News

Kill IM—or at Least Control It

By Dave Gradijan

May 03, 2007CSO

Give them an expense account, and you know part of that money goes toward buying dinner for their significant others. Get them a company car, and there’s no way that’s not being driven for personal use at least some of the time.

It’s the same with open instant messaging. Simply allowing any employee to install and use open instant messaging means that personal chats are happening—no doubt. But worse, some of those chats will be with strangers, and some of those guys will be passing on malware, phishing, viruses and other kinds of bad bits.

Obvious response: Kill instant messaging. Stop it at the desktop via security and group policies. Stop it at the gateway. Stop it at the firewall. Death to IM. My opinion: This is the best way to go if you can get away with it. If you’re running e-mail and a working phone system in a general office environment, IM is a geek-toy luxury. Simple as that.

But there are plenty of sites that won’t fit into my neat definition of "general office environment." These folks have latched onto IM for quick contact with telecommuters, remote site contact, and of course, insto-presto Web customer service. Now IM is on your menu, like it or not. What to do?

Well, for one, we just described the business case for Microsoft’s Office Communications Server (OCS)/Live Communications Server. It’s not the only sophisticated instant-messaging platform around, but it has all the goodies I want. For one, you can use OCS to manage IM traffic flows, talk to IM clients other than Windows Messenger, and track IM conversations for wrist-slapping or auditing.

But what I really like is that Windows admins who know what they’re doing can use Active Directory and OCS to create what amounts to an IM VLAN. This lets admins allow external IM communication for certain users, but then screen that traffic from the rest of the network. So even if the messaging attracts malware, the bad bits are trapped in virtual limbo. Now that’s sweet.

Using other technologies, you can also encrypt IM traffic, both to and fro. This is recommended if you’re transmitting important data. But while encrypting that traffic would probably work, I can’t think of a less attractive way to transmit "important data." For IM, I’d stick to managing, tracking, scanning and segregating.

But it’s a headache to set up and monitor. If you have a decent-sized Windows-savvy IT staff, then it’s certainly the way I’d go. But if you’re an SMB with limited staff that has a few dozen other things to fill up the working day, then consider dropping the headache into someone else’s lap. Companies such as MessageLabs and Verizon, among others, offer secure, managed instant messaging as a hosted service.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Configuration Assessment: Choosing the Right Solution

Data Protection: Challenges for the Traveling User

Key strategies for C-level executives and security staff

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Digital Identity Protection and Data Security Get Personal

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

The Case for Business Software Assurance ~ Securing Your Applications

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Learn how the new Quad-Core AMD Opteron™ processor improves performance

IS/IT Project Mgt. Credentials From Villanova - 100% Online

Revolutionizing Endpoint Security with a Single Agent

Envision Identity-Based Access Control for the Datacenter

Rolling the dice with your security? Take the Self-Assessment Test now

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

IDC Defines an Identity and Access Management Submarket

Using Likewise to Comply with PCI Data Security Standard

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Solving Online Credit Fraud Using Device Reputation