[Infowarrior] - Security Fears Prod Many Firms To Limit Staff Use of Web Services

[Richard Forno]

Security Fears Prod Many Firms To Limit Staff Use of Web Services
By SHAWN YOUNG
March 30, 2006; Page A1

Companies are clamping down on employees' workplace use of the expanding
range of free Internet services, such as instant messaging and video
downloading, to protect themselves from viruses, communications traffic jams
and regulatory missteps.

General Electric Co. has barred outside instant-messaging and file-sharing
programs, as well as access to personal online email accounts like those
offered by Yahoo Inc. Telecom company Global Crossing Ltd. also blocks
outside instant messaging and online email accounts. J.P. Morgan Chase & Co.
is one of many banks that blocks Internet services it can't track or
monitor, including outside instant-messaging, phone and email programs.

Another big bank, ABN Amro Holdings NV of the Netherlands, also bans many
consumer-communications technologies, including Skype, the Internet phone
service owned by eBay Inc. (See related article1.) "I'm not allowing Skype
because I don't know what it does," says Bill Rocholl, global head of
strategy and engineering for ABN Amro's telecommunications and network
services.

Mr. Rocholl says that in making such decisions he weighs whether the
resources he needs to study and disarm any potential risks from Skype or
other free services would outweigh the time or money that might be saved by
using them.

The corporate crackdown underscores an emerging challenge for the Web. As
the spread of broadband technology makes it possible for millions of
Americans to watch TV on the Web or make cheap phone calls, companies,
government agencies and universities are concerned about the possible side
effects -- including the threat of a worm or other bit of malicious code
sneaking into their computer systems.

Some companies worry the new services will overwhelm their networks with
unwanted traffic. Others are primarily concerned about security or their
ability to track workplace communications, especially in industries like
financial services, where regular monitoring is required by regulators.
Instant messages from the outside, for example, often aren't logged and
archived the way email is, creating a potential backdoor for illicit
communications or breaches of client privacy.

Skype and other service providers say such concerns are overblown. They say
their products are in many cases safer than email attachments, a common
source of viruses that businesses nonetheless consider indispensable tools.
They also say the popularity of their services in part reflects their
success in weeding out spam, viruses and other nuisances.

Still, many companies are proceeding cautiously. Global Crossing says it cut
off its employees' access to outside instant-messaging services earlier this
year after detecting a worm. It now has an internal instant-messaging system
from Microsoft Corp., but that system can't be used to reach people outside
the company.

Global Crossing started blocking its employees' access to personal email
accounts on sites like Yahoo and Time Warner Inc.'s America Online in 2003
after a virus used them to slip in.

"I used to think nothing of checking my Yahoo mail several times a day,"
says Global Crossing Chief Marketing Officer Anthony Christie. Now that he
can't, his long workday makes it hard to avoid using his work email account
for personal messages, he says.

At Britain's Cambridge University, some colleges and departments ban Skype,
fearing their data networks could become giant hubs for Skype transmissions
from all over Europe. Most companies have stringent safeguards to block
outside users from tapping into their internal networks, but many
universities fear their more open systems could attract excessive traffic.

Skype and some of the other services that worry private network managers
employ a decentralized technology known as peer-to-peer networking, in which
users connect directly with one another to swap conversation or data,
instead of linking to a central computer. Skype's system relies in part on
computers known as supernodes that help direct traffic. Since ordinary
users' machines can function as supernodes, some universities fear they will
become supernodes and be flooded.

"We have had some occasions where the amount of traffic has been noticeable
and has caused some problem," says Chris Cheney, head of the network
division at Cambridge's Computing Service. Other universities, including
Oxford and the University of Minnesota, have policies requiring Skype users
to take steps in setting up their service that would prevent them from
becoming way stations for other callers.

Kurt Sauer, Skype's chief of security, says that the belief that Skype could
flood a network is based on a misunderstanding of how the technology works.
In fact, he says, the computers that act as supernodes in Skype's system
function as directories that indicate which users are online; they don't
actually transmit calls.

The resistance to free Internet-based services comes as some
commercial-network operators in Canada, China and elsewhere are moving to
exclude certain online programs or limit the toll they take on network
capacity. More than a year ago, for example, Canada's Rogers Communications
Inc. and Shaw Communications Inc. assigned a lower priority to traffic
generated by video-swapping programs BitTorrent and eDonkey; both services
are heavy users of bandwidth, or transmission capacity.

Some Internet users fear such moves could set a precedent for phone and
cable companies, which own the pipelines that give most consumers access to
the Internet, to take a more aggressive stance toward phone and video
services they view as potential rivals, by blocking their access to the
network or charging them higher fees.

About 56% of the nation's households have high-speed Internet connections,
according to research firm TNS Telecoms, making it feasible for them to use
Skype and other Internet services. Many of those users don't hesitate to use
the same services at work. In a recent international poll of 300 workers,
British Internet-security company SmoothWall Ltd. found that 23% used Skype
at work and 41% used instant messaging. More than 60% tapped into outside
personal email accounts. Fewer than 54% knew if their companies had policies
forbidding such activity.

"You now have umpteen ways of breaching security or violating corporate
policy," says Shailesh Shukla, vice president of marketing and partnerships
at Juniper Networks Inc., whose company allows him to use instant messaging
regularly to communicate with colleagues. Mr. Shukla says that the modern,
always-connected mobile workplace makes it increasingly hard to define and
police the boundaries of private networks.

Adding to the policing problem is the subtlety of some new technology. For
example, the same encryption that keeps Skype conversations private makes it
hard to distinguish Skype transmissions from other data moving in and out of
networks. That makes it tough to block Skype with a firewall, says Brian
NeSmith, chief executive of Blue Coat Systems Inc., a Sunnyvale, Calif.,
company that recently introduced a Skype-blocking system for corporate use.

Michael Jackson, Skype's vice president of operations, says that many
technologies that are now crucial business tools were once greeted with fear
and suspicion. "Many organizations were initially scared of the Internet and
email," he said. "Now there's hardly a workplace on the planet that doesn't
have an Internet connection."

Corporate attitudes toward the new services may be starting to make a
similar shift, especially among high-tech companies. Sonus Networks Inc., a
telecom-equipment maker based in Chelmsford, Mass., allows outside instant
messaging and doesn't block access to Skype. "It's a productivity tool,"
says Chief Executive Hassan Ahmed, adding that Sonus is now able to archive
instant message communications as effectively as it does email.

Write to Shawn Young at shawn.young at wsj.com2
      URL for this article:
http://online.wsj.com/article/SB114369288512912073.html