As I have mentioned in the past, controlling and monitoring Skype usage in the enterprise is very difficult. It is Skype's ability to work on any network, regardless of the types of NAT, proxy, firewall, or intrusion prevention systems that have helped make Skype such a popular application. It is this same set of characteristics that has made Skype the bane of many corporate network managers that wish to control what applications run on their network.
FaceTime Communications (www.facetime.com) today announced the release of Vantage, a software solution for the security, management and compliance of real time and unified communications, including Skype. Vantage is the successor to FaceTime's IMAuditor, (note the name change) and it expands the support for UC platforms such as Microsoft Office Communications Server (OCS) and IBM Lotus Sametime and for the first time provides stringent security and compliance controls for Skype in the enterprise.
Most notable among the features integral to Vantage are extensive support for OCS Group Chat, compliance archiving and ethical wall creation for Microsoft Live Meeting and support for Call Admission Control (CAC) to manage resource allocation. Support is also provided for logging IBM Lotus Sametime announcements, file transfer capture, scanning and controls and a host of compliance features including ethical walls, inline disclaimers and data leak prevention.
In addition to controlling who can use Skype, the software also records the Skype instant messages, controls whether file transfers are allowed, and can control when VoIP or video can be used. Importantly, you can even prevent Skype clients from becoming a supernode.
Vantage lets you map Skype buddy names to employees for ease of tracking and reporting. In fact, integration with Microsoft's Active Directory enables you to easily link the Skype buddy names to individual employees. Additionally, you can insert disclaimer message into IM conversations.
In addition to logging the IM messages sent out, you can prevent confidential information from leaking out by scanning IM messages for words or phrases. The software supports regular expressions for powerful filtering capabilities. Relatedly, you can filter URLs sent by employees.
How does it work? Because Skype traffic is encrypted the software uses a desktop plug-in that interacts with Skype allowing it to process all messages. If a user attempts to launch Skype without the Skype add-on, they can be blocked from accessing the Skype network.
The Dashboard provides a nice overview of IM interactions going on in your organization and includes the most active chat employees and flagged transcripts.
Vantage claims to be the first security and management solution to support Skype, including logging and checking of all messages according to company policy, while still allowing Skype traffic to be transmitted and received encrypted as usual. Should an employee use unsanctioned content in a Skype conversation, the text is automatically replaced with a customized phrase. Vantage enables the control of Skype features (chat only, no file transfers, no voice access, etc.) and integrates with Microsoft's Active Directory to link Skype buddy names to individual employees. I asked about Cisco Unified Presence (CUPS) support and they said that they are currently working on it.
As organizations look to extend their collaboration outside of the enterprise network, the Vantage policy framework allows granular policies to be defined between groups of employees and for communications with non-employees through federation and PIC (public IM connectivity). Vantage enables the management of users outside of the organization through either domain-based groups or through the concept of registered non-employees - protecting and restricting communications by employees with unregistered individuals.
New Unified Communications features incorporated in Vantage include:
- Compliance disclaimers, ethical walls, archiving and auditing for Microsoft OCS Group Chat;
- Microsoft Live Meeting archiving and reporting;
- Configurable "Poison Room" policies for ethical wall enforcement in Live Meeting sessions;
- OCS session data recording and reporting;
- OCS Call Admission Control policy management and reporting;
- IBM Lotus Sametime announcements logging and auditing, and;
- Ethical wall, custom disclaimers, file transfer support for IBM Lotus Sametime
Even cooler, their platform can read the SMS messages on a Blackberry (BES) server (.csv format), pull it into their database for reporting and full HIPAA compliance. Thus, their solution also addresses another major communications angle - namely mobile phones - if you use Blackberries in the enterprise. Currently, for SMS support they only support Blackberries since Windows Mobile, iPhone, and other mobile O/Ses don't have a method of sharing or accessing the SMS messages in a reliable fashion that cannot be disabled by the employee. For instance, they told me that they are evaluating an iPhone app that can access the SMS messages and copy them to their platform, but the problem is that an employee can uninstall the app.
Pricing and Availability
Vantage is available immediately through FaceTime's authorized partners from $8,675.