Instant messaging has been around for almost a decade. In that time it has not only become as indispensable as a telephone to teenagers, but it has become an integral part of life for many working adults. Recent research suggests that CSOs would do well to pay attention to how IM is used in their enterprises. Forrester Research estimates that 48 percent of online households in North America use instant message clients. About 14 percent of those surveyed said they use IM at work. In most of those cases, users prefer consumer clients such as those offered by AOL, MSN or Yahoo, which they download to their computers often without approval from the IT department. Forrester says that just 12 percent of those who use IM at work use a client thats officially sanctioned and supported by their companies. In other words, 88 percent of enterprise IM users are using the equivalent of rogue software to communicate with friends, family and, even more troubling, to information security executives, co-workers and business partners. Because of its creep into the enterprise, IM has become a target of regulators. For instance, the SEC has (something missing??) mandated that companies in the financial industry address the usage and retention of IM. Companies that must follow HIPAA and Sarbanes-Oxley guidelines must also make provisions for IM retention and use. In addition to introducing compliance issues, IM clients can expose the enterprise to threats such as worms and viruses. Earlier this month, versions of the Bropia and Kelvir worms attacked users of MSN Messenger. Then there are nuisances, like spim (the IM version of e-mail spam). A recent report by the Pew Internet & American Life Project says that one third (or 17 million) of the 52 million American adults who use IM have received spim. It seems that for every opportunity that IM opens for productivity and collaboration, a potential threat emerges. Tell us what you think. Does IM belong in the enterprise? If so, what are you doing about it?