Instant messaging can compromise security

Instant messaging can save time and money, but can also raise concerns about security and compliance. Although businesses can benefit from using IM within their own four walls or even to communicate with business partners, they should look closely at the security provisions of the messaging tools they choose and create proper instant messaging policies for their employees

Robert Pare, portal and workplace sales leader for Markham, Ont.-based IBM Canada Ltd., says there are two main reasons why businesses choose to use instant messaging: cost savings and efficiency.

IM can boost productivity

As one example of savings, he cites an unnamed insurance company that he says has saved hundreds of thousands of dollars in phone costs just by using IBM’s Sametime corporate messaging system to let its employees determine if remote colleagues are at their desks before phoning them.

Another company saw a 20-per-cent productivity increase over two years by giving customer-service help desk staff instant messaging tools so they could get quick answers by sending instant messages to subject-matter experts.

Telus Corp.’s experience is similar, though the Burnaby, B.C.-based telephone company is using Microsoft Corp.’s Live Communication Server and Office Communicator instant messaging client rather than Sametime. Its sales representatives can IM colleagues while on the phone with customers to get fast answers to questions. Nathan Pitka, director of product marketing at Telus, says employee surveys have found 80 per cent think IM helps them communicate more quickly and efficiently.

The instant messaging story isn’t quite that simple, though. Instant messaging can also be a pathway for confidential information to get into the wrong hands and viruses and other malware to find their way onto corporate servers. And if employees don’t understand it clearly, instant messaging may be a legal headache.

Instant messaging tools fall into two broad categories. There are the business IM systems, such as Microsoft Office Communicator, IBM Sametime and several tools from smaller vendors. Then there are the public IM services, such as Microsoft’s MSN Messenger, America Online Inc.’s AOL Instant Messenger and Yahoo Messenger.

Ask Danielle Fournier, Canadian general manager of security and anti-virus software firm McAfee Inc., about using the public IM services, and her advice is simple: Don’t. “The best defense is zero access,” Fournier says.

When employees send messages over these public networks they travel unencrypted over the public Internet, says Tom Slodichak, chief security officer at Burlington, Ont. security firm WhiteHat Inc. Therefore, copies of the messages may remain on the service operators’ servers where the wrong people might get access to them.

Fournier adds that viruses can enter networks on the backs of instant messages from outside. If you are going to let employees use these outside services, she warns, “you better lock down what you can and have as many layers of protection as possible.”

Andrew Weinstein, a spokesman for America Online, says his company doesn’t keep copies of any instant messages, including those sent over its consumer service, but AOL has recently launched AIM Pro, an enterprise version of its AOL Instant Messenger that includes encryption and message-logging capabilities to make it more suitable for business use.

AOL also works with several partners to offer business messaging services aimed at particular sectors, with business-friendly features like encryption and message logging.

Taking Fournier’s and Slodichak’s advice and limiting instant messaging traffic to within the organization will work well enough for some. There are real benefits to be had in communicating with colleagues in distributed organizations. However, for some businesses the real payoff would be in similarly quick communication with suppliers, customers and other associates who aren’t part of the same organization.

To date that hasn’t been easy to do unless those partners happened to use the same internal instant messaging system you did. Paré says it’s fairly simple for two organizations that use Sametime to exchange messages, and IBM can help customers exchange instant messages with partners who use other systems, but relatively few organizations are doing this today. With the rise of open standards such as Session Initiation Protocol (SIP), he predicts, “I believe this is something that will happen massively in the future.”

Given that young people entering the work force today have grown up with instant messaging, that’s probably true of IM in general.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Grant Buckler
Grant Buckler
Freelance journalist specializing in information technology, telecommunications, energy & clean tech. Theatre-lover & trainee hobby farmer.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs