A warning by the German consultancy Eurospace against the use in companies of the Internet telephony software (VoIP service) »Skype for Business« currently causes some confusion. At first sight, the main reproaches that firstly Skype was a security risk and that secondly it did not make use of accepted standards seem to be justified from a technical point of view. »Skype is easy to use, a clever solution and temptingly inexpensive. But it is a proprietary service and represents a huge risk being a potential weak point which is aimed at by attacks from the Internet.«, cautions the Eurospace managing director, Mr. Vincent Ohana, in a press statement conveyed by Pressetext.deutschland (also see “Skype uses proprietary P2P protocol”).
However, for quite a long time information technology experts have known that these risks arise with many Internet-based services. It is a fact that any software which is fed with data over the Internet may also infiltrate harmful files and programmes into a company. Only the probability of such an infiltration varies according to the number of so-called ports (comparable to doors) which have to be opened in order for the service to run. The less ports have to be opened, the smaller the probability of an infiltration. Another risk factor are proprietary data formats and encoding techniques which prevent security software such as virus scanners from checking the data entering the company.
Given that many of the new Internet services provide a competitive edge to business processes, the solution cannot be not to use these services at all. What is important, however, is to deliberately balance the risks and benefits and to look for alternatives without proprietary character. The latter is an advantage of open source software (⇒ Wikipedia). Another important point is to raise employees´ awareness of the risks involved, if the Internet software is used in an uncontrolled and excessive way that goes beyond a certain inevitable degree.