Article

Instant messaging creates security headaches for enterprises

Keith Regan, Contributing Writer

Instant messaging entered the enterprise and network environment by the back door, creating special challenges for security managers. But the still-wild technology can be corralled.

"IM took a guerilla pathway into the enterprise and onto the network," said Kailash Ambwani, the CEO of Foster City, Calif.-based IM solutions vendor FaceTime. "It's not like it grew in an orderly fashion that was controlled by the IT managers."

While IM is now standard in many industries and trusted, enterprise-quality solutions are readily available, it still brings its own set of challenges.

    Requires Free Membership to View

    Login

For more information

Check out this news exclusive "AIM 'scumware' no buddy of mine".

Or click here for Best Web Links on secure messaging.

What do you think of instant messaging? Is it a major security concern? Let us know. Click here.
In addition to requiring open Web ports, IM can put sensitive corporate information and private data at risk. It also invites a new breed of unwanted commercial messages that seem poised to clog servers just starting to get relief from the spam influx. Ferris Research recently predicted some 4 billion "spim" messages will be sent in 2004.

Though IM-borne viruses have been rare to date, that's likely to change. "It's only a matter of time before hackers realize that their e-mail payloads are being stopped and look for the next route," says Ambwani.

"A logical approach is needed," said Peter Shaw, CEO of San Diego-based IM security provider Akonix Systems Inc. "Every company has to arrive at a conclusion about what approach works best for it."

Just as with e-mail, there are multiple technological solutions to the IM problem, said Eric Johnsen, director of IM products at San Francisco-based firewall provider Zone Labs, which was recently acquired by Check Point Software Technologies. For example, corporations that use IM for sensitive communications can opt for encryption.

But that still leaves internal problems that IM poses, says Shaw, such as those created by the fact that instant messaging tends to be far more casual than e-mail. "People say and do things in IM they wouldn't dream of in an e-mail," he adds. "That creates a host of issues from a human resources and liability standpoint."

To date, providers of IM security and privacy solutions have relied upon regulated industries such as financial services and energy for the bulk of their business. But that's starting to change, says Ambwani. "Companies that have no regulatory oversight are starting to realize that IM is going on within their walls, whether they want it or not and realizing they have to do something about it," he adds.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top