Modernizing Authentication — What It Takes to Transform Secure Access
The availability of secure IM products and services has grown in the past year and appears like to continue to expand through 2003 and beyond. The originally consumer-focused providers themselves have also responded with enterprise-grade secure versions of their services, available for a price.
Secure IM essentially means the ability to monitor, log and control the employee desktop usage of public IM services. It also encompasses private IM messages in which companies can write their own security rules for internal IM traffic, and set up secure gateways for linking to the public IM services.
Another critical requirement for enterprises is to prevent the intrusion of viruses or other malicious code through the public IM as a back door into the corporate network.
Interoperability between secure IM environments is a technical challenge, since each of the consumer services is based on a proprietary protocol, and the Internet Engineering Task Force (IETF) has two standards available for IM. The gateway approach from a secure internal IM network is one way of achieving interoperability.
Companies offering secure internal IM include IBM/Lotus, with the Sametime offering, integrated with Domino. That has proven to be more appealing to enterprises than the Microsoft alternative that requires buy-in to multiple levels of Microsoft products including Active Directory, Exchange 2000 and Windows 2000 on desktops.
According to Burton Group senior analyst James Kobielus, author of the IM report, Microsoft recently announced that it will offer the IETF's Session Initiation Protocol (Sip) for Instant Messaging and Presence Leveraging Extensions (Simple) for IM, as a commodity spinoff not requiring so much other Microsoft product.
"That might help Simple get accepted in the marketplace," and ease the integration challenge over time, he suggests.