Mitel Thinks Knowledge is a Risk
Posted: Jan 27, 2017
Recently, Mitel posted to their corporate blog the Six Major Risks of Open Source Phone Systems. I love when companies do this sort of scare tactic piece and, like many others I’m sure, I clicked the bait and read their article…
Before going off on the piece, please allow me to present the (according to Mitel) six MAJOR risks of open source phone systems:
- Product roadmap
Now, the only one which sounds like a risk to me is Security… so let’s attack that one first.
Mitel implies that open source software in inherently insecure and that this insecurity is a major risk to you:
Anyone with a computer and a little time can simply download the same source files you did and dig through them for vulnerabilities.Experts at Mitel
The counter to this implies that proprietary software, like Mitel, is safe because people cannot find the vulnerabilities.
In reality, all software has vulnerabilities… and proprietary, closed source systems (like Mitel) also have vulnerabilities that are exploited in the real world. In fact, if you take a look at any CVE database, you’ll find a tremendous amount of proprietary software with vulnerabilities.
Mitel itself had vulnerabilities allowing denial of service, hijacking of sessions, and release of sensitive information (such as usernames and passwords).
Open source handles security transparently; in the open. You can review the comments, discussions, and bug fix requests from a project to see how the software team handles security concerns.
What happens when a vulnerability is found? With proprietary systems, like Mitel, you need to (1) have an active subscription/license/whatever to get the update and (2) wait until the company releases the update.
With open source systems, you can fix it yourself or wait for a patch to be released. Luckily, with open source, anyone with the ability can help fix the vulnerability.
The bottom line with Security, is that if you’re depending solely on your software to handle all of your security, then there is no difference– vulnerabilities will happen and you’ll need to wait for it to be fixed.
With an open source phone system, your IT team will need to have a more-than-advanced knowledge of how to install and configure all the necessary components to bring the system to life.Experts at Mitel
What a load of crap. Seriously, this statement reeks so strongly of bullshit, that even cows asked for a courtesy flush.
Here’s the “more-than-advanced” knowledge you need to install FreePBX:
- Download software
- Load software onto a DVD, CD, or USB drive
- Select a computer
- Load software
- Use FreePBX
Here’s the “more-than-advanced” knowledge you need to install FreeSWITCH:
- Add the Freeswitch repo to the sources
- Run apt-get update
- Run apt-get install -y freeswitch-meta-all
- Use FreeSWITCH
Not using linux? Download the windows installer and double click on it.
With Kamailio, Asterisk, FreePBX, etc. there are easy to read tutorials, you tube videos, and more to help you install, configure, and work with the software.
Now, how do you install Mitel? Well, here’s an example manual. Go for it. Of course you’ve now bought the system, so if you don’t like it… well, enjoy it! With open source, try it and go from there.
Knowledge is not a security risk. Knowledge is an attribute, and open source software encourages you to gain knowledge; providing tools, communities, and examples to help you on the way. With proprietary systems, money talks.
I’ve worked as a VoIP consultant for over 15 years. I’m the first to agree that telephony support sucks. This isn’t an open source problem. This is an industry problem that many of us have worked hard to change.
To be crystal clear on this, you will find no difference in support for open source systems than Mitel. It’s a challenge, but it’s not a risk– and certainly not a MAJOR risk.
My biggest problem with providing support is that most clients don’t need support once the open source system is deployed. Additionally, because they’ve (insert sarcastic tone here) overcome the major risk of knowledge, my clients generally tend to make the simple changes themselves.
I’ve also gained new clients due entirely to the lack quality of proprietary support for systems like Mitel, Avaya, Cisco, and others. Clients “absolutely hate” how the support is handled, with most common complaints being cost, lack of feature, licensing, etc. This hatred provides me with new clients.
Mitel implies that open source projects cannot be trusted.
No one is held responsible for putting out correct information about how the product works.Experts at Mitel
This statement makes no sense. Each person is held accountable for their contributions. Unlike proprietary systems (like Mitel), with open source there’s no financial incentive to put out incorrect information.
Bottom line: I would like to see more professional support for all of telecom; but this isn’t a risk for open source phone systems.
Mitel believes that open source phone systems pose a MAJOR risk because they are not held accountable for the direction of which the product is going.
I’ll wait while you try to grasp this concept.
If you search for Asterisk Roadmap, you’ll find… the Roadmap for the Asterisk Project. There’s a Roadmap to 5.0 for Kamailio. FreeSWITCH hosts a weekly conference call discussing what’s going on with the project.
All of these open source projects discuss their roadmaps in the open; feeding off the needs and requests of users.
Now, search for Mitel roadmap and you’ll find press releases and articles about Mitel failing to deliver.
With open source, there’s no pressure to buy new licensing for an upgrade, just to get that “new, awesome feature.” Instead, if you want a new feature, you add it.
The bottom line here? Product roadmap for open source is a benefit not received from closed source products.
One of the major BENEFITS of open source is that it can be customized. This allows your phone system to enhance your business model or needs.
Most customization doesn’t require programming ability… instead it’s something as simple as “we use [XYZ] for CRM, can we integrate our phone system to it?”
Again, here we have a major benefit being touted as a risk. Worse yet, Mitel says:
When you take an honest look at the customization needs of your business, you’ll most likely uncover that many needs are actually wants. And there’s a good chance you can save more money simply redesigning a business process than it would cost to support those customization wants.Experts at Mitel
I laughed at that quote and then I had to listen to the Stones say it more eloquently.
In fact, maybe Mitel should license the Stones for a commercial. I can see it now… Business person has a great idea, takes it to Mitel, who shoots it down. In the background, “You can’t always get what you want. But if try sometimes, well you might find… you get what you need.”
In this section, the author makes the accusation that open source systems contain only the bare minimum feature set. Seriously, Mitel claims this and doubles down by stating “free licenses are simply bait to get you on the hook for using their software.”
Asterisk and FreeSWITCH are two of the most widely used open source phone systems today. Their bare minimum version is their only version– and it covers any feature you can (reasonably) think of. WebRTC? TLS encryption? Database support? SIP interoperability? Unlimited seats? Use any SIP phone? Unlimited simultaneous calls?
Mitel included features? Well, just remember… you can’t always get what you want.
With open source, you’re not locked into a licensing model where you both buy equipment and then buy the ability to temporarily use the equipment you’ve already purchased. This is the real bait and hook. Closed source baits you with flashy sales advertisements and expensive brochures to hook you into their profitable licensing model.
After reading their article, I still am confused by the “major risks” of using open source; to me, every point they’ve listed is a major benefit.
Many people, much like the “Experts at Mitel,” can get confused by the concept of open source software. That’s ok. They probably don’t even understand that Mitel itself uses open source software (such as Linux).
If open source software were truly a major risk, why would they use open source software in their products?