By many estimates, one third of all of Skype's several million users in North America -- 171 million people worldwide use Skype -- are using it behind the enterprise firewall. And though many organizations know it's being used somewhere, it's hard to detect and even more difficult to control.
According to Frank Cabri, vice president of marketing for FaceTime Communications, Skype no longer has to be seen as an unknown monster lurking on the network. FaceTime has teamed with Skype for end-to-end security and management to give companies the reins to control Skype use and ensure that it's both safe and productive.
FaceTime makes solutions for securing and managing greynets, including IM, peer-to-peer (P2P) and other Web-based applications. FaceTime's new Internet Security Edition lets companies manage how Skype is used across the network by combining gateway security and control with endpoint management of Skype software. FaceTime's tools use open application programming interfaces developed and made available by Skype for its business partners through Skype's IT management framework.
FaceTime Internet Security Edition consists of two components: Greynet Enterprise Manager, which manages endpoint policies on the LAN, and Real-Time Guardian, which resides at the network gateway to stop inbound malware threats, as well as outbound information leaks. Cabri said that this architecture ensures secure enforcement of all Skype policies at the desktop while also evaluating network traffic to guard against rogue Skype use at the network edge by employees trying to circumvent company policies.
"[Managers] are concerned about Skype because they can't manage it," Cabri said. "They don't have any visibility." In many cases, that lack of visibility has led to company-wide Skype bans, he said, because "most IT organizations want to know what's going on on the network."
Paul Sheth, network and systems lead at Dallas-based Holly Corp., an independent oil refining company, said he's banned Skype from his network because of the lack of control and its potential to hog bandwidth. He added, however, that being able to manage and control Skype and similar Internet apps would make their use within the company more attractive.
"We use Skype for nothing," Sheth said. "We've practically blocked it at every point of entry we can. We didn't want it to use up the bandwidth we have at some of our remote sites."
Sheth said that Holly Corp. allows IM and some file-sharing and uses FaceTime's Greynet Enterprise Manager and Real-Time Guardian to keep their use under control with monitoring and endpoint remediation. He said having that same level of management for Skype would improve the chances that Holly Corp. would allow it.
If Skype proves itself enterprise-ready and he can control its use, Sheth said that he wouldn't oppose allowing it on the network.
For many companies, Skype has become an attractive business option for providing low-cost, real-time Internet communications such as VoIP calls and presence. FaceTime's managed Skype tool gives network admins the ability to manage Skype use on the network with controls to choose which elements of Skype software can be used. For example, a company may allow Skype to be used for voice but not for file-sharing or as a supernode.
"Skype is a powerful example of the employee demand for real-time collaboration," Cabri said. "IT managers are recognizing that a simple 'block or allow' scenario is not a workable solution for securing their networks, because Internet communications software -- such as Skype -- has become integral to the work culture of today's employees."
According to Skype, new features to Skype for Business make it more powerful for enterprise users. Features include easier installation and management. Combining Skype's new management features with FaceTime's level of control can make Skype more compelling for businesses that are looking to manage and control security, telecommunications costs and employee productivity.
"Today, 33% of Skype's users in North America are utilizing Skype for business purposes," company COO Kurt Sauer said in a statement. "As a result of our work with FaceTime, network administrators now have centralized management capabilities in addition to the cost savings, simplicity and productivity advantages Skype offers to businesses."
In its second annual greynets survey, FaceTime, along with NewDiligence Market Research, found that two-thirds of IT managers know that IM, P2P and other real-time applications have benefits, but those same managers noted that those apps must be managed by IT. Elsewhere, the survey found that four in 10 employees feel they have the right to install applications such as Skype, IM and P2P on their work machines, and more than half of those end users work at locations where policies that govern the use of such applications are ignored.
FaceTime's Internet Security Edition allows centralized policies to be set and controlled at the systems administration level, and they can be applied to each end user's desktop so that Skype adheres to those policies. Managers can allow or disallow different elements of Skype for the entire company, certain groups or departments, or individuals. IT can control who can and cannot use certain Skype tools, such as file transfer, voice calling, video calling, voicemail and voice recording.
In addition, proxy settings and listen port settings can be calibrated and turned on or off for users. Administrators can prevent users from broadcasting their presence online, and presence settings can also be enabled or disabled to prevent users from showing their availability. Other parameters can be set to prevent users from becoming supernodes or relay nodes, and a real-time bandwidth usage indicator lets IT measure and determine Skype's impact on network traffic.