Few technologies polarise opinions as much as Skype, the Internet telephony innovator. Its 100 million registered users are testament to its popularity with consumers and its feared status among telecoms companies, which have seen revenues stolen disappear. Now enterprise security chiefs are being warned that Skype represents as much of a threat to their networks as it does to the fixed-line telcos.
Few businesses have formally adopted Skype, but the company estimates that around 30% of its clients are business users. Skype calls are, by design, hard to detect, something its executives say is necessary to stop telcos blocking it from their networks. But this has alarmed security professionals. After vulnerability was uncovered in May, analyst group Gartner warned that “the most secure option is to block Skype traffic completely”.
Most worries around Skype are based on misconceptions or misinformation, say its executives, although they admit to having an image problem in the enterprise. “We set out to remove barriers to communications – price, usability and getting it to work with a few clicks without having to call IT administrators,” says Michael Jackson, Skype’s director of operations. “They are a bit disenfranchised in this world.”
Kurt Sauer, Skype’s CSO, agrees. “We are facing a lack of knowledge about how Skype works. It is seen as weird, and weird is bad.”
“You won’t ever see Skype responding to an RFP. Well, not anytime soon…”
Michael Jackson, Skype
But Skype has already built in encryption technology, ensuring phone calls remain private, and is working on improving its identity authentication, to ensure a caller is who they say they are. Meanwhile, it is improving controls for IT administrators, which will make it easier to introduce policy-based controls.
Both Sauer and Jackson are adamant that these measures are designed to help the IT department cope with the organic growth of Skype as employees bring their favourite personal tools into the office, rather than a push to compete in the corporate world with Cisco or Avaya. There are no plans for an ‘enterprise edition’ and Jackson admits that Skype is not especially suitable for companies with particular regulatory demands, such as financial services organisations.
“You won’t ever see Skype responding to an RFP,” says Jackson, before checking himself. “Well, not anytime soon…”