are still available on a private hosted PBX which can even reside on customer sites or within their own Virtual infrastructure. Coupled with VPN access for remote users, additional business continuity benefits and advanced fraud detection, the features and benefits are now making this type of system a very easy choice for those looking to upgrade from legacy systems.

Here at Pond, we’re currently researching and testing our next generation Hosted VoIP platform, which is fully encrypted end to end for internal or “on-net” calls. This system will be a game changer for the security of voice calls. It will provide all the benefits, cost savings and convenience of Hosted VoIP but with the security normally associated with military or government systems. This may even come along just in time for the new General Data Protection Regulations (GDPR) coming into force within the next 18 months.


We have recently launched a brand new hosted voice package. You can find more information about Voice.plus here: http://ow.ly/WKKQ306KPsp or you can contact our sales team directly on 020 3301 9050 or email us on sales@pondgroup.com.

You can also find us on social media: FacebookTwitterGoogle+ and Linkedin.