CEO Spotlight

Stopping the Bad Guys: VoIPshield's High-Octane CEO Explains the Value of VoIP Security

By Paula Bernier, Executive Editor, TMC  |  April 14, 2015

We have all read about the ongoing and increasingly large events involving data loss at large corporations. Customers of companies that experience these breaches will increasingly demand action, and companies that continue to fail to implement appropriate safeguards will be at risk of a reduced customer base.

Until VoIP is routinely included in the dialogue, companies are unnecessarily exposing themselves to one more path for bad actors to exploit. By working diligently to create security solutions, and partnering with one of the world’s largest security solution providers, VoIPshield Systems (News - Alert) is helping companies address this important security area.

Rob Gowans, CEO of VoIPshield Systems, recently spoke with INTERNET TELEPHONY to elaborate on that strategy, and to reveal a bit about himself, his team, and their role in the effort.

You have been involved with 11 startups, three of them Silicon Valley-back entities for which you served as CEO. What are some of your most memorable experiences from that time, and what did you learn?

Gowans: What I love about business is that it is never dull. If you love predictability and stability, then stay away from business and especially start-ups. But I love the ride, and I love the feeling that I can create something incredible with the team and resources that a good business provides. I’ve learned that with lots of practice and careful risk assessment and planning, people can achieve much more than they think they can. You need to create your reality. If it’s not there, figure out a way to make it. You’re going to have a lot of stress and moments where you feel you’re on the brink; how you pull through this is what determines how cut out you are to be an entrepreneur. It sounds cliché, but you have to find a way to stay positive and motivated and high-octane every day for yourself as well as your team. And you have to do this while also being honest with yourself with how things are going – not in a negative way, but so that you know when it’s time to change gears so you can stay ahead.

Now you are at the helm of VoIPshield Systems Inc. What brought you here?

Gowans: I have a passion for communications technology that I developed working for Teletech Systems in 1984; it is a space I find personally very interesting. Since 2010, adoption rates for VoIP have exploded, and this rapid shift to VoIP in the marketplace has created a very large new security risk in the marketplace and therefore a huge opportunity to address that risk. VoIPshield represented the perfect opportunity to combine my passion in a new and emerging space, exactly the stuff I love doing.

For those not familiar with VoIPshield, what does it sell and to whom?

Gowans: We sell peace of mind to system administrators. The VoIP system is one known attack vector where, among other things, login credentials can be obtained and then used to steal personally identifiable information, including credit card and banking information. We provide products that help companies reduce this kind of risk. When a network is hacked, the first thing that customers ask is what did the company do to protect their data. Information security professionals recommend that system administrators audit their network at least once per month and every time there are significant administrative changes, such as employee layoffs. By installing VoIPaudit and running it on a regular basis, companies can easily comply with this recommendation for their VoIP systems.

Tell us more about VoIPaudit.

Gowans: Our VoIPaudit product is a very easy to use solution that allows information security professionals to quickly evaluate any given Cisco Unified Communications (News - Alert) Manager or Avaya Aura VoIP network for vulnerabilities. VoIPaudit looks for issues that are inevitably created over time due to configuration and administration practices and then provides detailed specific steps that can be taken to remediate the issues identified. Why should people care? Simply put: We save our customers money – lots of it in fact.  By reducing the probability of toll fraud and by ensuring compliance with a number of security standards, we both help companies proactively reduce losses and provide a path to avoid industry fines for lack of standards compliance for companies where such compliance matters.

VoIPshield also offers VoIPguard Technology. What’s that?

Gowans: Whereas VoIPaudit focuses on configuration and administration issues, our VoIPguard Technology is designed around real-time intrusion protection. VoIPguard Technology is now designated by the Intel Security Group as McAfee (News - Alert) compatible and is being designed into a number of their network security platforms. McAfee products, with VoIPguard Technology included, will do for VoIP what firewalls and virus protection solutions have done for traditional computer systems and networks: identify and stop bad actors before they can impact the business. VoIPguard Technology checks the SIP channel for all kinds of suspicious and malicious behavior and can be configured to shut such behavior down. For example, in mission-critical areas like 911 call centers, VoIPguard Technology can stop telephony denial of service attacks that otherwise could impair critical functions.

What are your big initiatives at the company?

Gowans: Our biggest initiative is the ongoing work we are undertaking with McAfee.  McAfee is actively engaged with major telcos and cable providers, which are increasingly concerned with VoIP security as they transition to VoLTE on their networks.  Our other major initiative is our ongoing engagement of the IT audit community to incorporate our products into their professional services offerings.

Tell us more about the VoIPshield relationship with security giant McAfee.

