When it Comes to IM, First Think Security

Download our in-depth report: The Ultimate Guide to IT Security Vendors

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  
As IT administrators increasingly move to adopt enterprise-level instantmessaging software, industry players say their first thought should beabout how to make it secure.

Francis deSouza, CEO of IMlogic, an instant messaging company based inWaltham, Mass., says there are two trends rolling through the IM industrythese days. One is the corporate adoption of a single, enterprise-levelIM package that would replace all of the instant messaging software thatend users have downloaded onto their machines over the years. The secondtrend, deSouza says, is that the skyrocketing threat to instant messagingsoftware has IT administrators thinking about security.

And deSouza, along with other industry observers, says security should betheir first consideration. Actual implementation should be second.

''We're in the midst of a pretty massive enterprise adoption wave forinstant messaging,'' says deSouza. ''IT departments have embraced it andthey're doing some very big rollouts... It's hit the radar in terms ofbeing a main stream valuable business tool. Almost every large companyright now is in the midst of a rollout or are planning a rollout.''

Back in 2001 and 2002, instant messaging was being used in corporations.But IT had nothing to do with it. End users, in love with the real-timecommunication, were downloading various programs and running wild withit. IT administrators simply were left of the loop.

The first concerns came from the business side with managers andexecutives worried about lost productivity -- since most communicationwas about weekend plans and gossiping about the boss. Then managersstarted to become concerned that sensitive information could be shootingout beyond corporate walls.

Now, business and IT managers are in the thick of it.

As it turns out, instant messaging is a hot tool -- not just forgossiping and chit chat. It's actually a legitimate business tool,keeping colleagues in touch with each other, passing information back andforth faster than email can manage, and helping remote workers feel likepart of the team. But just as IM shows its business side, hackers havediscovered it, as well.

''We're seeing more than a 2,700 percent increase over last year ofreported incidents of IM viruses,'' says deSouza. ''It's absolutely lowerthan email [viruses] today, but it's following a very specifictrajectory. We know from our email experience how this plays out and withIM, we're on a very similar path.''

And deSouza says there is a lot to be learned from the way companiesdeployed email years ago. Security wasn't the first concern back then,and it caused problems. We need to learn from that mistake, he adds.

''If you're deploying a messaging structure, you need to deploy securityat the same time,'' says deSouza. ''When you're planning your IM rollout,plan from Day Zero to have a security infrastructure. It also will helpput into place policies around archiving and system management.''

Ken Dunham, a senior engineer at Verisign-iDefense Intelligence based inReston, Va., says any organization rolling out an enterprise-level IMimplementation, or even considering it, need to identify security astheir top priority.

''You can't just implement these things. You need to have a strategicplan and it needs to fit into your larger plan for security,'' saysDunham. ''We're going to see a lot more of these little IM worms pop up.Organizations are getting hit by IM worms every day. They have to havepolicies where they can understand how to deal with them, how to quicklyshut them down and respond to them. If you don't have that in place,you'll need it very soon. It's critical.''

MJ Shoer, president of Jenaly Technology Group Inc., a Portsmouth,N.H.-based outsourced IT firm covering small- to mid-sized businesses inNew England, says he's glad that IT execs are starting to think aboutstandardizing on one IM platform -- and making it a secure one.

''We're not fans of multiple IM clients,'' says Shoer. ''It's just moreexposure. One of the things about IM clients is the real-time connectionout to the public net. You could argue that you're opening up a hole ofsome sort. It's not a huge hole and it's not a major risk, but wediscourage multiple holes. If they have to have instant messaging, we tryto work with them to define one client that they'll only use.''

Submit a Comment

Loading Comments...