Skype: Big Bad Wolf? part 1
A downloadable telephony application with tens of millions of users worldwide: Hmmm. Should IT managers feel comfortable with such a beast living on their company networks?
With Skype's profile suddenly higher in the wake of its acquisition by eBay in September, the free peer-to-peer Internet phone service recently found itself in the gun sights of some new critics. Info-Tech Research Group, an analyst-consulting firm in Canada, issued a strongly-worded press release earlier this month citing potential security and compliance concerns and advising big corporations to immediately ban Skype from their networks.
Info-Tech senior research analyst Ross Armstrong, author of the research note on which the release was based, is quoted as saying, "The bottom line is that even a mediocre hacker could take advantage of a Skype vulnerability."
Info-Tech was clearly intending to grab attention and stir controversy, and it succeeded. The next day, a UK analyst firm, Butler Group, issued a press release of its own suggesting the Canadian firm had missed the boat and that the real risk from Skype was that users' computers could be commandeered for use as virtual PBXs, degrading their performance for other tasks.
Tempest in a teapot? Some observers think so, though others agree with at least some of what Info-Tech and Butler say. The issues raised do draw attention, not just to the potential risks but also, and perhaps as important, to the potential benefits of using Skype in a business environment.
The urge to save
Many European and Asian companies, faced with generally higher long distance rates and pay-per-call local telephony, are already using Skype. Fewer North American firms have gone the same route, perhaps because they have less need. When Skype surveyed users, 25 percent said they used the service for business. According to Info-Tech, 17 million Skypers worldwide use it for business.
Even Armstrong agrees that "some companies, particularly smaller companies and perhaps call centers, may end up saying, 'We know about the security risks, but the savings are just too juicy to turn down.' It comes down to business need."
"I think there are times when [using] Skype [for business] makes absolute sense," says Joe Laszlo, a research director with Jupiter Research. "For calls from a remote worker in another country back to home office, for example. It could also be a very cost effective way to keep in touch with people on the road, though most have cell phones with large bundles of minutes, so I'm not sure you could expect to see a ton of cost savings. But it's worth exploring at least."
Jupitermedia Corp., of which Jupiter Research and the publisher of this journal are both divisions, is exploring the possibility of using Skype internally for conferencing. Laszlo says some Jupiter employees are already using it for informal communications.
Skype and enterprise: a good fit?
Skype, however, continues to mainly target consumers and small businesses, by which it means companies with under 25 employees. It has made few concessions to enterprise users. Recent releases do make it possible for network managers to turn off the instant messaging (IM) and file transfer functions in Windows Registry as a way to reduce peer-to-peer traffic over a company's Internet connection. But that's as far as it goes.
When asked if Skype might introduce an enterprise version of the software in the future to address some of the concerns raised by Info-Tech and others, Skype vice president of operations Michael Jackson says, "Not really. The fact is, to change [Skype] to be something that could work in a full enterprise would take an awful lot of work, and [enterprise VoIP] is a market now well served by other manufacturers."
Skype does include a section at its Web site listing third-party freeware and trialware aimed at business users. They include sales force automation, teleconferencing and collaboration software and hardware/software devices for integrating Skype with a PBX.
Three strikes against
But is it wise to think of using Skype in the enterprise? In the widely distributed Info-Tech research note, Armstrong listed five reasons why all enterprises should immediately ban Skype. They boil down to three of substance:
- Because Skype is not standards based, can easily penetrate firewalls and is often undetectable, it could expose corporate networks to viruses, worms and other kinds of hacker attacks.
- Skype's encryption is closed source and possibly not well managed. If it were compromised at some point, outsiders could intercept and decrypt calls resulting in damaging information leaks.
- Because Skype communications are unauditable, employees using it could make it more difficult for their companies to meet compliance requirements.
Should companies in the meantime ban the service from their networks? Maybe not, or at least not from all company networks. As we'll see in the second in this two-part series, the Info-Tech position drew some strong reaction in the Internet and peer-to-peer communities.
Look for part 2 of Skype: Big Bad Wolf a week from today.