Just finished reading “Encrypted Phone Calls & Skype Security” by a fellow blogger and a technocrat Friend Mukesh Kesharwani. Indeed pretty interesting and well covered stuff no doubts and that is what we expect from Mukesh.
However, when I look in from my Risk and Compliance Corner, the concern of using Skype in Corporate Network still looms large and Rings the Bell in my head… Can’t do away with that as for me the Data Privacy and Protection (be it in any form) is primer.
Some of you might have read my previous post on this when I had written about the Blackberry Security and Issue of National Security. I would reiterate those concerns in the case of Skype Usage also. For most of the cases, if Skype is used for Corporate purpose, the corporates would try to cut the cost and try and use the retail version of Skype that’s available to one and all with access to Internet. In this case, I am sure that as and when the Security Agencies get access to the Data exchanged on Skype, though the sorts of agreement it now has with Research in Motion (the Company that owns the Blackberry Brand), there would be a High Risk to the Confidential and Business Critical Data that would be shared using Skype and mind it that may include files shared or voice communication. Certainly if a company is using Skype, it would also use the VOIP facility to ensure that the Cost of Communication stays low.
I would still suggest to take a step at a time in this arena to ensure that the Corporate Risk related to Data Privacy and Protection does not get High “Particularly when the Country DOES NOT have a Data Protection and Data Privacy Regime”. When I highlighted that risk in my previous blog, certainly there were few high profile cases of Data leak, but now we have the example of Telephone Tapes in which the conversations were taped in by an enforcement agency authorities to investigate some case, but the tapes went to Public Domain and now to the Apex Court.
I still would be not too happy to hear from the Corporates Adopting Public Domain technologies for handling Corporate Affairs and Exchange Business Critical and/or Business Sensitive information over such channels. Unless, the Govt comes around with a Data Privacy and Protection Regulation to ensure that the information stays where it is supposed to be and is not leaked out in a domain where it may be utilized in a fashion to cause material damage to the Corporate Affairs or so……
The Risk Remains High till such time….