Skype Security: Is the Popular VOIP Service Safe for Business?
Skype aims to break into small business environments. But are there security concerns to consider before you adopt it in your organization?
By Joan Goodchild , Senior Editor
February 04, 2010 — CSO —
According to data released last month from research firm TeleGeography, Skype, the popular software that allows computer users to make calls over the internet, now accounts for 12 percent of all long-distance calls. The company saw its user base grow to more than 500 million accounts in 2009 and is making a run at a new market this year.
So far, the popular VOIP provider has been primarily used in personal, consumer settings. But in 2009, Skype launched Skype for SIP, a service that lets its peer-to-peer VoIP clients interact with existing IP PBXs and is aimed at small businesses looking to get in on the cost-savings of internet telephony. Skype for SIP (also know as Skype for Business) was launched in beta early last year and brought into public beta at the end of 2009.
Also see VoIP Security: The Basics for more about DDoS, eavesdropping and other VoIP threats
While many large businesses have used VOIP services for years, those enterprise-class VOIP systems typically used in corporate environments differ from Skype, according to Michael Gough, an information security specialist and president of the Austin, Texas, chapter of ISSA. Gough, owner of the web site skypetips.com, and author of Skype Me! From Single User to Small Enterprise and Beyond, gave CSO his thoughts on Skype's benefits and challenges in the business environment.
CSO: We know that Skype is making a play for business customers with Skype for SIP. But as it stands now, do you think it is used in many business organizations?
Michael Gough: Predominantly it is still used by individuals, but a lot of small-to-medium-sized businesses utilize Skype to cut costs for things like road warriors. Another common use I've seen in business is in outsourcing off-shore resources like help desk or support scenarios where you have a lot of people outside your state and doing off-hour support. Often Skype is an option for some of these companies.
Are there security concerns with Skype that are unique when compared to other VOIP solutions?
In any corporation, if you are going to install software on end-users computer, you have to do your governance. You have to set the rules that govern what you are going to do or allow with any piece of software. So every enterprise has the challenge of controlling the proliferation of Skype into the environment. If you're a local administrator, and you're going to install the product, now, all of a sudden, you have texting and voice conversations that are potentially encrypted and something that the enterprise or company can't monitor. That is definitely a challenge.