There has been quite a debate going on as to whether or not Skype is safe for corporate use. Like most eWEEK.com readers, I am not deeply enough versed in security issues to make an independent decision on whether Skype is or is not secure.
The more important question: Do we need Skype or just want it? And is just wanting it worth the risk—even a small one?
The issue comes down to this: Do we really need another IM service through the firewall? Given that Skype, despite its wild popularity, doesnt seem all that different from the IM services offered by AOL, Yahoo, and MSN, the question becomes “Why should we allow another?”
Are users demanding another IM service for valid business reasons, or is Skype just the current fad?
Lacking a business justification, I dont see a good reason to take the chance on Skype or anything else. If Skype doesnt do more for you than present a potential risk, whats the value in taking the chance?
Call me paranoid, but the truth is there really are people on the Internet that are out to get us. If Skype opens another door for these miscreants into the network, why should I allow it?
I am not—and indeed I cannot—say Skype is better or worse that anyone elses VOIP, though I do note that Skype has specifically said they are not building an enterprise-grade service.
That makes me think that while Skype may not be less secure than what already is on the network, that it wont be more secure, either. Since I already have enough security and administrative headaches, why accept another unless I have to?
This is, of course, the opposite of the “permissive” network administrators position, which would be to allow Skype unless there is a proven, valid reason not to.
Maybe it comes down to what sort of parents you had and what they were willing to let you get away with.
My counter to the permissive argument would be that since any software can create problems, why take more chances than you have to?
Indeed, if we could remove other IM clients from the corporate network, that might be a good thing, too. One company I work with was recently hit pretty hard by a bug that was spread through AOLs IM network.
But, so many people there use it for business purposes that AIM wasnt yanked. That incident, along with those at other places, makes a case for reducing the number of IM networks in use rather than allowing them to increase.
Indeed, a wise enterprise is already looking at bringing the IM network in-house, with controlled links to external networks. This is the approach Microsoft is pushing, linking its enterprise IM to the AOL and Yahoo networks.
My bet is this is the first step toward IM becoming a paid service, at least in places where the network operators dont or cant force users to see their advertising.
IM is, however, such a valuable business tool that I believe companies should be willing to pay for it, though getting money for something long offered for free may prove an uphill battle.
Making IM a managed network resource, rather than unmanaged external service, should also improve security, while removing the necessity many users find for running multiple IM clients on their desktop.
If Skype wants to play in this environment and support connections to corporate IM systems, thats all the better.
Note that while I am using Microsoft as an example, because I have some idea what the company is up to, I really dont care whose IM software a company chooses, just that it makes life simpler and more secure.
Similarly, I have long called upon the IM network operators to support interoperability amongst their services.
My impression is that Skype really wants to be a consumer service, and it is probably fine for home use.
It may be fine for use at the office as well, but I have yet to hear an argument so compelling that Skype seems worth the bother.
Contributing editor David Coursey has spent two decades writing about hardware, software and communications for business customers. He can be reached at email@example.com.