The Hows and Whys of Enterprise IM

eWEEK Labs answers questions about instant messaging.

Following are eWEEK Labs answers to questions posed by attendees of the Oct. 29 eSeminar, "Instant messaging: Extending your platform." For more information on Ziff Davis Media Inc. eSeminars, go to

Why would I implement this whole new technology when e-mail can do all that IM can?

Instant messaging works well for situations when a delayed answer is, effectively, no answer. It combines the immediacy of the telephone with the auditability of e-mail, as well as the data-type diversity of any digital platform.

If treated as just another kind of e-mail, IM can be as intrusive as the telephone while being just as wasteful of storage and other resources as e-mail is becoming; if viewed in the context of new business processes that it can enable, IM has far more strategic potential.

Are there IM solutions that can be integrated with enterprise applications such as workflow apps? How do you see that growing in the future?

The integration of IM technology with other resources, such as the IM interrogation of databases or other real-time data feeds, is perhaps the most important opportunity that enterprise IM can create.

The high-level communication framework that Microsoft [Corp.] code-named Indigo, part of the "Longhorn" portfolio, looked like the most important enabler yet seen for development of new applications of this kind when it was shown at Microsofts Professional Developers Conference in Los Angeles at the end of October.

At the back end, though, Indigo produces and consumes "plain vanilla" Web services protocols, and developers should be accelerating their uptake and advancing their skills in this direction no matter what platforms they choose to use at their end points.

With respect to 128-bit encryption, can bandwidth consumption be an issue, requiring higher technologies with respect to bandwidth?

Encryption, authentication and other security measures bring with them both processing workloads and bandwidth overheads. Whats important is not to think of these measures in terms of "strong" or "weak" but in terms of the lifetime of the value of the data thats being protected.

If information is only valuable to an attacker if its intercepted while still fresh, perhaps within minutes of a transaction or a confidential communication, then it doesnt take much protection to vitiate that value and send the attacker looking for more accessible targets. If information needs to be kept confidential for months, or even years, then strong encryption and even high-level physical security of offline media—with rigorous data storage pruning—are necessary costs.

Since HIPAA [Health Insurance Portability and Accountability Act] requires encryption of data, wouldnt content filtering of that same data be in direct violation of HIPAA itself?

Its classically the problem that when legislation dictates the application of technology, it exposes the lack of technical knowledge on the part of legislators and those who write the laws that they pass. Case law, inevitably and expensively, winds up answering the questions that arise when a law appears to impose mutually exclusive demands.