The Hows and Whys of Enterprise IM

By eweek  |  Posted 2003-11-10

The Hows and Whys of Enterprise IM

Following are eWEEK Labs answers to questions posed by attendees of the Oct. 29 eSeminar, "Instant messaging: Extending your platform." For more information on Ziff Davis Media Inc. eSeminars, go to

Why would I implement this whole new technology when e-mail can do all that IM can?

Instant messaging works well for situations when a delayed answer is, effectively, no answer. It combines the immediacy of the telephone with the auditability of e-mail, as well as the data-type diversity of any digital platform.

If treated as just another kind of e-mail, IM can be as intrusive as the telephone while being just as wasteful of storage and other resources as e-mail is becoming; if viewed in the context of new business processes that it can enable, IM has far more strategic potential.

Are there IM solutions that can be integrated with enterprise applications such as workflow apps? How do you see that growing in the future?

The integration of IM technology with other resources, such as the IM interrogation of databases or other real-time data feeds, is perhaps the most important opportunity that enterprise IM can create.

The high-level communication framework that Microsoft [Corp.] code-named Indigo, part of the "Longhorn" portfolio, looked like the most important enabler yet seen for development of new applications of this kind when it was shown at Microsofts Professional Developers Conference in Los Angeles at the end of October.

At the back end, though, Indigo produces and consumes "plain vanilla" Web services protocols, and developers should be accelerating their uptake and advancing their skills in this direction no matter what platforms they choose to use at their end points.

With respect to 128-bit encryption, can bandwidth consumption be an issue, requiring higher technologies with respect to bandwidth?

Encryption, authentication and other security measures bring with them both processing workloads and bandwidth overheads. Whats important is not to think of these measures in terms of "strong" or "weak" but in terms of the lifetime of the value of the data thats being protected.

If information is only valuable to an attacker if its intercepted while still fresh, perhaps within minutes of a transaction or a confidential communication, then it doesnt take much protection to vitiate that value and send the attacker looking for more accessible targets. If information needs to be kept confidential for months, or even years, then strong encryption and even high-level physical security of offline media—with rigorous data storage pruning—are necessary costs.

Since HIPAA [Health Insurance Portability and Accountability Act] requires encryption of data, wouldnt content filtering of that same data be in direct violation of HIPAA itself?

Its classically the problem that when legislation dictates the application of technology, it exposes the lack of technical knowledge on the part of legislators and those who write the laws that they pass. Case law, inevitably and expensively, winds up answering the questions that arise when a law appears to impose mutually exclusive demands.


Regulatory and statutory compliance was the lowest-ranked enterprise IM problem among participants in this eSeminar, but that may be a flawed perception. The intention of many participants to establish a multidisciplinary IM task force is the correct response, reducing the chance of being blindsided by a collision between rapidly changing technology and rapidly changing laws and expectations.

With the lead that proprietary IM has, wont open-source alternatives have a hard time breaking into the enterprise?

Thats one way of looking at the situation. Another is that open source represents the community consensus on core interoperability guarantees and that the "lead" of proprietary IM offerings is leading in the direction of more features, but at higher cost and with less choice.

Open frameworks, against which enterprises and solution providers can build strategic custom applications, are probably more important to getting enterprise advantage from IM than the packaged feature sets of any off-the-shelf offering—no matter how rich that package might be.

We need both intranet and extranet IM capabilities. What kind of a solution is the best to deploy? We want to be able to manage the operation; were not looking for an application service provider.

Youll need an IM server and some development expertise to presence-enable the intranet and extranet. The IM platforms from IBM and Microsoft both allow you to do what you want; its just a matter of which tools you use.

We have MSN. Can different platforms IM each other?

The three main consumer services dont connect to one another, but gateways allow companies running an IM platform to connect with the three services.

I want to have people working on an instant messaging network, but not waste their time with instant messaging outside. How do I do this?

You can use an IM management application with a proxy server to block access to external networks.

Are there still issues with security, and, if so, what is being done to secure IM?

The enterprise IM platforms and the enterprise-oriented services all provide encryption on traffic. You will need to think about anti-virus and spam-filtering technology at the gateway.

If we use an externally hosted IM service, how do we know that the IM content is secured against eavesdropping? Point-to-point encryption only protects the messages while in transit.

Every enterprise IM provider will tell you that your content is fully protected. Every enterprise IT administrator needs to be prepared to discuss, with those who pay the bills, the spectrum of security solutions that ranges all the way up to completely internal operations—with line-by-line verification of every piece of code. As in other key supplier relationships, its usually more cost-effective to write clear and enforceable contracts than to seek to substitute technology for trust.

Rocket Fuel