Skype: Enterprise Not Job Number One

 
 
By Shelley Solheim  |  Posted 2005-11-21
 
 
 

Amid rising concerns about the privacy and security implications of using peer-to-peer communications tools in the enterprise, IT managers are beginning to block the use of such services, even as vendors begin to roll out technologies to address the problems.

Officials at Skype Technologies S.A., maker of the popular VOIP (voice over IP) tool, admit that their technology is not designed to be an enterprise-grade tool and say that IT administrators are free to block its use if they are concerned.

"There [is] a certain category of businesses [that] have to control their communities quite significantly, like businesses in the financial community that have to log every transaction, Web browsing and telephone call. Skype doesnt offer that. We dont attempt to address that market, and we dont really want to. There are communication solutions that are good for that," said Michael Jackson, director of operations for Skype, in London.

"Its not an area of focus for us, to be frank. We dont intend to build that infrastructure; we have the intention to provide a good service for small businesses and consumers, and where we can, to partner with partners who understand the enterprise business and can handle the servicing, purchase processing, support and requirements to comply with [regulations like Sarbanes-Oxley]," said Jackson.

Do we really need Skype or just want it? And is just wanting it worth the risk—even a small one? Click here to read David Courseys column.

Among the security concerns is Skypes proprietary technology for traversing NAT (Network Address Translation) configurations. Skype officials said this approach is part of what makes the companys technology so easy for consumers to use—as it allows consumers to make VOIP calls without having to reconfigure routers or firewalls—and that the company has no current plans of changing it. However, researchers say, for enterprises, this approach is not secure.

As a result, some IT departments have begun blocking the use of Skype and other similar tools.

"We do have concerns of our end users using Skype because it is a communication medium that doesnt offer us the controls we need to manage it in the enterprise," said Joe Gimigliano, associate director of architecture and security at Purdue Pharma L.P., in Stamford, Conn. "Weve taken several measures to prevent and detect the use of it. Whether a system is on or off the network, they are protected with [Cisco Systems Inc.s] Cisco Security Agent. This prevents the installation and use of Skype."

Tom Berson, principal with Anagram Laboratories, in Palo Alto, Calif., who earlier this year did a security review for Skype, agrees that enterprises should be wary about Skype, but mostly for compliance and control issues.

"Putting on my CSO [chief security officer] hat, if I needed to monitor and audit, I wouldnt want Skype," said Berson. "But I can also see a lot of business use for Skype. There are parts of the world where the Internet is in better shape than the telcos. Businesses might want travelers there to have a high-quality, good-value way to communicate back home. You really have to balance these needs."

Skype addresses vulnerabilities. Click here to read more.

Whether or not Skype is targeting its tool for the enterprise, end users are using it in business. Skype says it is registering 175,000 new users each day, and that 25 percent of those users are using Skype in businesses. Skype says that IT administrators can easily block the use of the tool if they have security or compliance concerns, and in fact some IT managers are already taking such action.

Skype provides security and management information on its Web site for IT system administrators at www.skype.com/security.

Microsoft Corp., which is making a push into the VOIP space, earlier this month came out with support for another approach to enable rich media, such as VOIP, to traverse NATs and firewalls: the ICE (Interactive Connectivity Establishment) methodology, a standard under consideration by the IETF (Internet Engineering Task Force). ICE uses the STUN (Simple Traversal of UDP through NATs) and TURN (Traversal Using Relay NAT) IETF protocols.

ICE has not yet been ratified, but Microsoft hopes that by coming out with support for it in its products, others will follow. Cisco joined Microsoft in announcing support for ICE.

Meanwhile, Skype this week will seek to push adoption of its technology among U.S. consumers by launching a new retail partnership with RadioShack Corp. More than 3,000 RadioShack retail stores will distribute Skype software and related products. Among these is a new Bluetooth-based Motorola Inc. headset to make calls using Skype.

Check out eWEEK.coms for the latest news, views and analysis on voice over IP and telephony.

Rocket Fuel