A couple of, perhaps, conflicting thoughts are on my mind today.

First, following a story that's been hot for several days 21talks notes this story -

Companies and universities still play at “Skype buster”
It could be a game, “Kick Skype’s ass” game, in which organizations and corporations beat and repel the softphone as hard as they can.

First bust: San Jose State University is the latest California school to ban Skype from its campus. Given reasons remain the usual: Lack of security and bandwidth consumption. Other SIP-compatible softphones like Gizmo and Wengo are allowed. SJSU mentioned other “grid-computing-like” softwares, which certainly refer to file-sharing platforms.

SJSU isn't unlike a corporate network in this regard. They're concerned about the security and integrity of the network. Skype is viewed askance by many a network administrator. Whether it's port hopping, detection -evasion techniques, P2P technology bypassing corporate antivirus engines, or just fear of the unknown, unmonitorable activity, or the supernoding consumption potentital, many large networks shun Skype - with good reason

I've written many times about the need for P2P solution providers to come together and build standards taht give the enterprise business what's needed to begin the true evolution to supportable P2P technologies for the next generation. They do not exist today. I work with enough enterprise security people to know that most view Skype with an eye towards the risk it presents, while closing an eye to any added value the convergence it brings might lend to business.

With that thought in mind, this in CIO Tech Informer certainly caught my eye

Skype Preps Enterprise-Friendly VoIP Software 

Skype is working to make its Internet telephony service more enterprise friendly, and expects to introduce a beta version of its software with support for enterprise management functions within weeks.

The update will allow system administrators to use standard Windows management tools to set how the Skype software connects to the Internet, or to disable any of half a dozen functions, including file transfers, said Skype’s vice president of telecommunications and Skype for business, Michael Jackson.

There's far more to enabling Skype for the enterprise that just these Windows controls, but this is a start. And the first real word that Skype may want to get serious about business users. The proprietary encryption algorithms still make for headaches, whether it be SOX, HIPAA or GLB. Key escrow and recoverability of sensitive information is a requirement of, and the bane of, many an enterprise.

Sure, Skype worked with Intel who was willing to put up a proxy server to manage Skype traffic. How many companies want to invest in a Skype-proxy firewall? Why would they?

Skype maybe making a tiny, incremental step in the right direction, but let's not make more of it that it is. In fact, lets point out what it is. It's a self serving tiny step to boost their own business. It's not an industry leader huilding a consortium to strengthen the adoption and acceptance of P2P technologies.

And Skype isn't the only P2P vendor missing the boat here. They all just seem to not get it. Enterprise business doesn't like P2P. Period. It's viewed as a risk. If you want to gain entry, finding new one-off solutions to get your product past the perimiter isn't the answer. The answer lies in one of two directions. One I've outlined is to form a coalition of friendly competitors in the technology set and work toward achieving what I'll temr respectability. If you don't have that, you won't succeed in enterprise networks in any noteworthy scale.

The other approach, the one that is working, is to play by established rules within the corporate culture. Use accepted open standards like SIP. Don't masquerade your traffic or access. If you act like you're hiding something, I'm sorry, but you're hiding something and untrustworthy. There are plenty of companies who play by the rules and are "security culture friendly."

Need examples?

Fire up Ethereal or your packet sniffer of choice and just look at what's on the network. Fire up SightSpeed and look at the traffic. What you see is normal, network-friendly, security-friendly traffic. Easily monitored. Easily managed. And if for some reason your corporate policies deem it inappropriate for your environment, well, it's easily blocked too. Same with Gizmo. Same with Counterpath's Xten-lite phone client. Same with Pulver Communicator. Even MSN/AIM/Yahoo play responsibly on the network.

SightSpeed is rapidly becoming my primary voice and video tool for a number of reasons. The only reason it's not my single client is that too many people I talk with don't use it much...yet. That's changing, and this week I've added several new contacts who are also shifting towards SightSpeed.

For corporate networks, and for educational institutions like SJSC, SightSpeed represents a tool that lets students away from home easily talk to friends and family. And the cost of a webcam is just not a factor. Not at today's prices. They're giveaway/throwaway commodities, no more unattainable than a thumbdrive.

SJSC hasn't done anything that isn't being done in hundreds of business networks around the world. And frankly, that trend is on the rise. Security and protecting the network is an important concern, and you'd better believe the CIO at SJSC is tasked with protecting that network. This whole news story is much fluff about nothing. And I know many security managers who would do exactly the same thing.

Technorati Tags: Skype, SightSpeed, San Jose State University, SJSU