My company just outlawed the use of Skype. The previous company for which I worked had already done so. What security issues are they trying to prevent?
I don’t speak for your company, but generally company networks are to be used for business purposes. It seems that your current and former company decided that there was not business reason to allow Skype, and decided to save the bandwidth.
Maybe… except they used to promote the cost savings of it… I suppose they decided that there were no longer business reasons to save money on overseas calls, but it would seem like an odd decision unless they thought there were security risks.
I did some researched on this* about six months ago, but to my surprise I really didn’t find any striking security issues with Skype. (Nonetheless, due to company policy, I saw to have it banned.) - Interested in hearing other IT pro dopers’ findings, though.
- Googling, that is.
There are a couple minor security issues with Skype, but the main problem is bandwidth and the distrubuted (as opposed to centralized server) nature of how Skype works. If Skype thinks your computer can handle the task, it’ll turn your computer into a processing node to assist in routing people’s calls and this can easily saturate a corporate network.
Skype users agree to such a possibility when they sign up. From the Skype end-user license, users give Skype "permission to utilize the processor and bandwidth of your computer for the limited purpose of facilitating the communication between Skype Software users.” Notably, they do not say how “limited” the purpose is.
The main quarrel companies have with Skype and security is the application pokes holes in corporate firewalls, and the traffic is encrypted. If the traffic is encrypted, the company has no idea what’s flowing in or out of its internal network.