Fonality Bitten By A Red Herring
This evening a minor controversy exploded in the Asterisk community as first Marcelo Rodriguez took Fonality to task over the security of its hosted model, and then Fonality CEO Chris Lyman responded via a guest posting on Garrett Smith’s blog. Ken Camp weighed in with a “Tut tut, children” post, while ringmaster Andy Abramson waved his baton from the sidelines.Â
There are really just two issues here. First, can Fonality make their solution secure. Second, given that they are collecting information, how will they protect what they collect?
I don’t know the mechanism that Fonality uses to keep the link between servers and clients open. Earlier this week, in a conversation with Chris Lyman, I asked if it was a VPN (as Marcelo asserted) and was told that it is another mechanism.  I am going to posit that Fonality has the technical chops to make the link itself secure, and will vigilently monitor that technology to ensure it hasn’t been compromised. For a hosted services provider, that’s the cost of doing business.
The second issue is a policy and ethics issue, rather than anything technical. Chris asserts that his employees “pride themselves on their ethics”. Moreover, Fonality’s privacy policy makes the following statement:
Fonality provides a service where our customers upload and store their data on Fonality servers and equipment. Fonality does not review, edit, disseminate, or use this data in any way, except as may be required by law, or as outlined in our Terms of Use. Customer data or records may be viewed from time to time to handle a technical support request that is initiated by the client, or to resolve any other problem or technical issue. Additionally, individual records may be viewed if required so by law, or if there is a suspected Terms of Use violation.
This is a pretty clear indication of the commitment that Fonality is making to their customers. Could it be stronger? Sure, the policy could assert that customers own their own data, and that they have rights associated with that data. By and large, though, it’s clear that Fonality is committed to keeping private customer data private. Again, that’s the cost of doing business in a hosted model.Â
With all due respect to my friend Marcelo, the security issues he has raised are a throwback to big enterprise IT. They are expressions of the ongoing struggle between hosted and premises based services. All hosted services have to deal with the issues raised by Marcelo (indeed, we at iotum deal with these regularly), while providing superior usability, upgradeability, and maintainability. Most premises based services don’t have all the benefits hosted models offer, and may be less cost effective, but deliver greater control of customer data.Â
It’s a tradeoff every customer is faced with. Personally, I am an unabashed fan of hosted models.
November 6th, 2006 at 5:05 pm
[...] A Mini Fonality Furor A column I wrote here caused a bit of a stir over the past few days. Here’s a brief recap: Andy Abramson opined that Fonality, a Southern California-based developer of PBXes built on top of the open-source Asterisk PBX, is "better poised" to move Asterisk into the large enterprise world than Digium, the Alabama-based company that developed and maintains Asterisk. I wrote that it’s hard to disagree with that assessment because Fonality does "an exceptional job of marketing" and I don’t predict well. But I expressed concerns about security issues inherently related to Fonality’s approach, which puts much of the product’s front-end functionality on Fonality’s servers, requiring a Virtual Private Network (VPN) connection between the customer’s premises and Fonality in order to access much of that functionality. There’s no question that Fonality’s approach makes Asterisk easier to install and use, but the trade-offs related to security — namely, that, in most office networks (specifically, those that do not put the PBX on a separate subnet) the solution requires a potentially risky VPN connection back to Fonality, and that Fonality has access to call detail records and chat logs that a business may want to keep secret. In fairness, there are two things I should correct from my initial post: First, I wrote that "all chats are logged by the central server. Any sensitive IM information within and outside the office through the local box is available to Fonality." This is not technically correct. Chats are logged on the local premises computer. However, such logs are accessible, therefore available, to Fonality through the VPN. Second, I regret writing that ". . . Digium doesn’t require an outside computer to be listening in . . . " Though not written with that intent, I can see how this can be construed as implying that Fonality has access to actual phone conversations, which it does not. These two slight corrections notwithstanding, I stand by the conclusion that "Fonality may very well be a good solution for some businesses. But those concerned about keeping company secrets are probably better served by Digium’s offering." The issues raised in the mini-uproar that followed my column, can be summarized as follows: 1. The Voxilla Store carries "a number of PBXs, none of which are from Fonality." (Fonality CEO Chris Lyman on VoIPSupply’s Garrett Smith’s blog, also reprinted in entirety in the comments section of my original post.). 2. A Fonality customer can disconnect and reconnect the VPN at will (Lyman on Smith’s blog). 3. "[E]very phone company in the world" keeps call detail records (CDRs) (Lyman on Smith’s blog). 4. Fonality needs the call detail records because the company’s "high-end reporting functionality," if run on underpowered customer premises computers, "would spike those CPUs into a coma, effecting audio quality. Remember, these premise boxes are designed to pass great audio, not crunch thousands of call records in under a second." (Lyman on Smith’s blog); 5. The differences between Fonality’s products and a stock Asterisk installation is that Fonality is a partially hosted solution. "All hosted services have to deal with the issues raised by Marcelo . . . " but "[m]ost premises based services don’t have all the benefits hosted models offer, and may be less cost effective, but deliver greater control of customer data." (Alec Saunders). Along similar lines, Dameon Welch-Abernathy wrote that "as an IT person, it is your job to do your ‘due diligence’ to find out exactly how any software you deploy might ‘phone home’ or do anything you don’t like." There were a few others, but ultimately void of original material: I sell Fonality and disagree with "with most of what Marcelo had to say" because I agree with Lyman. (VoIPSupply’s Garret Smith). And Marcelo’s portrayal is "inaccurate . . . [but] I’m going to stay out of that battle" and point you to Chris Lyman’s point-by-point rebuttal to Marcelo’s assertions." (Tom Keating, in a fawning review of Fonality’s most recent offering, PBXtra Professional Edition). As they don’t add much to the discourse, I’ll pass on Smith and Keating. I will take a stab at the others. 