Hosted IP Threats - Next Excerpt from our State of Voice Security Report

Hosted IP is a VoIP deployment where the service provider hosts the IP PBX and other voice application servers. The enterprise simply deploys IP phones and softphones. This deployment offers the classic advantages and disadvantages over an enterprise-deployed IP PBX. However, unlike classic Centrex, Hosted IP can be delivered, expanded, and reduced much more quickly and cost effectively. 

From a security point of view, Hosted IP offers some advantages because the enterprise does not need to worry about securing the complex IP PBX, its devices, services, and supporting applications. This requires effort and expertise. However, the enterprise should still be concerned about threats such as eavesdropping and possibly malware delivered to softphones from the service provider. Also, the enterprise will now have many connections open to the service provider, which they will need to secure, especially if the Internet is used to deliver the Hosted IP service.

More importantly, the enterprise is just as vulnerable to voice application attacks, such as toll fraud, social engineering, harassing calls, voice SPAM, voice phishing, and TDoS, but now depends upon the service provider to address these threats. I included a figure below to illustrate this: