How to Secure and Manage Enterprise IM - Page 2
Meeting compliance regulations (audit/logging)
Nearly all company data is discoverable through legal actions and for specific compliance requirements (for the Health Insurance Portability and Accountability Act, for example). Therefore, all communications, whether via e-mail or IM, must be logged and recorded, and archived for a specified period of time. Enterprise-class IM systems designed for such compliance must be utilized if companies are to meet the many general governing regulations or regulations specific to their market niche.
Malware is increasingly becoming a staple of public IM systems. Control of IM access to public systems is desirable and enterprise-class IM systems offer tools to help with limiting access and blocking messages, and may incorporate an ability to add filtering and blocking technology or both from third party providers.
Policy driven enforcement is a prerequisite for nearly all company systems, and IM should be no exception. Further, user education as to the proper use of IM and the consequences of disregarding company policy should be implemented as a way to improve and accelerate security and data protection mechanisms.
Meeting user wants versus corporate needs
It is quite common for users to demand capabilities, sometimes without regard for how it might affect the enterprise. Any such requests, particularly from the executive ranks, must be carefully evaluated based on need and level of risk. Companies may allow, but must exert control over such use, by deploying enterprise-class clients and services that offer connectivity to public IM systems, but in a controlled fashion.Jack Gold is President and founder of J. Gold Associates. He has over 35 years in the computer and electronics industries, and he is a leading authority on mobile, wireless, computing infrastructure and enterprise application strategies. He is a highly regarded expert on computer hardware, software and architecture. He can be reached at email@example.com.