1. The Voxilla Store carries an internet communications server (email, IM, contacts, calendar and PBX) developed by Communigate Systems. The Voxilla Store also carries the Linksys SPA9000, a PBX-key system hybrid limited to a maximum of 16 extensions that does not include voice mail capability. Neither of these products is based on Asterisk, and the Voxilla Store does not carry a single item from Digium. The point of my column was that Digium may present a more secure option to business than Fonality. Pointing out that we carry other PBXes on the Voxilla Store is a thinly veiled accusation of self-interested bias, even though Voxilla has nothing to gain when I compare two products we do not carry . 2. Of course, as Lyman writes, a Fonality customer can shut down the VPN, enabling it only when a PBX configuration change is needed. Such steps add a layer of complexity and essentially cripple much of Fonality’s usefulness. And they do not eliminate the security issues raised. A VPN connection is still required to make configuration changes, which then opens up the on-premises computer (call logs, chat logs, etc.) and the network within which it resides. And whenever the VPN connects the local network to Fonality’s, the local network is only as secure as Fonality’s. For some businesses, this may not be an issue, but I suspect that, for many, it’s an important consideration. 3. Yes, phone companies keep call detail records, but Fonality is a PBX company, not a phone company. When I make a cell phone call over the Cingular network, I am aware that Cingular is keeping a record of that call. But phone companies like Cingular (and AT&T, Verizon, etc.) are regulated, both at the federal and state levels. A PBX company is not regulated. The only protection a Fonality customer has is the company’s rather weak Privacy Policy. It states: "records may be viewed if required so by law, or if there is a suspected Terms of Use violation." Only Fonality, not its customers, determine if there is a "suspected Terms of Use violation." 4. The argument that Fonality needs to keep CDRs on its servers because on-premise computers are potentially too underpowered to parse them is just false. A record for a single call on an Asterisk PBX is about 200 bytes in length. In its press releases, Fonality claims the company currently services 1,300 customers with a total of 18,000 users. That’s an average of about 14 users per installation. Let’s exaggerate and say that, on average, each of those users makes and takes 1,000 calls (or about 40 a day). For any given month, then, the total size of the call detail logs for an average Fonality customer is about 7 megabytes, which any computer manufactured in the past 5 years can search and output results from in milliseconds. 5. In essence, Saunders and Welch-Abernathy are suggesting the same thing I originally wrote, though Saunders considers himself "an unabashed fan of hosted models." As I wrote, and Saunders reiterated, the hosted approach has some advantages, including "ease of use." But it does come with trade-offs. I pointed out those trade-offs, Fonality CEO Chris Lyman chose to respond by asserting that what I wrote is "inaccurate" (and, on one count — in relation to where chat logs are stored — he is technically correct, though the security concern I raised still exists). In the end, Lyman’s argument can be boiled down to this: What we do is no different than what the phone company does and "Fonality’s employees pride themselves on their ethics and it is an important part of our corporate culture." I have no reason to question Fonality’s ethics and nothing I wrote was meant to besmirch either Lyman or his employees. But Fonality’s offering is, in its very essence, a hosted PBX. In as much, it comes with certain risks that a business deciding between Fonality’s version of Asterisk and Digium’s version of Asterisk should be aware of. __________________ Marcelo Rodriguez VOXILLA [...]
November 30th, 2006 at 3:14 pm
This entire rabble over the security issues is interesting, but missed a fundamental issue with Fonality… While making Astrix easy to use and deploy it also renders it non-stable and puts you completely at the mercy of a company who has proven (at least to my company) that it can’t handle the responsibility of building, service, and supporting mission critical system such as phones. Security is a non-starter if they do not fix there quality issues. We have had 6 major phone failures in the last 12 month, everyone cause directly by some action on fonality’s part. It can take hours to get assistance when the phone systems are down, and never once has the DR system worked correctly. After 14 months since our deployment and having given fonality every benefit of the doubt, we are looking for other vendors.
December 4th, 2006 at 12:59 pm
Crusecom Technology Inc, located in Oscoda, Michigan provides call center operations with the Fonality Call Center PBXtra. We average approximately 3000+ calls per day, the calls are less than 2 minutes in duration and are process with an average of 27 CSR on staff.
By reviewing and analyzing our technical solution, Crusecom has been able to exceed our client expectation in areas of client satisfaction, call volume and reporting. The Fonality support services for the application and hardware has by far exceeded my expectation and we look forward to new opportunities and challenges with new and current client utilizing the Fonality products and services. Though we were concerned at first over security, we now consider and see that Fonality provides the additional Professional Services we require as a small company.
The cost to maintain a full blown backup system, IT staff and management would be overwhemling. We are able to provide our client with a our services and solution base don the support and maintenance that Fonality provides.
Without their support - it would be extremely difficult to manage the asterick environment.,
We would recommend Fonality to any organization that is moving forward with expanding their operation and moving toward a fully supported VoIP solution.
Art Cruse
President/CEO
http://crusecom.com
December 4th, 2006 at 3:56 pm
We love this system- it saved our company over $50k to purchase and install. We are about to grow again and look to finally have our London office up and running on this system soon. We have only had 1 issue that was caused by a Fonality update - it was resolved within 15 minutes. All support is quick and effective - I have never had any issues with any of the service from my Fonality Team.
S Richardson
HR — Quickoffice, Inc.
April 13th, 2007 at 3:33 am
[...] Alec Saunders - Fonality Bitten By A Red Herring [...]