IM Secure: Instant Messaging Security
AOL, MSN and Yahoo messaging programs may expose sensitive data
By Paul Roberts
November 08, 2002 — CSO — AOL's Instant Messenger, Microsoft's MSN Messenger and Yahoo's Messenger have long been popular among home users and have now made their way onto many business PCs. However, they may expose sensitive data or open a new door for hackers to get into corporate networks.
Outsiders can monitor messages that employees send over the public IM networks because the IM servers that employees connect to often lie outside a company's network. In addition, viruses
Nearly half of the 506 million IM users expected online by 2006 will be business users, according to IDC (a sister company of CSO's publisher), which expects the IM market to boom from $72 million in 2001 to $781 million in 2006.
To protect themselves, companies must gain control over unauthorized use of public IM networks, according to Yankee Group Program Manager Paul Ritter. Companies can secure their IM traffic by bringing IM infrastructure in-house through proprietary products like IBM's Lotus Sametime, Microsoft's Exchange or Communicator's Hub IM, he says. The Goldman Sachs Group, J.P. Morgan Chase, Merrill Lynch, Salomon Smith Barney Holdings and Sanford C. Bernstein & Co. are deploying Communicator Hub IM to their employees and offering it to their customers. The product allows user authentication and secure messaging.
Ritter expects to see consolidation among IM vendors during the next 12 to 18 months and prices for enterprise IM products to drop 30 percent.
Read more about data protection in CSOonline's Data Protection section.
Other stories by Paul Roberts
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
- Howard Schmidt went the distance
With Howard Schmidt leaving the White House at the end of the month, the critiquing of his tenure is in full swing -- as it should be. There are still plenty of loose ends dangling in D.C., most notably Congress' inability to craft legislation that strikes the right balance between security and privacy. - #FFSec: Security pros to follow on Twitter, May 18
- DHS cybersecurity official leaves more questions than answers
More Salted Hash with Bill Brenner
