A column I wrote here caused a bit of a stir over the past few days.
Here’s a brief recap:
Andy Abramson opined that Fonality, a Southern California-based developer of PBXes built on top of the open-source Asterisk PBX, is “better poised” to move Asterisk into the large enterprise world than Digium, the Alabama-based company that developed and maintains Asterisk.
I wrote that it’s hard to disagree with that assessment because Fonality does “an exceptional job of marketing” and I don’t predict well. But I expressed concerns about security issues inherently related to Fonality’s approach, which puts much of the product’s front-end functionality on Fonality’s servers, requiring a Virtual Private Network (VPN) connection between the customer’s premises and Fonality in order to access much of that functionality.
There’s no question that Fonality’s approach makes Asterisk easier to install and use, but the trade-offs related to security — namely, that, in most office networks (specifically, those that do not put the PBX on a separate subnet) the solution requires a potentially risky VPN connection back to Fonality, and that Fonality has access to call detail records and chat logs that a business may want to keep secret.
In fairness, there are two things I should correct from my initial post:
First, I wrote that “all chats are logged by the central server. Any sensitive IM information within and outside the office through the local box is available to Fonality.” This is not technically correct. Chats are logged on the local premises computer. However, such logs are accessible, therefore available, to Fonality through the VPN.
Second, I regret writing that “. . . Digium doesn’t require an outside computer to be listening in . . . ” Though not written with that intent, I can see how this can be construed as implying that Fonality has access to actual phone conversations, which it does not.
These two slight corrections notwithstanding, I stand by the conclusion that “Fonality may very well be a good solution for some businesses. But those concerned about keeping company secrets are probably better served by Digium’s offering.”
The issues raised in the mini-uproar that followed my column, can be summarized as follows:
1. The Voxilla Store carries “a number of PBXs, none of which are from Fonality.” (Fonality CEO Chris Lyman on VoIPSupply’s Garrett Smith’s blog, also reprinted in entirety in the comments section of my original post.).
2. A Fonality customer can disconnect and reconnect the VPN at will (Lyman on Smith’s blog).
3. “[E]very phone company in the world” keeps call detail records (CDRs) (Lyman on Smith’s blog).
4. Fonality needs the call detail records because the company’s “high-end reporting functionality,” if run on underpowered customer premises computers, “would spike those CPUs into a coma, effecting audio quality. Remember, these premise boxes are designed to pass great audio, not crunch thousands of call records in under a second.” (Lyman on Smith’s blog);
5. The differences between Fonality’s products and a stock Asterisk installation is that Fonality is a partially hosted solution. “All hosted services have to deal with the issues raised by Marcelo . . . ” but “[m]ost premises based services don’t have all the benefits hosted models offer, and may be less cost effective, but deliver greater control of customer data.” (Alec Saunders). Along similar lines, Dameon Welch-Abernathy wrote that “as an IT person, it is your job to do your ‘due diligence’ to find out exactly how any software you deploy might ‘phone home’ or do anything you don’t like.”
There were a few others, but ultimately void of original material: I sell Fonality and disagree with “with most of what Marcelo had to say” because I agree with Lyman. (VoIPSupply’s Garret Smith). And Marcelo’s portrayal is “inaccurate . . . [but] I’m going to stay out of that battle” and point you to Chris Lyman’s point-by-point rebuttal to Marcelo’s assertions.” (Tom Keating, in a fawning review of Fonality’s most recent offering, PBXtra Professional Edition).
As they don’t add much to the discourse, I’ll pass on Smith and Keating. I will take a stab at the others.
1. The Voxilla Store carries an internet communications server (email, IM, contacts, calendar and PBX) developed by Communigate Systems. The Voxilla Store also carries the Linksys SPA9000, a PBX-key system hybrid limited to a maximum of 16 extensions that does not include voice mail capability. Neither of these products is based on Asterisk, and the Voxilla Store does not carry a single item from Digium. The point of my column was that Digium may present a more secure option to business than Fonality. Pointing out that we carry other PBXes on the Voxilla Store is a thinly veiled accusation of self-interested bias, even though Voxilla has nothing to gain when I compare two products we do not carry .
2. Of course, as Lyman writes, a Fonality customer can shut down the VPN, enabling it only when a PBX configuration change is needed. Such steps add a layer of complexity and essentially cripple much of Fonality’s usefulness. And they do not eliminate the security issues raised. A VPN connection is still required to make configuration changes, which then opens up the on-premises computer (call logs, chat logs, etc.) and the network within which it resides. And whenever the VPN connects the local network to Fonality’s, the local network is only as secure as Fonality’s. For some businesses, this may not be an issue, but I suspect that, for many, it’s an important consideration.
4. The argument that Fonality needs to keep CDRs on its servers because on-premise computers are potentially too underpowered to parse them is just false. A record for a single call on an Asterisk PBX is about 200 bytes in length. In its press releases, Fonality claims the company currently services 1,300 customers with a total of 18,000 users. That’s an average of about 14 users per installation. Let’s exaggerate and say that, on average, each of those users makes and takes 1,000 calls (or about 40 a day). For any given month, then, the total size of the call detail logs for an average Fonality customer is about 7 megabytes, which any computer manufactured in the past 5 years can search and output results from in milliseconds.
5. In essence, Saunders and Welch-Abernathy are suggesting the same thing I originally wrote, though Saunders considers himself “an unabashed fan of hosted models.” As I wrote, and Saunders reiterated, the hosted approach has some advantages, including “ease of use.” But it does come with trade-offs.
I pointed out those trade-offs, Fonality CEO Chris Lyman chose to respond by asserting that what I wrote is “inaccurate” (and, on one count — in relation to where chat logs are stored — he is technically correct, though the security concern I raised still exists).
In the end, Lyman’s argument can be boiled down to this: What we do is no different than what the phone company does and “Fonality’s employees pride themselves on their ethics and it is an important part of our corporate culture.”
I have no reason to question Fonality’s ethics and nothing I wrote was meant to besmirch either Lyman or his employees. But Fonality’s offering is, in its very essence, a hosted PBX. In as much, it comes with certain risks that a business deciding between Fonality’s version of Asterisk and Digium’s version of Asterisk should be aware of.