How to Secure and Manage Enterprise IM

Jack Gold, president of J. Gold Associates, estimates that over 80 percent of enterprises currently have users employing instant messaging through user-installed applications. As a result, most companies have no clue as to who is using what, or what kind of message traffic is taking place.  

Publicly available free IM services (like AOL / AIM , Yahoo, MSN, Google and Skype), which currently are widely used in many large companies, will begin to be blocked from corporate networks and systems as corporate-friendly alternatives come online, and as companies realize they must deal with security and compliance issues. Managed and secure enterprise-grade IM systems implemented behind the firewall will replace the use of public IM systems in 65 percent to 75 percent of enterprises by 2010, although many will offer users secured connectivity to public IM systems.

Many companies have an unrealized problem with the exploding numbers of user-deployed IM clients, and failure to deal with the unauthorized IM clients can lead to potential disaster. That disaster will present itself in the form of escaping confidential information, malicious activities (for example, spam, viruses or malware) and possible non-compliance with industry regulations. Companies must closely examine and regulate what their users have deployed, and to take any needed corrective actions through the use of enterprise-class, industrial quality, secure and manageable IM systems (such as Microsoft Office Live Communications Server, Lotus Sametime and Jabber).

While user access to public IM systems is desirable (just as Internet access is), companies should enforce how such access takes place through protected clients and access gateways. Companies should act now to bring some control into this environment for both the safety of their most important asset-information-and the safety of the user's devices that might be attacked and compromised. Below are several key areas companies must address.

The need for management

An unmanaged IM system is a disaster waiting to happen. Data leakage, malware and other risks are a common occurrence on IM systems. The ability to manage users (through directory information, policies, limiting types of data shared or logging of contacts, for example) is a critical requirement in nearly all companies, but especially those that have to meet specific industry regulations, for example in financial services, medical, life sciences or retail. The ability to set and enforce policies for all users is a key component of any enterprise-class IM system.