I won’t dispute my friend Andy Abramson’s assertion, later echoed by the knowledgeable Ted Wallingford, that Southern California Asterisk front-end reseller Fonality is better poised to bring the open-source PBX into the large enterprise space than even Digium, the company behind Asterisk.
I won’t because I long ago gave up playing Swami in the unpredictable world of IP communications and because I can see that Fonality has done an exceptional job of marketing its product, its company and its CEO, Chris Lyman.
Still, I wonder whether Fonality is indeed the right solution for businesses — particularly those businesses concerned about security.
The company’s products include a $1,000 “Standard” Asterisk PBX and a $3,000 “Call Center” edition that features unlimited call queues, recording and other bells and whistles.
Each of the offerings packs a well-designed front end that makes the notoriously prickly Asterisk easier to use. But, unlike a stock Asterisk installation, Fonality’s offerings require a constant — and potentially worrisome — connection to the company’s own servers.
Though one can use Fonality’s products with any SIP- or IAX-based termination services provider, the company builds a Virtual Private Network (VPN) back to Fonality from all its installed PBXes.
Ostensibly, there are good reasons for this, particularly that all upgrades to the product occur seamlessly and with no need for operator interaction. Also, because all configuration changes to an installed PBX are made by logging into an account with Fonality’s servers, and those changes are then pushed back to the local PBX, the risks of operator error are somewhat mitigated.
But there is reason for concern. Ease-of-use comes with trade-offs.
First, because the link is over VPN, it is possible for someone at Fonality to enter the local PBX in a virtually undetectable manner. An unscrupulous employee can then run a network sniffer on the PBX and, if the local PBX computer is part of the office network (as is likely to be the case in most offices), the employee potentially has access to all the computers on the network.
Second, the level of information logged by and maintained on the Fonality server is staggering. The PBX comes with a built-in IM chat client and all chats are logged by the central server. Any sensitive IM information within and outside the office through the local box is available to Fonality.
The central server also maintains a log of all call detail records (CDR). Fonality uses the CDRs when its customers want to see a calling history (i.e.: all outgoing sales calls made by an employee, all incoming customer support calls, etc.).
It can be argued, of course, that the phone company has a list of those calls (but not inter-office calls) as well. But Fonality is a hardware and software vendor, not the phone company.
Fonality may very well be a good solution for some businesses. But those concerned about keeping company secrets are probably better served by Digium’s offering. It may be a bit harder to configure (though Digium is working feverishly to make Asterisk more user-friendly), but Digium doesn’t require an outside computer to be listening in and keeping track.