Today we have a guest blogger, Lawrence Orans of Gartner:
With the recession in full force, I am getting more questions from Gartner clients about the security risks associated with Skype. Business executives view Skype as being “free” — they see it as a way to cut communications charges, but most are blind to the security risks. Gartner has highlighted these risks in our research (see Q&A: Securing Skype in the Enterprise), namely the fact that Skype’s proprietary signaling protocol makes it hard to secure, the challenge of managing vulnerabilities in the Skype clients, and the threat from the IM features of Skype. Because of these issues, our position has been that most organizations should block access to Skype, and if that is not possible, that they should take precautions to make Skype more enterprise friendly and secure.
Pressure on IT executives to allow Skype is growing, so it is becoming increasingly difficult (politically) to say not and just block Skype. Since there has not been a widespread, high-profile attack against Skype (save for a 2-day outage in August 2007 that was the result of a bug in the Skype system), it is difficult for IT execs to persuade business execs (many of whom are already using Skype) that Skype introduces security risks to the organization. The politically smart choice for many IT execs is to allow Skype, albeit with the appropriate precautions.
Skype Version 3.8 (business version) provides some enterprise-friendly features that enable organizations to run the application more securely. For example, IT managers can implement version control of the Skype client (so that all users are running the same version). Version control is a huge problem with Skype. One network manager recently told me that he counted 11 different versions of the Skype client amongst their 6500 desktops! The business version of Skype also enables centralized policy configuration and control for the Skype clients. So, most organizations should be able to mitigate Skype’s risks enough to allow it in their environment. But, the process of mitigating these risks involves operational and support costs, so Skype should not be considered “free”.
Read Complimentary Relevant Research
Predicts 2017: Artificial Intelligence
Artificial intelligence is changing the way in which organizations innovate and communicate their processes, products and services. Practical...
View Relevant Webinars
Bring Your Own: come gestire dispositivi e app in modo sicuro?
Il trend del Bring Your Own continua a crescere, impattando sempre piu' il modo in cui le aziende devono implementare le proprie strategie...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.