Friday, March 29, 2024

When it Comes to IM, First Think Security

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

As IT administrators increasingly move to adopt enterprise-level instant

messaging software, industry players say their first thought should be

about how to make it secure.

Francis deSouza, CEO of IMlogic, an instant messaging company based in

Waltham, Mass., says there are two trends rolling through the IM industry

these days. One is the corporate adoption of a single, enterprise-level

IM package that would replace all of the instant messaging software that

end users have downloaded onto their machines over the years. The second

trend, deSouza says, is that the skyrocketing threat to instant messaging

software has IT administrators thinking about security.

And deSouza, along with other industry observers, says security should be

their first consideration. Actual implementation should be second.

”We’re in the midst of a pretty massive enterprise adoption wave for

instant messaging,” says deSouza. ”IT departments have embraced it and

they’re doing some very big rollouts… It’s hit the radar in terms of

being a main stream valuable business tool. Almost every large company

right now is in the midst of a rollout or are planning a rollout.”

Back in 2001 and 2002, instant messaging was being used in corporations.

But IT had nothing to do with it. End users, in love with the real-time

communication, were downloading various programs and running wild with

it. IT administrators simply were left of the loop.

The first concerns came from the business side with managers and

executives worried about lost productivity — since most communication

was about weekend plans and gossiping about the boss. Then managers

started to become concerned that sensitive information could be shooting

out beyond corporate walls.

Now, business and IT managers are in the thick of it.

As it turns out, instant messaging is a hot tool — not just for

gossiping and chit chat. It’s actually a legitimate business tool,

keeping colleagues in touch with each other, passing information back and

forth faster than email can manage, and helping remote workers feel like

part of the team. But just as IM shows its business side, hackers have

discovered it, as well.

”We’re seeing more than a 2,700 percent increase over last year of

reported incidents of IM viruses,” says deSouza. ”It’s absolutely lower

than email [viruses] today, but it’s following a very specific

trajectory. We know from our email experience how this plays out and with

IM, we’re on a very similar path.”

And deSouza says there is a lot to be learned from the way companies

deployed email years ago. Security wasn’t the first concern back then,

and it caused problems. We need to learn from that mistake, he adds.

”If you’re deploying a messaging structure, you need to deploy security

at the same time,” says deSouza. ”When you’re planning your IM rollout,

plan from Day Zero to have a security infrastructure. It also will help

put into place policies around archiving and system management.”

Ken Dunham, a senior engineer at Verisign-iDefense Intelligence based in

Reston, Va., says any organization rolling out an enterprise-level IM

implementation, or even considering it, need to identify security as

their top priority.

”You can’t just implement these things. You need to have a strategic

plan and it needs to fit into your larger plan for security,” says

Dunham. ”We’re going to see a lot more of these little IM worms pop up.

Organizations are getting hit by IM worms every day. They have to have

policies where they can understand how to deal with them, how to quickly

shut them down and respond to them. If you don’t have that in place,

you’ll need it very soon. It’s critical.”

MJ Shoer, president of Jenaly Technology Group Inc., a Portsmouth,

N.H.-based outsourced IT firm covering small- to mid-sized businesses in

New England, says he’s glad that IT execs are starting to think about

standardizing on one IM platform — and making it a secure one.

”We’re not fans of multiple IM clients,” says Shoer. ”It’s just more

exposure. One of the things about IM clients is the real-time connection

out to the public net. You could argue that you’re opening up a hole of

some sort. It’s not a huge hole and it’s not a major risk, but we

discourage multiple holes. If they have to have instant messaging, we try

to work with them to define one client that they’ll only use.”

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles