Spawned on the public Internet as a tool for informal chats among friends, instant messaging is one of those handy, ingenious ideas that has morphed into an indispensible business application. Like so many technologies fueled by organic, ad hoc adoption, IM has sprouted up like a weed, planted by the individual actions of many employees and without any central planning or strategy. Yet the utility of IM is undeniable, and it has become an important part of the modern virtual office and its online business processes. Fortunately, there are means of taming the weeds of IM chaos, transforming it into an orderly garden of productivity. Several major vendors have developed commercial, enterprise-grade IM software designed to deliver the functionality users expect with the control IT departments require.
For enterprises still weighing the value of IM, there are a number of benefits and pitfalls to consider prior to making a commitment. Should IM emerge as a critical part of your business, there are a number of key features to look for in commercial products. For those not ready to make the commitment to a formal, supported IM solution, there are still ways to allow employees access to external public IM networks while controlling usage and security.
Instant Messaging: The Promise & Pain
Experts cite enhanced security and control as the primary motivation for running an internal instant messaging service with commercial software. “Security is one of the top reasons someone would pay for and install [instant messaging] in their environment and is one of the biggest differentiators with the consumer space,” says Akiba Saeedi, program director of unified communications and collaboration software at IBM Lotus Software (www.ibm
.com).
Security is of concern because instant messages have become an increasingly popular attack vector for all matter of malware, from viruses, worms, and rootkits to so-called spim (spam over IM). IM also raises other security and compliance problems, according to Don Montgomery, vice president of marketing at Akonix (www.akonix.com), because it introduces a new hole for leakage of confidential data and intellectual property and creates alternative communication channels that typically aren’t adequately monitored for regulatory compliance, standards of business conduct, or e-discovery. Just as companies have developed security policies and procedures to handle the mutating threats targeting email and the Web, Montgomery says firms need to adopt similar strategies for IM. According to Jayanth Angl, research analyst at Info-Tech, “The most visible advantages of implementing an enterprise IM solution are centralized administration and security management.”
Saeedi says customers also benefit from increased productivity after deploying an enterprise IM service. “One of the other key reasons [companies are using enterprise IM] is that it can integrate into your enterprise assets, applications, and directories.” She notes that Lotus Sametime is designed with a modular architecture that facilitates add-on functionality and integration with other applications. The extension of the enterprise IM platform to include other real-time communications tasks is termed unified communications, or UC. Common UC features include Web conferencing, desktop sharing, voice calling via integrated VoIP PBXes, and videoconferencing. All of these activities rely upon the IM system’s ability to track a user’s presence and availability.
Choosing The Right Enterprise IM Product
Experts agree that commercial IM products share a core set of management and security features. Angl notes that the major products all have the ability to integrate with corporate directories such as Active Directory or LDAP, using their underlying data and schema to create user accounts or groups and in the definition of usage roles and policies. Another critical IM security feature, according to Montgomery, is the ability to monitor and filter content for malware, inappropriate use, hostile messages, or proprietary information. Similarly, all systems should include the ability to centrally log and audit IM sessions and optionally to archive conversations as part of an overall compliance strategy.
Enterprise IM platforms also include gateways to external networks, allowing companies to create so-called IM “federations” that can span both private networks, such as those from business partners, and the popular public IM systems.
Firms that make the leap and consider IM to be a critical business service are faced with a number of deployment options. According to Angl, the big three enterprise IM products are Jabber XCP (Extensible Communications Platform; www.jabbe.com), Lotus Sametime, and Microsoft OCS (Office Communications Server; www.microsoft.com). All three are mature offerings that have built upon their text messaging origins by incorporating real-time communications features; however, as Angl cautions, these added capabilities, such as mobile device support and Web conferencing, can significantly increase the licensing cost, which typically starts at $20 to $30 per seat.
As with so many other applications, IM and UC are also available as hosted SaaS offerings. Angl notes that hosted IM is attracting some major vendors, namely Cisco’s WebEx AIM Pro Business Edition, while Montgomery adds that Akonix also provides security features to a number of IM hosting firms. According to Saeedi, adoption of hosted solutions entails a trade-off between the convenience and low acquisition costs of a service vs. the increased control and security of an in-house solution.
