Modernizing Authentication — What It Takes to Transform Secure Access
Francis deSouza, CEO of IMlogic, an instant messaging company based in Waltham, Mass., says there are two trends rolling through the IM industry these days. One is the corporate adoption of a single, enterprise-level IM package that would replace all of the instant messaging software that end users have downloaded onto their machines over the years. The second trend, deSouza says, is that the skyrocketing threat to instant messaging software has IT administrators thinking about security.
And deSouza, along with other industry observers, says security should be their first consideration. Actual implementation should be second.
''We're in the midst of a pretty massive enterprise adoption wave for instant messaging,'' says deSouza. ''IT departments have embraced it and they're doing some very big rollouts... It's hit the radar in terms of being a main stream valuable business tool. Almost every large company right now is in the midst of a rollout or are planning a rollout.''
The first concerns came from the business side with managers and executives worried about lost productivity -- since most communication was about weekend plans and gossiping about the boss. Then managers started to become concerned that sensitive information could be shooting out beyond corporate walls.
Now, business and IT managers are in the thick of it.
As it turns out, instant messaging is a hot tool -- not just for gossiping and chit chat. It's actually a legitimate business tool, keeping colleagues in touch with each other, passing information back and forth faster than email can manage, and helping remote workers feel like part of the team. But just as IM shows its business side, hackers have discovered it, as well.
''We're seeing more than a 2,700 percent increase over last year of reported incidents of IM viruses,'' says deSouza. ''It's absolutely lower than email [viruses] today, but it's following a very specific trajectory. We know from our email experience how this plays out and with IM, we're on a very similar path.''
And deSouza says there is a lot to be learned from the way companies deployed email years ago. Security wasn't the first concern back then, and it caused problems. We need to learn from that mistake, he adds.
''If you're deploying a messaging structure, you need to deploy security at the same time,'' says deSouza. ''When you're planning your IM rollout, plan from Day Zero to have a security infrastructure. It also will help put into place policies around archiving and system management.''
Ken Dunham, a senior engineer at Verisign-iDefense Intelligence based in Reston, Va., says any organization rolling out an enterprise-level IM implementation, or even considering it, need to identify security as their top priority.
''You can't just implement these things. You need to have a strategic plan and it needs to fit into your larger plan for security,'' says Dunham. ''We're going to see a lot more of these little IM worms pop up. Organizations are getting hit by IM worms every day. They have to have policies where they can understand how to deal with them, how to quickly shut them down and respond to them. If you don't have that in place, you'll need it very soon. It's critical.''
MJ Shoer, president of Jenaly Technology Group Inc., a Portsmouth, N.H.-based outsourced IT firm covering small- to mid-sized businesses in New England, says he's glad that IT execs are starting to think about standardizing on one IM platform -- and making it a secure one.
''We're not fans of multiple IM clients,'' says Shoer. ''It's just more exposure. One of the things about IM clients is the real-time connection out to the public net. You could argue that you're opening up a hole of some sort. It's not a huge hole and it's not a major risk, but we discourage multiple holes. If they have to have instant messaging, we try to work with them to define one client that they'll only use.''