Several years ago, I found myself sitting in an Italian police chief’s office, when our conversation was interrupted by an urgent phone call.
After a few minutes of listening to what the caller had to say, the police chief stopped him and said that he had better call back on the secure line. I was curious and very impressed.
On another occasion, while visiting the chief executive of a mobile operator, I remarked on a clunky, antiquated telephone that I had noticed sitting on his desk. He explained that corporate espionage was rife in Greece and that he used the encrypted phone to talk to headquarters. Wow.
I admit to having slightly more admiration for spy gear than an adult should have. But isn’t the need to secure your communications a sign of power? Encryption assumes that you have secret information that someone else is willing to go to a lot of trouble to steal. And that is an exciting concept for any journalist.
Which brings us to Skype, the popular internet communications service that allows free voice calls, instant messages and video conferencing.
Some alarming media reports have decried how insecure Skype can be, especially in a business environment. The fear is driving some companies to outlaw Skype use or install Skype-killer software.
But concerns about unsecured communications are misplaced. Individual Skype conversations are well hidden in data flows and industrial-strength encryption keeps the talk secret. In fact, law enforcement officials are perplexed as to how to intercept them lawfully.
Rather, there appears to be a risk that evildoers could compromise the Skype software and use it as a secret back door into a corporate network.
Indeed, what has made Skype such a good service is that it works without the need to struggle with network settings; install it and you can talk. But the secret to this is the application’s ability to traverse firewalls invisibly and other security lock-downs. And that is what worries people.
Of course, this is all hypothetical. No one is aware of any Skype-enabled attacks and experts acknowledge that the software is very secure.
Skype paranoiacs point to Cambridge University’s recent decision to block Skype as proof that the application is evil. But Jon Crowcroft, professor of communications systems at the university, explains that legal restrictions, more than security concerns, drove this decision.
As a non-profit institution, Cambridge University has a special bandwidth contract that prohibits it from forwarding third party data traffic. But Skype’s peer-to-peer architecture means that each user’s computer becomes part of a distributed call forwarding engine. “The choice is: either become part of the forwarding system or block Skype. We currently block it, but we don’t want to,” Prof Crowcroft says.
Oxford University, incidentally, reversed its Skype ban this year.
Nevertheless, Skype is giving enterprise IT managers some more immediate headaches.
For instance, there is no way to manage centrally the applications installed on corporate computers, meaning that the IT department must trust users to install software updates and activate certain security features. Also, Skype lacks some standard security functions such as forcing users to change their passwords every few months.
Irwin Lazar, a senior analyst at the Burton Group research firm, says: “Skype needs more accountability.” He points out that Skype calls are impossible to trace and that companies that must maintain call logs or record conversations could breach their regulatory obligations.
But then Skype was never meant to be business-class.
Michael Jackson, Skype’s director of operations, says: “Skype was not originally designed to be a corporate IP communications tool. However, we are constantly rolling out new features that satisfy the needs of corporate system administrators. Companies with effective IT policies have nothing to fear.”
A smarter response to Skype than fear is for IT managers to ask why employees use the application and find a safer way to meet those needs.
Skype says that nearly one third of its subscriber base – or about 22.5m accounts – are business users. So the VoIP service is clearly making workers happy, whether it is with free calls, unified messaging, or the ability to know when a colleague is online.
One company aiming to help enterprises meet these needs in a secure way is Interoute, the pan-European data network provider, which last month launched what it calls an enterprise-class alternative to Skype.
For a flat fee, the iSip service offers free calls, unified messaging and other advanced VoIP services, all layered with strong security. And like Skype, calls within the iSip community are free, so Interoute expects customers to encourage their business partners to buy the service.
“It’s Skype without the Skypemares,” says Jim Kinsella, chief executive of Interoute and a heavy Skype user himself. “Skype is great but it’s dangerous. At home, I’m happy to use it but not as CEO of a company. I have to protect my company’s assets.”
Interoute’s service is a good attempt to address the gap between workers’ needs and companies’ legitimate security concerns. Offering a better Skype is more compelling than telling staff to stop using it. And likewise, the time has come for Skype to provide a product that enterprises can feel safe with.