Skype in a business - what's your view?
Every business is different, so I doubt there's a single "right answer" here. Here are a couple of things to consider:
If your business is subject to strict regulatory regimes (such as HIPAA or SOX), a communications and conferencing solution that can be logged and audited (such as MS's Communications Server, which I guess is now called Lync) might be more suitable.
If your business deals with highly sensitive information, possible security vulnerabilities obviously become more salient. If you go to the Skype website and look at their page about firewalls, you'll see that you don't need to "open everything" as some have suggested — but you do have to open a couple of ports, and Skype would prefer to have all outbound TCP ports open (although this is not required). Only you and your coworkers can say what constitutes an "acceptable risk" for your business.
If you have large numbers of users needing chat or video conferencing (or if you're bandwidth-constrained), Skype could easily cause network problems. Conversely, if it's just a handful of folks needing this capacity, Skype provides a free alternative to costly server-based enterprise software.
Finally, it's important to remember that no business software is "free" — and consumer-targeted software that cannot be easily patched, upgraded, configured and otherwise managed with tools like SSCM or Group Policy can be quite "expensive" in terms of support.
As regards your question about "something in the DMZ" — this would be a proxy server, no? It is my understanding that Skype can be configured to use a proxy. In the current version, those settings can be found at Tools → Options → Advanced Settings → Connections.
I hope this helps!
We don't allow it on my employer's network
It's really very simple:
- It doesn't solve a business problem for us.
- There might be a risk associated with it, even if only to our bandwidth if a few skype users become supernodes.
As there's no business case for it, we're not going to take the time needed to research it any further, and our network security policy is to close off everything by default and open up when we see a need for it.
I'm not convinced one way or the other by any arguments that it's inherently a security risk, and they do now seem more professional in their approach to this issue than they were originally.
I'm sure Skype has its problems like every bit of software out there, and I'm sure that plenty of people are using it securely enough despite those problems. Again, like almost every other bit of software out there. I know its a boring answer but everything has a risk attached to it, and the question is whether the gain outweighs that risk.
In my workplace we use Skype for conferencing from time to time and works quite fine, but I work in a small business so:
- We don't have the budget of bigger companies so free programs are very useful in some situations (in our case we only do conferencing sporadically).
- We have open access to Internet, since until now nobody have been so stupid of using bittorrent or similar P2P to clog the network (that is easy to spot since we don't have the bandwidth of big companies).
Long story short: if you don't have budget, Skype is worth a try.
Skype is an excellent solution for small businesses, especially if you have a lot of international business or global satellite offices.
- Free from PC to PC
- Excellent plans for skype credit
- PBX integration (including if you have an existing PBX)
If configured correctly, you can lockdown skype as needed. @Robert Moir is not entirely accurate. You can avoid the supernodes in an AD enviornment (DisableSupernodePolicy). Read the network admin manual.
If you have multiple data lines you can route skype taffic via a decicated line avoiding latency on network for other applications. You can even bandwidth trottle skype traffic if you force it to use UPD and not the http or https.
When making decisions on these type of technologies don just look at functionalities, take into consideration productivity gains, in may case, teams are able to have a better long-distance conversation using video...this is important for productivity.
At the end of the day it's not perfect, but which app is? It's just another which can work if you implement it correctly.