BOSTON -- Fast-growing instant messaging is "ripe for abuse" and represents an emerging security and privacy threat
within enterprises, according to industry experts.
"Uncontrolled IM is ripe for legal problems of all sorts," said Peter Shaw, CEO of San Diego-based IM security provider Akonix Systems Inc. "Because it's so fast and easy, it's ripe for abuse."
"Banning IM until it can be secured is not the answer," said Michael Gerdes, research director at Pittsburgh-based security management firm RedSiren Inc. "IM is just a transport medium. It's the same problem you've always had, just a different technology."
The always-on nature of IM makes security difficult, as does the fact that many corporate users have downloaded various public IM platforms on their own, without their employers' knowledge. Still, a carefully thought-out, blended approach similar to that used for e-mail security, can be effective.
"You need a layered defense," said Eric Johnsen, director of IM products at San Francisco-based firewall provider Zone Labs. "No smart enterprise is using just one tool or technique to secure their e-mail systems, and the same should be true with IM."
To date, much of the attention given to IM has been driven by the privacy regulations and record-keeping rules brought about by the Sarbanes-Oxley Act and other laws.
Attorney and security consultant Henry Carter said the regulatory landscape changes almost every day. He encourages companies, especially those in heavily regulated industries, to consider archiving instant messages. Others said the best solution varies depending on the circumstances at the company.
While compliance is a major driver of sales, it may not be the most important factor in IM security, Johnsen said. Already, hackers seem to be turning their attention toward IM, with several IM viruses already having been detected in the United States. "Companies want to protect their brand," he said. "One ugly security or privacy event can be incredibly damaging."
While policies are important, Shaw says that even non-regulated businesses need IM security and privacy solutions. "The only [way] to combat technology is with technology."