Gowans: We have been working very closely with McAfee since last summer to engage the world’s largest telecommunications companies to demonstrate and address the new security vulnerabilities associated with the transition to VoIP. McAfee recognized it was important for its products to become VoIP aware so its security solutions would address all areas of potential intrusion. In addition, we are integrating VoIPaudit into the McAfee ePolicy Orchestrator, allowing the enterprise customer to engage VoIPaudit functionality directly from the McAfee ePO Console. With more than 30,000 existing enterprise customers globally, this represents a tremendous opportunity for us to scale our business. In October 2014, VoIPshield was selected to be part of the Intel (News - Alert) Security/McAfee Security Innovation Alliance. To date we have achieved McAfee compatible status for our VoIPguard Technology, and as of this interview we have nearly completed the same certification for VoIPaudit integration into the McAfee ePO. We are very excited about the future with McAfee. Being designated as McAfee compatible together with the SIA Program gives us access to an enormous sales force to evangelize our solutions to a very large established market.

What kind of results have you seen from your work with VoIPshield so far?

Gowans: Largely because of the way VoIP has developed over time, including the gradual integration of VoIP into basic business applications, VoIP has slowly evolved to become a possible intrusion vector for bad actors. However, since VoIP is often viewed as just telephony, it has tended to remain a blind spot for information security professionals. In every implementation so far, VoIPaudit has uncovered significant issues relating to security and standards compliance. For example, in our largest implementation to date, our customer had 8,000 VoIP users in its network. VoIPaudit showed that due to this company’s admin and config practices, it had more than 90,000 identified issues in the network that were contributing to potential risk in its VoIP system. This was an immensely validating engagement for our platform. The nature of the vulnerability is such that a company wouldn’t even know that it had been hacked. It’s that bad.

What are your goals and targets for VoIPshield further afield?

Gowans: Our McAfee engagement will continue to be a significant focus for the foreseeable future – both as a path to accelerate our market penetration, but also as a vehicle to improve and enhance our product offering. McAfee engineers are truly world class, and we gain so much from each of our engagements. Like with data security, bad actors are always looking for new and creative ways to hack into VoIP systems. We try to stay ahead of them by looking for new and unexploited vulnerabilities ourselves. Finding and developing solutions for these vulnerabilities will remain a significant focus for us. Perhaps our biggest goal for the future is to make the information security community at large aware that VoIP has become an area of concern and addressing it must be a part of their security practices. In short we want to eliminate the blind spot.

What excites you most about your job?

Gowans: Stopping the bad guys! As we have seen through the daily press stories, there is no shortage of bad actors out there. I love the idea that our products throw a wrench in their works, laying waste to months of development work and foiling their plans to steal from others.

What do you find most interesting about what’s going on in the industry in which VoIPshield is a player?

Gowans: You have to always try to stay one step ahead of the hackers. They’re smart, and they work 24/7, and they adapt to the safeguards you bring into the company. That is why we tell our clients you need to be auditing your network constantly, and that’s why when you buy VoIPaudit you can run it as many times as you like at no extra charge.

VoIP has dramatically increased the ability of teams to work collaboratively from remote environments by providing tools to enable this at a very reasonable cost. What security challenges has that created?

Gowans: It has increased the risk to the enterprise because these applications are connected to enterprise networks, and they are not being monitored. Because security is not sexy for many C-level executives and is actually very technically complicated, a lot of people in the security industry are finding it difficult to communicate with the decision makers in companies about these threats – even with all the high-profile hacks we have seen. You can’t just set up a security system and walk away. You have to be continually updating it, because hackers are always finding new ways to exploit the system.

While you’re not working, I understand you enjoy high-octane pursuits such as motorcycle racing, and skydiving. How do these leisure time activities reflect your personality and management style?

Gowans: This is not the kind of question I often get asked, but I love it. As I’ve aged and gained more responsibilities, I find I am willing to take fewer risks with my life than I used to. I don’t skydive or race anymore, although I still ride as hard, often, and fast as I can. There is something very exhilarating and freeing about being out there and vulnerable, completely in control of your destiny. Those two pursuits uniquely taught me that with lots of practice and careful risk assessment and planning, people can achieve much more than they think they can. It is important to allow your employees the freedom to explore and test their abilities, but in a controlled and planned way.

How would you describe your management style?

Gowans: I try to start with motivation. I am a glass half full – or maybe even a glass totally full – guy, and I always encourage the team to reach far beyond what is reasonable. In doing so, I know they will exceed their own expectations. With our small, high-quality team, my preference is to set aggressive goals and then get out of the way.  If people are given the leeway they need to get the job done, I have found that wonderful things can happen. This requires that people deliver on their commitments.

What is the one thing you want people to know about VoIPshield?

Gowans: That’s easy. VoIP security matters, but don’t worry, we’ve got you covered.

Edited by Dominick Sorrentino