John PescatoreLast Friday I spent the morning taking questions from two Information Assurance classes at the National Defense University at Ft. McNair in Washington DC. It was a fun two hours – the questions were all over the map, from secure use of the cloud to new threats to how can the government “secure” the Internet.
I had an interesting side discussion about can Skype be used securely. Lawrence Orans has guest-blogged here on the topic, and he and I put out a Gartner research note on Skype security. But, the conversation veered off in a “security through obscurity” discussion – would you be more secure if you used some other free VoIP service like Vumber or Gizmo5 (recently acquired by Google)?
The short answer is not. First, there is a good table here showing most of the different VoIP clients out there and you can see how many are lacking basic security capabilities like encryption. But more importantly, how many of them meet the basic management requirements of enterprise software, like the ability to bake security policy in, push patches, retrieve configuration status, etc. Let alone have any of them had any external security review.
There is still a big difference between the security of consumer-oriented software and enterprise oriented software. Skype has at least made some progress on adding in enterprise capabilities. It is a higher profile target for attacks, but having an unlisted telephone number never prevented a burglary or house fire anyway.
Category: Uncategorized Tags:
1 response so far ↓
1 Example Skype Security Policies: Low-Medium Security Levels February 10, 2010 at 8:44 am
[...] Gartner clients have been around balancing security and supporting business demand. A previous blog post points to the Gartner research note with our recommendations on the best approaches to secure [...]
Leave a Comment