Being easy on the wallet has come with the cost of being scary to network security, a scenario Skype seeks to change by partnering with FaceTime to allow security policy enforcement on Skype IM. There are plenty of reasons for penny-pinchers to love Skype, but with a history of security issues and an inability to lock them down, there are just as many reasons for IT managers to be wary of it.
To combat those concerns and raise its profile even further in the small and midsize business market, Skype on March 20 announced a partnership with FaceTime Communications of Belmont, Calif., that will better protect Skype users against encountering malware through the network via Skype IM conversations.
The agreement will incorporate FaceTime's GEM (Greynet Enterprise Manager), allowing organizations to manage security policies and aggregate reporting for IM, P2P (peer-to-peer) and malware traffic across organizations.
Bean counters love Skype for its low-cost, long-distance international and local calling, and users love the ease of use, flexibility and always-on nature of the service—wherever they happen to be when they log on to Skype, they can access voice mail, have the same Skype identity, and access the same incoming and outgoing Skype numbers.
On Skype Pro, they can do even more, like transferring a call to other Skype users and making cheap international calls. And unlike most IM clients, Skype can connect through virtually any firewall.
But IT managers are a bit wary.
"Skype almost always can connect through a firewall, so end users like it because it means it just works," said Ian Fogg, a senior analyst with Forrester Research in London. "But to an IT manager, that's rather scary because they are essentially being bypassed."
IT managers have good reason to be concerned. Experts have been warning users about Skype's security vulnerabilities for years. In October of 2005, Skype issued patches for two security bugs it considered critical—one that could cause the software to crash and execute arbitrary code in Skype for Windows, and one that would allow hackers to take over vulnerable systems on all platforms.
In May of 2006, after Skype issued a "medium risk" security bulletin for a vulnerability in the Skype for Windows user client, Garter analyst Lawrence Orans wrote in an online report that businesses using Skype must focus on managing version control for their Skype clients.
And as recently as January 2008, Israeli security researcher Aviv Raff found that Skype could allow malicious code intrusion in certain conditions.
The agreement with FaceTime will go a long way toward alleviating IT managers' fears about such security nightmares, Fogg said. Moves like this one, along with Skype's continued push to make its offerings more attractive to smaller companies, should stand it in good stead, he said.
"They are doing everything they can to build an ecosystem that is attractive to small businesses: partnering with hardware vendors to push Skype out away from PCs to other devices; encouraging third parties to add on; and moving into areas like video calling. They know that's where the revenue will come from."
