It should be the voice group. Here's why:1) SBCs are more than just a voice firewall. One role of the SBC is that of an application firewall that is specific to interactive voice & video applications. But an SBC is also used for supporting voice services from a reporting, logging, and troubleshooting perspective. If a user calls to report a problem with their last phone call, or that their fax machine is not working, the SBC is a core component in identifying and fixing the problem.
2) SBCs require a detailed understanding of telecommunications. It is easier to teach a voice person, voice security, than to teach a security person everything about telecommunications. SBCs are core to the delivery of voice applications across different networks, especially the SIP trunks from service providers.
3) SIP is OSI layers 5-7, not 1-4. Voice and video are critical applications that will run over a shared IT infrastructure. Yes, real time media is a very demanding application that is not tolerant to latency and jitter, but it still is just another application. For example, firewalls are for layer 3 NAT and SBCs are for layer 5 NAT. Protocol translation between various UC vendors is very complex.
Which SBC vendor is selected should not have an impact on the decision of which group manages the SBC. There is not a technical benefit of using XYZs firewall or router with a specific SBC product. There is little merit to the argument that the network team should manage an SBC because it resides in a router.
Security groups can control and manage voice security without directly supporting the SBC. The security group can specify all the requirements and have logs from SBCs sent to them for analysis, reporting, event management, and alarming. A similar analogy is a security group will oversee an HR database server, but not directly support it.
Putting together the RFP requirements and decision making should be done by a cross functional team including network, security, and voice groups. But the final decision should be left up to the group that is responsible for the service, the voice group.
