|
 |
|
General Information
|
Add To My Personal Library |
July 3, 2009
• Vol.31 Issue 18
Page(s) 34 in print issue
|
Instant Messaging At Work
Many Enterprises Are Discovering IM’s Benefits, But You Must Be Sure It’s Secure
|
| Key Points
• IM has a stepped-up role to play for many enterprises.
• Many vendors make IM software specifically for use within enterprises, and they’re offering ways to log and archive those messages and—most importantly—to secure the network.
• Public and private networks each come with their own pros and cons; private IM networks should be integrated with security software. | | Instant messaging is becoming one of the most popular ways to communicate both within the enterprise and to outside clients. But IM doesn’t come without its own set of security and compliance issues of which IT managers need to be aware.
Many companies—health insurance providers, airlines, and even eBay—now make IM applications available on their Web sites that allow customers to communicate in real time with customer service representatives via instant messaging tools, says Esteban Kolsky, vice president of consulting firm eVergance who has served as a researcher for Gartner.
Consider the healthcare provider or university that can make academic advisers, professors, or nurses available in real time to answer customers’ questions via IM, Kolsky says.
Pharmaceutical companies have implemented IM to communicate with individual doctors’ offices. And some physicians now gather virtually via IM to discuss patient care as they review charts and test results in real time, says Rob Ingram, IBM senior product manager for Lotus Sametime.
“The benefit of IM is the capability to communicate through a different channel—to open a new channel of communication,” Kolsky says.
Small wonder, then, that more and more enterprises are looking to implement IM in one form or another. But in their haste and enthusiasm, many of these enterprises too often overlook the security aspects of IM, says John Scharfglass, president of IT company Compugeeks (www.compugeeks.net).
Though security is of greater concern to large enterprises with large amounts of private data to protect, such as those in the healthcare, education, and government realm, the security issue needs to be top billing for all IT managers, Scharfglass says.
 Public Or Private?
IT managers must first consider whether the enterprise will need a private IM channel generally purchased through a vendor or a public channel such as the chat functions available via email or social network providers, Kolsky says.
Many enterprises will choose the former, Scharfglass says. “The AOL Instant Messengers and Windows Messengers of the world are great for personal use, but in a business environment, they pose huge security risks such as leaked trade secrets and financials, viruses, spyware, and loss of employee productivity,” adds Scharfglass.
Some organizations, however, may need both open and secure networks, Ingram notes. He points to the example of an academic institution that allows students to ask questions of their professors via an open channel that students generally use to chat with friends. The same school would choose a closed, secure channel to send private messages between advisors or administrators, Ingram says.
Other enterprises—notably those that must adhere to the Sarbanes-Oxley Act, FDA rules, or other regulations or legislation—will need to ensure the application they choose for IM will allow those messages to be archived against future audits, Ingram says.
The closed IM applications are offered as a hosted service, but many enterprises choose to run them in-house both for security purposes and to better integrate the application with in-house directories, Ingram says. The applications are then available on users’ desktops and, in many cases, can be integrated within the enterprise’s email program, he adds.
These applications encrypt the messages that flow between users. “They’re not just passing over the Internet where they can be intercepted,” Ingram says.
Security Software
When you’re choosing a private IM vendor, look to one that partners with third-party developers that offer add-on security software. Depending on the developer, that type of software will inspect the IM as it’s being sent and will block messages that violate company policy. Some software can also include legal language outlining company policy within each IM itself, Ingram says.
“Some medical companies may choose to put information that says the sender isn’t liable for medical information contained within the IM,” he says.
These services also automatically archive messages, sometimes necessary for regulatory, legal, or other reasons, he adds. Many let you send file attachments over IM (for instance, the files doctors may mull over as they speak live about patient care).
Generally, enterprises choose the same kinds of security and enforcement policies for IM they already follow for email messages, Ingram says. Perhaps these add-ons’ most important feature is their capability to scan for viruses and prevent spyware, he adds.
One area rife for security breach is the point of interface between an enterprise’s public and private networks. Private IM vendors generally offer their users the capability to link with public IM communities. Enterprises that use IM to speak directly to outside customers or clients welcome this type of public-private interaction, Ingram says.
Remember, however, that although security software can track and capture information leaving the private network at the gateway site, any information that makes it to the public network becomes part of that network.
“So you’re in that area where, if you’re really concerned about security, you really have to think about connecting the two entities,” he says.
Use Inside Companies
Attempts to monitor public IM use inside an enterprise can be difficult, experts say, because of the public nature of the network.
Choose a network that offers encryption. Then put policies in place that discourage employees from using other chat functions—or any chat function at all except for the private network—during working hours, Kolsky says.
The battle against public IM use will likely be a difficult one, however. That’s why it’s up to IT professionals to make sure it’s used safely and responsibly. 
by Jean Thilmany
|
|
