Toolbox
Messaging Matters
IM ramps up a company's real-time communication, and offers potential productivity and customer-service benefits. At the same time, IM can carry intellectual property out of the company, and viruses in.
By Thomas Wailgum
June 01, 2004 — Instant messaging—employees love it, but CISOs regard it with ambivalence (at best). IM ramps up a company's real-time communication, and offers potential productivity and customer-service benefits. At the same time, IM can carry intellectual property out of the company, and viruses in.
So what's a well-intentioned security leader to do? The IT department can't simply block the use of IM. Yet giving users free rein to choose among IM products—with their varying levels of application security—bypasses a profusion of easy-to-use, add-on IM security products. Michael Osterman, founder and president of Osterman Research, says roughly 70 percent of companies still rely on consumer-grade products from AOL, MSN and Yahoo rather than software engineered for enterprise use. "In companies that have established a corporate standard, 34 percent have settled on one or more of these products," he says. As for companies that are either forbidding IM use or attempting to curb IM traffic, Osterman's research suggests that's an unsustainable strategy: 45 percent of respondents to an April 2004 survey report that they are unable to block all IM clients, which he says "tend to be very resourceful."
Osterman says that there are three important attributes of IM security: basic encryption, ensuring that messages reach only the intended recipients; archiving, so as to preserve the content of messages (especially important in financial services companies where regulations require retention of electronic discussions); and what Osterman calls name-space control, which involves enforcing a policy on employee IM screen names within a corporate directory.
Here are six examples of companies whose products may help businesses get a grip on IM.
Akonix claims that its L7 Enterprise product aims to bring security, real-time management, reporting and regulatory compliance to the wild world of enterprise IM. The product supports AOL, ICQ, MSN and Yahoo IM clients—with optional connectors for integrating IM traffic from IBM, Microsoft and Reuters. L7 Enterprise offers real-time policy enforcement and management, plus other features such as logging and archiving.
Endeavors Technology
Endeavors' Magi Secure IM product allows its customers to secure all public IM users—regardless of which IM application they're using. Its features include certificate-based authentication (built on technology from RSA Security). Magi Secure works with AOL, MSN and Yahoo clients.
FaceTime Communications
www.facetime.com
At the core of FaceTime's IM suite is IM Director, which provides multinetwork connectivity and security, auditing, routing and management controls. In addition, its applications integrate with existing IT applications including antispam, content scanning and encryption software, among others, in order to protect existing technology investments.
instant messaging
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
