When people speak about data security within the enterprise, VoIP rarely comes up as a front-burner issue. But ComputerWorld reminds us that this might be a mistake, a potentially disastrous oversight. PCI standards require strong cryptography and security such as SSL/TLS or IPSEC "to safeguard sensitive cardholder data during transmission over open, public networks."

That suggests that VoIP calls that cross the open Internet ought to be encrypted if credit card numbers are discussed. HIPAA requires secure electronic health information, which "relates directly to recorded calls and digitally stored voice mail, part of any VoIP system," notes ComputerWorld.

Some companies are coming around to this threat. The FDIC has published VoIP guidelines to protect customer data that might traverse IP voice networks. Going forward, as voice and video over the Internet step up, companies will have to address this, either internally or via a third-party.

Companies need to think through the whole panoply of issues--security, storage, specific statutes and the like. GRC vendors are just now waking up to this. We'll likely see some detailed product offerings over the next few years.

For more:
- here's the article

Related Articles:
Sentencing guidelines spell out compliance best practices
Grappling with cloud security issues
VoIP companies among the fastest growing in the Inc. 5000
Security and compliance still the focus of IT spending