I’ve just finished writing up a short White Paper on Skype – in particular the old question of whether or not it can be installed onto company equipment, the risks, costs, and some investigation into the system architecture.
Quite honestly, I don’t consider Skype to be an insecure system (so long as you keep the client updated. See here…), but it does undoubtably introduce some additional risk. The question is whether that risk is too great to allow a few travelers to have the client installed onto their laptops.
There are opposing forces in action – on the one hand a number of individuals who claim that they need Skype and consider life to be unfair unless they have it. On the other hand are those who consider it to be no more than KaZaa in different trousers, and that it should be kept well clear of company equipment. I’m somewhere in the middle: put a price on saying “yes” and make sure risks are controlled. But is that just a cop-out? I’m wondering whether I shouldn’t simply point my finger at desktop build policy and then remind people of that great invention: the telephone.
This all relates to a blog I wrote a while back on the subject of the increasing consumerization of our environments. I quoted there that “consumerization creates a new burden that can potentially cripple already fragile IT organizations” but on the other hand is the point that “consumerization is already in motion, so how do corporate IT departments manage the new reality?”
Do a few users with Skype on their laptops really increase risk to the business? Depends who it is and what they do with it. As a someone has reminded me this very evening, it may not matter until some senior executive is defrauded or their company provided equipment is compromised. I’m not sure it’s even an argument worth having – there are so many different solutions for communication out there now that I’m baffled why we are getting so hung up on Skype anyway.