News and views from the experts? BAH!

Security

I was looking through my Technorati stats and found that a blog from McAfee commented on and linked to my article on a cost analysis of Skype.

My beef with their post is that there is absolutely no substance to it. Their counter argument is to just regurgitate Mike Rothman’s argument that analysis like this one are too simple and tend to be ‘cooked.’ Show me a risk analysis that isn’t cooked and I’ll show you an ineffective one.

Both Rothman and McAfee, actually since McAfee just parroted Rothman, Rothman argues that a cost analysis shouldn’t leave out the many collaborative features of Skype. To that I say that if you are an enterprise-class shop looking to leverage Skype as a collaborative tool, you should start looking for another job. Skype is great for SOHO environments at best. It doesn’t scale, it isn’t network admin friendly (yet) and with functions such as the supernode, can actually be a burden to the network.

Below is my comment to the McAfee blog, just in case it doesn’t get posted there:

Risk analysis is fluid, subjective process meant to serve the needs of one particular organization and therefore there is no cookie-cutter analysis that Company X can photocopy and provide to their executives. The article was offered as one particular analysis done, among many, to help demonstrate its potential impact on the IT and financial environment.

Having said that, the article opened by stating that the historical justification for Skype has been cost savings on long distance telephone charges. Therefore it was from that angle I did that particular analysis.

All of the other *fluff* that Skype offers is already deployed in our environment in a far more robust and secure manner than Skype can possibly offer and I would imagine that most corporate enterprises are similar to ours. In 2007 if you are an enterprise-class company looking at Skype as your central collaborative tool, you should fire the person who suggested it, not from a security stand point but from a technology standpoint.

What features does Skype offer that seasoned players like Polycom or Microsoft Office Live don’t already offer? Not to mention the fact that Skype isn’t enterprise-friendly to begin with. It was only Skype’s recent version 3.0 that offers GPO management, which is still lacking and deficient anyway.

For a more in-depth look at many of Skype’s risks, see my article from July ‘06.

For more information about this topic

  • No Related Post

posted by Michael on 03.31.07 @ 9:17 am | 2 Comments

I received an email from someone who wishes to remain anonymous. He stated the following,

Between you and me, I’ve been dealing with the same issue for several months now. They link to me, say something nice and take a weak and unoffensive stand on some issue.

I thought about writing a similar article, but I figure it would just drive readers to their blog, or they would stop linking me and that would keep people from coming to mine for real analysis.

Personally I don’t mind if I ruffle some feathers over at McAfee’s blog and I don’t mind if they stop linking me. I’d much rather back my position with intelligent, original ideas.

Looking at the first page of their blog I see only a single post of entirely original content and it’s about one of their events (which, consequently is the only post with any comments).

Granted, a big part of blogging is participating in other blogs, but it looks to me like their doing more of an aggregation service than anything else.

If I’m wrong, McAfee set me straight!

By Michael on 04.01.07 9:12 am

I have to cut McAfee a bit of slack now. They finally moderated my comment and it’s posted in all its typo’ed glory…

By Michael on 04.02.07 2:15 pm

RSS feed for comments on this post. TrackBack URI