Blended approach urged for emerging IM threats

By Keith Regan, Contributing Writer 04 Mar 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

BOSTON -- Fast-growing instant messaging is "ripe for abuse" and represents an emerging security and privacy threat within enterprises, according to industry experts.

"Uncontrolled IM is ripe for legal problems of all sorts," said Peter Shaw, CEO of San Diego-based IM security provider Akonix Systems Inc. "Because it's so fast and easy, it's ripe for abuse."

FOR MORE INFORMATION Check out this news exclusive "AIM 'scumware' no buddy of mine" Or click here for Best Web Links on secure messaging

Shaw, and others at this week's Jupiter Research's Instant Messaging Planet Conference & Expo, said that companies have to figure out how they want their employees to use IM before they can begin to determine the best security and privacy solutions.

"Banning IM until it can be secured is not the answer," said Michael Gerdes, research director at Pittsburgh-based security management firm RedSiren Inc. "IM is just a transport medium. It's the same problem you've always had, just a different technology."

The always-on nature of IM makes security difficult, as does the fact that many corporate users have downloaded various public IM platforms on their own, without their employers' knowledge. Still, a carefully thought-out, blended approach similar to that used for e-mail security, can be effective.

"You need a layered defense," said Eric Johnsen, director of IM products at San Francisco-based firewall provider Zone Labs. "No smart enterprise is using just one tool or technique to secure their e-mail systems, and the same should be true with IM."

To date, much of the attention given to IM has been driven by the privacy regulations and record-keeping rules brought about by the Sarbanes-Oxley Act and other laws.

Attorney and security consultant Henry Carter said the regulatory landscape changes almost every day. He encourages companies, especially those in heavily regulated industries, to consider archiving instant messages. Others said the best solution varies depending on the circumstances at the company.

While compliance is a major driver of sales, it may not be the most important factor in IM security, Johnsen said. Already, hackers seem to be turning their attention toward IM, with several IM viruses already having been detected in the United States. "Companies want to protect their brand," he said. "One ugly security or privacy event can be incredibly damaging."

While policies are important, Shaw says that even non-regulated businesses need IM security and privacy solutions. "The only [way] to combat technology is with technology."

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary