Skype for Business? Can it be a good idea?
I've seen several posts in the last 48 hours about Skype for business, Skype being the hot tool for microbusinesses, and Skype security. I've asked the question several times in the, but now I'm going to quote and broach the whole idea of Skype for business here. And I hope some of you comment.
The basic question set is this - do you believe Skype is suitable as a telecommunications (VoIP) solution in business? Do you allow it on your corporate network officially? Do you support and use it for business?
Remember thay while Skype has released some sort of API interface recently, it runs on proprietary protocols. Not open standards protocols review by the IEEE or IETF or any known and respected body overseeing telecom standards. Proprietary peer-to-peer protocols. Is that something you tolerate on your corporate network.
Let me share a couple of posts I spotted. First from Skype itself -
I spend a good portion of my life dealing with network security, so let me phrase the question a different way, to security administrators - knowing that every time you run Windows update, apply a service pack, or install anything from Microsoft that your registry setting will be reset to whatever Microsoft thinks they should be, are you comfortable with a registery hack on every workstation in your network as an effective security mechanism?Admin control of Skype features
By Kurt on March 09, 2006 in Skype security features
I just got back from Japan, where we held a seminar about Skype security features with some developers and customers. One of the things I learned was that we haven’t gotten the word out about the ways that IT administrators can set enterprise-wide policies on Windows computers running Skype. There are a couple of controls that were very important to the IT administrators I spoke with, and those were features to disable API interfaces and to disable file transfers on a particular instance of Skype.
These controls are enabled by setting particular Windows registry keys, which of course can be pushed out via Windows Server policy objects and controlled using normal ACLs:
Under the registry key [HKLM\SOFTWARE\Policies\Phone], you can set either or both of the following registry keys:
"DisableApi"=dword:00000001
"DisableFileTransfer"=dword:00000001Setting the DisableApi key to 1 will completely disable the Skype public API interface. This could be helpful when enforcing an enterprise policy concerning the use of software plug-in modules. Setting the DisableFileTransfer key to 1 will disable file transfer. In this case, inbound file transfers will be automatically rejected (the remote user will see a "Cancelled" message) and outbound file transfers will cause a messagebox to pop up containing an error message. (At present, these controls are available only on Skype for Windows.)
One of the comments I received from an IT administrator in Tokyo was that we should provide more granular controls covering more of Skype’s functionality elements, so that more locked-down business environments could authorize or restrict access to, say, text chats or to voice calling as well. It would be interesting to know how useful end-users and IT administrators would find such controls.
Puts it in a different light, doesn't it? I can't say it's too little to late. It's nothing. it's too little for any security manager I know to buy as even a feasible idea. It's patch someone crufted together that's being touted as a solution enabling corporate security. I'm not buying and it's not something I'll encourage any enterprise I help manage or consult with to view as appropriate security tactics. It's a bandaid patch at best.
But on CNET News.com, we read
Let's define the market segment where Skype fits and quit blowing smoke up the consumer's dress. Jeff Pulver was pretty kind when he said he said Skype for Business: A Yawn or Home Run? Hard to Tell...Skype targets small businesses
Published: March 9, 2006, 9:46 AM PSTInternet calling provider Skype is courting small businesses.
On Thursday, the company announced Skype for Business, which consists of new hardware, improvements to programs and a Web site dedicated to small businesses.
Skype, which was bought by eBay last year, offers software that allows people to make free calls over the Internet from their computers. Skype also offers premium services, such as Skype-Out, which charges customers for calls made from PCs to regular phones.
Skype has traditionally been thought of as a consumer application. But the company says that 30 percent of its 75 million subscribers use the software for business. Most of these businesses are small--about half of them have fewer than 10 employees, Skype said. For the past year, the company has been targeting business users.
I don't see a yawn. I sure don't see a home run. To quote that famous Cuban drummer from television, I'd say "Lucy, you got a lot of 'splaining to do." Skype's dangled some bait. I don't see substance and I don't see anything tangible enough to indicate Skype as a telephony solution acceptable to any but the smallest of businesses. There's too mcuh unknown. In business, unknown is risk. Skype needs to pull the covers back farther, open the protocol to review by recognized standards bodies and come the table with the rest of the VoIP market. And yes, that could mean learning to play SIP.
Note: I say that as a Skype user, who uses SkypeIn and SkypeOut. I'm not a non-user complete outsider to how their solutions work. I use Skype on multiple PCs, under multiple OSs and on a Windows-based Treo700W.
Technorati Tags
VoIP
IP Telephony
Voice Over IP
VoIP security
Skype
proprietary protocol
SIP
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
Comments
very interesting. see my comments on www.business.webtown.com.my
Posted by: tropicaljantie | March 13, 2006 4:58 AM
I note your comment on proprietary protocols : Do you use Microsoft Exchange for remote access - this uses a proprietary protocol. Do you use office document format ? This is proprietary. Proprietary is not by definition bad - and using a public protocol does not stop someone installaing bad things in the software.
Posted by: marianne | March 14, 2006 1:16 AM
An interesting comment, but with flawed logic regarding open vs. proprietary.
Exchange, for example, does follow open standards with regard to interopreable communications. It uses SMTP, IMAP, POP3 - widely accepted interoperable standards. Exchange to Exchange server communications may use proprietary methods, but even between servers, Microsoft encourages usign IPSec, an open standard. Exchange is a good example of how to properly mix both proprietarty technologies and open standards.
Office document formats is a somewhat flawed standard. Microsoft is a defacto standard today, but many companies, more all the time, use RTF formats, which are interoperable and pre-date MS Office. And Microsoft, like others, is moving toward XML, another open standard.
But to be clear, I was talking about interoperable communications standards on which the Internet and voice communications networks are founded. Take a look at network standards. RIP, OSPF, ISIS, BGP as routing protocols are all open , widely vetted standards. 802.1, 802.3, 802.5, 802.11 are all IEEE standards, open and vetted. In the telephone network H.225 for call control, H.245 for media, T.120 for data sharing, Q.931 for signaling, H.323 for multimedia over packet networks are all open standards. Even the old Bell System released 212A standards for old dail-up modems.
Communications must be interoperable to work. Open standards, or at the very least published standards and documentation (See Cisco EIGRP, for example) lead to interoperability. Without interoperability, communications services will fail.
What Skye has created is a proprietary network. They've providede some minimal gateway capability to the PSTN, but they have not "opened the covers" to join the community of telecommunications service providers. Not really. They've played it close to the vest. There's a price for that, and I believe the price is and could remain for some long period of time, failure to penetrate the business market.
I believe Skype fits in business in many ways, but not for core communications, except in the small businss market. I believe that based on over 25 years experience in the industry working in voice and data networking, interoperability and security.
I believe Skype is a fabulus tool, for the well defined niche it plays in. I don't believe Skype is a viable, scalable communications approach for enterprise businesss today. And I don't believe past or present management has the necessary mindset and framework to leverage Skype into being what it could be. Skype has constrained itself to a niche. For now that niche is comfortable, but I beleive a lot will have to change for Skype to break the boundaries it artificially set for itself.
I don't believe that is happening today, Skype's overtures to business notwithstanding. I think they're at least two years and a significant management shift away from being able to make tangible, significant inroads into the corporate enterprise.
Posted by: Ken Camp | March 14, 2006 7:32 AM