Making a Place for IM at Work

IM is not an officially sanctioned technology at Bose, in Framingham, Mass., but IT management there recognizes that it is being used to considerable business advantage and is trying to balance the risk with the reward.

“There is significant value to instant messaging—real-time communication, instant response—its a great tool,” said Frank Calabrese, Boses manager of PC strategy and services and an eWeek Corporate Partner. “If I have one person on the phone asking support questions, and I know that a colleague is an expert in that topic, I can instant message him while I have the phone conversation. That is driving the use of IM in the organization—it becomes a second channel of conversation.”

The problem, said Calabrese, is that IM isnt a controlled medium yet. “Its not secure, its very public, and that could be problematic,” he said. “We havent locked it because we see there is a business value to the functionality, but weve made it very known, for example, that people shouldnt necessarily believe the identity of the person IMing them.”

To ensure that users understand the risks and ramifications, Calabrese produced a document that outlines IM policy and procedures.

The policy statement was distributed company-wide on e-mail and posted on the companys intranet site at the beginning of the year. In addition to the warning about user identification, the document recommends that users never pass confidential information via IM, be it corporate or personal data, and reminds users that e-mail appropriateness rules will be enforced in IM environments.

The document also states that if a threat is detected, the plug will be pulled on IM—no warning, no questions asked. So tying business processes to IM is firmly discouraged.

“The basic summary we have put forth is what we believe are the best practices and risks in the use of IM clients,” said Calabrese. “Until we can offer an alternative that does address the legitimate uses, were going to have to rely on people abiding by sound practices.”

Calabrese would eventually like to see a product that combines the convenience and immediacy of IM with the control of e-mail server systems.

“There arent the things in IM that weve built into corporate enterprise e-mail,” Calabrese said. “[With e-mail,] you get a message, you know its me; you send a message, and you know you sent it to me. IM has no audit logs, no message logs, no encryption. There are pieces missing that make it unacceptable as an enterprise product.”

The biggest hurdle to IMs use in the enterprise is standardization, said Calabrese. Until an organization can exchange instant messages with its business partners and not have to worry about what IM platform theyre on, IM will be just an ancillary tool. “I dont have those problems with e-mail today,” Calabrese said. “I dont care what system you use at eWeek: I send you e-mail, you get e-mail. The lack of a common IM protocol is a big issue.”

Executive Editor Debra Donston can be reached at debra_donston@ziffdavis.com.