I already blogged about the things that make Skype a poor choice for a corporate environment. But, facing reality, the penetration of Skype for the home user is excellent, and a whole lot of persons are quite familiar with the interface and the usage. So, if there is a way to make Skype more corporation friendly, it becomes a very easy tool to be adopted by the employees.
Now there is talk that Skype may be sold

Without knowing what will be the business model of the new possible owner, here is a wish list that will make Skype the killer of all corporate IM applications.

• Enable autonomous functionality - Effectively, the organization should be able to run skype in an autonomous mode, without contact to outside skype servers. This would probably require integration to Active Directory or some other Directory Service for user authentication.
• Enable administrator controlled assignment of SuperNodes and RoutingNodes - Each Skype program can become (upon it's own decision) a SuperNode or RoutingNode, and assist in communication between the other Skype systems. This is highly undesirable in a corporate network infrastructure where every bit on the network should be accounted for. A manual assignment or disabling of these roles should be available to the administrator
• Create possibility to define which user can access which functions - Every service within the Skype service set should be subject to configurable enabling or disabling. This includes video, voice, file transfer, chat and anything other they might think of
• Create an Audit Log - Create a central audit log of all configuration changes, logon and logoff events, logon errors and chat conversations
• Throw out the automatic logon check box and disable password saving - NOBODY should log on automatically. In a corporate environment, all systems should prevent forgetful employees from logging on automatically to anything - including the communication package.
• Create Controlled access to internet Skype - Create the ability to establish communication and make/receive calls to users of the standard Skype, but through a definable and controlled gateway and only to users for which this function is approved and enabled by an administrator

To the new owners of Skype: If need be, set a price for this product, but please consider the currently untapped possibilities of the world where Microsoft Live Communication Server (LCS) rules.

Related posts
Is Skype a good Corporate Tool?

Talk back and comments are most welcome

The new age of information technology is strong in all corporations, and people understand that there are fast and easy methods of communication that haven't been available before. One of the most modern being the Instant Messaging tool, in any form possible. And the most popular form of the day is Skype.

Furthermore, the modern corporate employees view the ability to use Skype at work as their constitutional right, not a corporate priviledge.But let's observe the pitfalls of Skype usage in corporate communciation:

1. Skype is designed to be an Internet communication tool - This means that each SkypeClient MUST connect to a SuperNode somewhere on the internet
2. The Skype protocol is designed to enable communication between users via possibly blocking paths. It does this by using SuperNodes and Routing Nodes to transfer messages when direct client-to-client communication is impossible
3. The Skype protocol is propriatery and encrypted, so there is no way to control or audit the content of the messages.
4. Again through a characteristic of the Skype protocol, any Skype client can choose to become a Routing Node, potentially offering it's services to any client on the Internet.
5. Skype is designed as internet telephony protocol, and the voice functionality cannot be blocked. Using the voice functionality can cause unnececary bandwidth usage and potential problems on the data network
6. The Skype client is closed source, and any claims of the encryption alghorithms used in it have to be taken for granted, since there is no way to confirm them. So, nobody really knows whether Skype or anyone else can eavesdrop. Even if all claims are true, the usual problem is not with the alghorthm, but with it's implementation. Bear in mind that one of iPhone hacker unlock mechanisms used a bug in the RSA encryption alghorithm.
7. The Skype binary is unnaturally large, most of it is encrypted, and it contains numerous controls and hooks that are designed to prevent an active debugging tool to reverse engineer it. Also, it contains intentional garbage code and padding designed to confuse any dissecting of the file. This mess of a binary is an excellent place to hide an undesirable element like backdoor, trojan or spyware tool, which would not be easily detectable through standard spyware tools.
8. All passwords of the Skype users are kept on a centralized Skype Authentication Server. Skype claims that all passwords are irreversibly hashed. This fact as well as the hashing alghorithm are impossible to confirm. This may not be a problem for private use, but in a corporate envirnoment a large number of employees use the same password for all their business applications, so it is quite possible that they will use the same password for Skype, potentially releasing this passoword in the wild.

So, here is a summary of the pitfalls of using skype:

• All users must be allowed to connect to some servers on the internet to log on to the Skype network. This connection can be used to piggy-back an attack through the authenticated outbound session.
• No possibility to perform any audit on the communication - a corporate must!
• No possibility to block voice, thus opening the potential for bandwidth hogging
• No guarantees on what is within the Skype code
• No guarantees on Skype passwords
• No guarantees on Skype encryption

One must stress that these pitfalls mostly affect the organization as a whole (SysAdmins, NetAdmins, Security, Internal Audit et.c.), while the individual users are usually very happy to be served by Skype.

It is my strong opinion that the goal of easier corporate communication, is not well served by Skype

To address this goal, the corporation should implement an internal corporate messaging tool that has the following functions:

• Possibility for fine grained activation/deactivation of available services (text, voice, video, file transfer)
• Possibility for audit of both administrative events (logon, logoff) as well as messages
• Fully internal infrastructure, thus eliminating the requirement for internet access.

Also, with the advent of IP Telephony in the corporate world, the corporation should decide on a strategic selection of product that will complement the IP Telephony, not compete or conflict with it.