Angl says that many businesses may find the real-time communications and presence information of an IM service useful but not be able to justify the expense of an enterprise solution. In this case, he and Montgomery agree that companies still need to implement security measures such as a filtering appliance before allowing connections to public IM networks. Unlike email, where there is some latency in the attack sequence, Montgomery says, "instant messages can lead to instant infection.”
Benefits For The SME
Instant messaging can dramatically change the ways in which a company does business; for example, Saeedi finds that “one of the biggest use cases is virtual workforce enablement.” She feels that IM is a core communications capability for the distributed enterprise, noting that IBM employees send more than 5 million IMs every day that the company estimates save $17 million a year in phone charges. Yet, as Angl observes, “If IM’s entry into the environment was entirely employee-driven, important business considerations might have been overlooked.” Companies looking to amp up their real-time communications capabilities can choose from a wealth of industrial-strength, enterprise-ready IM and UC tools that provide features, control, and security significantly beyond what’s available on public, consumer-oriented IM networks.
by Kurt Marko
IM Strategy Recommendations
Jayanth Angl, research analyst at Info-Tech, recommends that enterprises make active efforts to understand their current instant messaging usage, the risks that uncontrolled IM use poses, and the potential benefits of IM to their businesses. A policy of benign neglect toward unplanned, bottoms-up adoption of IM is not tenable in today’s security and regulatory environment.
Examine current IM usage. Investigate whether external IM is currently being used in the organization, including which services, by whom, and for what purpose.
Determine current IM risks or gaps. Essentially, for the same reasons that enterprises do not rely on consumer email services, they should not rely on consumer IM.
Identify IM opportunities. Beyond real-time chat capabilities, the basic ability to view colleague presence and availability from within an IM client is valuable in a distributed team environment, helping to avoid “phone tag” issues.
Explore enterprise IM and UC solutions. Where requirements dictate, most enterprise IM solutions also offer the ability to interface with public IM networks, using standards-based specifications.
Investigate alternatives to securing IM. Where an enterprise IM solution is not justified, several solutions are available that can provide secure filtering and message archiving capabilities for external IM.
SOURCE: “IS IT TIME FOR AN ENTERPRISE IM SOLUTION?” JAYANTH ANGL, INFO-TECH RESEARCH, MARCH 2008
[Processor]
A new Web-based, cross-platform, instant messaging (IM) application that enables users to send self-destructing or regular IMs across AOL’s AIM, Yahoo’s Messenger, MSN’s Messenger and Google’s Gtalk has been introduced by BigString Corporation. The free Web application incorporates BigString’s patent-pending IM technology that allows a user to send IMs which self-destruct without being copied, logged or screen-printed by the recipient.
MWEB has launched a single tool to connect friends
A local security software maker has issued a warning about malicious code attacks over instant messaging networks.
After stating that it is no longer entertaining overtures from Microsoft, Yahoo revealed that it’s partnering with Google. Google said that it has signed a nonexclusive deal to display its AdSense for Search and AdSense for Content ads on Yahoo’s US and Canadian Web properties. The deal also includes a commitment to make the two companies’ instant messaging (IM) networks interoperable.
Microsoft has insisted that Nielsen figures on the decline of Instant Messaging "no more signal the end of IM than they do the end of email".
In a combination of domain typosquatting next to spoofed image files, malware authors managed to successfully impersonate ImageShack, the 5th largest image hosting Web site on the Internet, the result of which is a malware campaign circulating over MSN, enticing users into infecting themselves by clicking on the spammed links to fake image files. This currently active instant message (IM) malware campaign is yet another indication that the ‘don’t click on executable files’ security tip is on the verge of irrelevance. 
Rapid advance in technology and a growing acceptance of unified communications – linking telephony, email, IM – are revolutionizing business communications, according to Frost & Sullivan. The analyst reports that recent trends indicate rapid adoption of fixed / mobile convergence, ‘presence’ management, as well as Internet telephony, underpinned by integrating technologies on a session initiation protocol platform.
Posts
