≡ Menu

Fonality Bitten By A Red Herring

This evening a minor controversy exploded in the Asterisk community as first Marcelo Rodriguez took Fonality to task over the security of its hosted model, and then Fonality CEO Chris Lyman responded via a guest posting on Garrett Smith’s blog.  Ken Camp weighed in with a “Tut tut, children” post, while ringmaster Andy Abramson waved his baton from the sidelines. 

There are really just two issues here.  First, can Fonality make their solution secure.  Second, given that they are collecting information, how will they protect what they collect?

I don’t know the mechanism that Fonality uses to keep the link between servers and clients open.  Earlier this week, in a conversation with Chris Lyman, I asked if it was a VPN (as Marcelo asserted) and was told that it is another mechanism.  I am going to posit that Fonality has the technical chops to make the link itself secure, and will vigilently monitor that technology to ensure it hasn’t been compromised. For a hosted services provider, that’s the cost of doing business.

The second issue is a policy and ethics issue, rather than anything technical.  Chris asserts that his employees “pride themselves on their ethics”.  Moreover, Fonality’s privacy policy makes the following statement:

Fonality provides a service where our customers upload and store their data on Fonality servers and equipment. Fonality does not review, edit, disseminate, or use this data in any way, except as may be required by law, or as outlined in our Terms of Use. Customer data or records may be viewed from time to time to handle a technical support request that is initiated by the client, or to resolve any other problem or technical issue. Additionally, individual records may be viewed if required so by law, or if there is a suspected Terms of Use violation.

This is a pretty clear indication of the commitment that Fonality is making to their customers.  Could it be stronger?  Sure, the policy could assert that customers own their own data, and that they have rights associated with that data.  By and large, though, it’s clear that Fonality is committed to keeping private customer data private.  Again, that’s the cost of doing business in a hosted model. 

With all due respect to my friend Marcelo, the security issues he has raised are a throwback to big enterprise IT.  They are expressions of the ongoing struggle between hosted and premises based services.  All hosted services have to deal with the issues raised by Marcelo (indeed, we at iotum deal with these regularly), while providing superior usability, upgradeability, and maintainability.  Most premises based services don’t have all the benefits hosted models offer, and may be less cost effective, but deliver greater control of customer data. 

It’s a tradeoff every customer is faced with. Personally, I am an unabashed fan of hosted models.

{ 3 comments… add one }

  • Njal Larson November 30, 2006, 11:14 am

    This entire rabble over the security issues is interesting, but missed a fundamental issue with Fonality… While making Astrix easy to use and deploy it also renders it non-stable and puts you completely at the mercy of a company who has proven (at least to my company) that it can't handle the responsibility of building, service, and supporting mission critical system such as phones. Security is a non-starter if they do not fix there quality issues. We have had 6 major phone failures in the last 12 month, everyone cause directly by some action on fonality’s part. It can take hours to get assistance when the phone systems are down, and never once has the DR system worked correctly. After 14 months since our deployment and having given fonality every benefit of the doubt, we are looking for other vendors.

  • Art Cruse December 4, 2006, 8:59 am

    Crusecom Technology Inc, located in Oscoda, Michigan provides call center operations with the Fonality Call Center PBXtra. We average approximately 3000+ calls per day, the calls are less than 2 minutes in duration and are process with an average of 27 CSR on staff.

    By reviewing and analyzing our technical solution, Crusecom has been able to exceed our client expectation in areas of client satisfaction, call volume and reporting. The Fonality support services for the application and hardware has by far exceeded my expectation and we look forward to new opportunities and challenges with new and current client utilizing the Fonality products and services. Though we were concerned at first over security, we now consider and see that Fonality provides the additional Professional Services we require as a small company.

    The cost to maintain a full blown backup system, IT staff and management would be overwhemling. We are able to provide our client with a our services and solution base don the support and maintenance that Fonality provides.

    Without their support – it would be extremely difficult to manage the asterick environment.,

    We would recommend Fonality to any organization that is moving forward with expanding their operation and moving toward a fully supported VoIP solution.

    Art Cruse
    President/CEO http://crusecom.com

  • S Richardson December 4, 2006, 11:56 am

    We love this system- it saved our company over $50k to purchase and install. We are about to grow again and look to finally have our London office up and running on this system soon. We have only had 1 issue that was caused by a Fonality update – it was resolved within 15 minutes. All support is quick and effective – I have never had any issues with any of the service from my Fonality Team.

    S Richardson
    HR — Quickoffice, Inc.

Leave a Comment