Executive Summary:
The widespread adoption of instant messaging (IM) technologies in businesses translates to more work for IT pros. But with a good understanding of the risk factors and pain points associated with deploying and managing IM solutions—and a few good products to help with the workload—you can avoid most IM headaches.
|
Keeping tabs on a modern workforce’s diverse communication tools can be a daunting
task. Most enterprises struggle not only with email and voice messaging but also with
managing faxes, e-faxes, and file attachments. And now instant messaging (IM)—and to
a lesser extent, mobile-device texting—is becoming yet another communications medium
for IT pros to manage.
IM can be a powerful productivity tool. A 2004 study by the Radicati Group—a technology
research firm based in Palo Alto, California—suggested that IM use in the enterprise would increase
dramatically from 2004 to 2008, estimating that 45.8 billion instant messages would be exchanged on
a daily basis by 2008. A more recent 2007 IM study from Gartner predicted that “by the end of 2011,
IM will be the de facto tool for voice, video, and text chat, with 95 percent of workers in leading global
organizations using it as their primary interface for real-time communications by 2013.” The Gartner
report continued, “The worldwide market for enterprise IM is forecast to grow from $267 million in
2005 to $688 million in 2010.”
All this growth translates to more work for IT pros. But with a good understanding of the risk factors
and pain points associated with deploying and managing IM solutions—and a few good products to help
with the workload—you can avoid most IM headaches.
Lay the Foundation
As with most complex projects, spending plenty of time in the planning and policy-creation phase can
help you avoid painful migraines and career-crippling cost overruns. “You really need to get a handle on
the human aspect of [your IM environment] first,” says Don Montgomery, vice president of marketing
at Akonix, a provider of email and IM management and security products. “IM can be a productivityenhancing
communications medium, but you need to enact—and enforce—policies that will make the
system work efficiently. Almost every organization has corporate policies with regards to email usage, and
many of those policies are transferable to IM communications.”
Montgomery also suggests that IT pros think carefully about how they plan to integrate IM communications
within their infrastructures. “There are companies that have started implementing IM with the
assumption that they could automatically use existing firewalls and intrustion detection system (IDS)/
intrustion prevention system (IPS) products to secure their IM channel, but that assumption is incorrect,”
says Montgomery. “You might need purpose-specific devices that are created to manage IM in your environment.
You can’t assume that an existing email security solution will also cover your IM channel.”
Finally, Montgomery stresses that you should look at IM holistically, as an important part of a communications
infrastructure that includes email, e-faxes, digital voice, and potentially VoIP and other
technologies. “IM shouldn’t be treated as an island. It should be treated as a vital part of your messaging
infrastructure but should also integrate and coexist efficiently with your existing solutions.”
Howard Lev, Symantec’s group product manager for compliance and security management, agrees that
getting various groups within an organization to think about IM can sometimes be a challenge. “Sometimes
there’s a separation of responsibility that can create problems when it comes to creating an effective IM communications policy,” says Lev. “You have
email people, then security people, and then
the legal team. All these individuals might be
focused on solving tasks in their own areas,
but for a digital communications policy to
be effective, those people need to break out
of their silos, pull the blinders off, and work
together.”
The Four IM Pain Points
Montgomery suggests that IT pros keep
four potential problem areas in mind when
dealing with IM deployment: security, compliance,
confidential-data loss, and inappropriate
usage. You’ll find vulnerabilities in
each of these areas, and you must approach
each with the same level of attention that your
traditional communication channels receive.
Security. One of the biggest challenges
with an IM infrastructure is simply keeping
the channel secure. Although email receives
the lion’s share of spam, viruses, malware,
phishing attempts, and other threats, IM
gets its share. “IM is yet another conduit or
attack vector for hackers to deliver malicious
code [into the enterprise],” says Montgomery.
“Many hackers use social engineering
to increase the odds that their attacks will
be successful.” Attackers can send a user an
instant message that appears as if it’s coming
from a friend, coworker, or other trusted
source, and that message might contain a
spoofed link—what Montgomery refers to as
a “poison URL”—that can download malicious
content to a client PC.
According to Montgomery, the growth of
IM security threats has gone through numerous
stages, similar to how problems emerged
with email. Most initial threats were nuisance
threats, or what Montgomery calls “hacker
glory”—that is, attacks primarily designed
to make the attacker look cool to his or her
peers, essentially the digital equivalent of
subway graffiti. Over time, those attacks have
become more sophisticated and malevolent,
presenting an increasing threat to IT pros.
A number of vendors provide IM security
solutions designed to protect the IM channel
from malicious attacks, including Akonix
(A-series appliances), Barracuda Networks
(Barracuda IM Firewall), FaceTime Communications
(IM Auditor), Sunbelt Software
(Counterspy Enterprise), and Symantec (IM
Manager and Symantec Mail Security). For
a more in-depth list of IM security vendors,
check out the sidebar “IM Security Vendors,” and for another vendor’s unique solution
to IM security, read the sidebar “Maxwell
Smart? Your IM Is Ready.”
Compliance. Most federal and state
laws consider instant messages to be electronic
communications, so IT pros must
ensure that their IM deployments fully
comply with all those laws. Many large
companies need to produce IM messages
in response to legal e-discovery requests,
so the ability to archive and quickly recover
specific messages is a must.
Continued on page 2
Previous
Register
