On 20 August 2007, Skype, a provider of Internet-based telephone and text messaging software and services, reported that a worldwide service outage was caused by a large number of restarts following a routine Microsoft Windows software update. For approximately three days, ending 18 August 2007, Skype users were unable to log on to the service. Skype, which is owned by the online auction provider eBay, stated that the outage was not caused by hacking or other malicious activity.

A three-day communications outage will have a significant negative impact on the bottom line of any business, and this outage, and the causes Skype has cited for it, highlight the risks for businesses that depend on what is essentially a consumer-grade service. Microsoft releases PC patches on the second Tuesday of every month, so the reported trigger of the Skype outage — end users rebooting their PCs after installing Windows patches, and the rebooting causing an unusually large number of Skype log-in requests — was entirely predictable. Microsoft actually gives advance notice of the number and severity of the coming patches on the Thursday before the patches are released. Skype had almost a week's notice, but has acknowledged that its core network was not properly tuned to deal with the volume of log-in attempts that were made.

Enterprise services frequently suffer outages, but a three-day outage is highly unusual and enterprise-level services are typically backed up by service-level agreements (SLAs) that provide financial compensation. Basic Skype service is free, and this certainly provides potential cost savings over fee-based services that do provide SLAs. However, enterprises that make the business decision to use free services such as Skype's need to plan for backup capacity and workarounds (for example, wireless telephones, land-line telephones or "softphones" supported by a digital PBX) to, in effect, provide their own SLAs and ensure the availability of business-critical services.

Enterprises using Skype or other consumer-grade software or services:

• Budget for backup services to deal with unexpected and potentially long-term outages.
• Ensure that all required levels of security (such as vulnerability management) can be extended to consumer-grade services to protect critical business and customer data.

• "Q&A: Securing Skype in the Enterprise” — Gartner now considers Skype "safe" for enterprise use, but enterprises must balance its benefits against its risks. By Lawrence Orans, John Pescatore and Geoff Johnson
• "Critical Security Questions to Ask a SaaS Provider” — Software as a service (SaaS) can provide business advantages, but can also bring new security risks. By John Pescatore

(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)