Companies that provide instant messaging management products and services include Akonix, Barracuda Networks, CSC, Global Relay, FaceTime Communications, Presensoft, ScanSafe, Smarsh, SurfControl and Symantec.
Typical Reasons that IM Management Systems are Implemented
As instant messaging becomes more prevalent in business, corporations and organizations must apply the same rigor to the use of IM as they have previously done for email. In particular, there are four categories of risk or liability that companies face as a result of their employees' day-to-day use of IM:
- Risk of infection by virus, spyware, or other malware installed surreptitiously over an IM network or in an IM-attached file.
- Risk of employees using IM to communicate trade secrets (proprietary, confidential, or restricted information) to parties outside the organization. This category is often called "data leakage" or "information leakage".
- Risk of employees using IM to harass or threaten other employees. For example, the persistent use of IM by one employee to send messages to another employee that are sexual and/or unwanted in nature may create a hostile environment sexual harassment liability for the employer. A March 2007 survey by Akonix Systems identified that over 30% of employees had been harassed over IM in the workplace.[1]
- Risk of being out of compliance with governmental laws and regulations governing electronic communications. This category typically involves the need to create and manage an archive of instant messages in order to comply with such regulations as the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, electronic discovery, or the Federal Rules of Civil Procedure in the United States, and similar legislation and policy in other countries. Sixty-eight percent of IT managers have archiving and retrieval methods for corporate email. About half that many — 31 percent — store IM communications.[2]
All of these risks exist for organizational entities, regardless of whether their employees are using company-provided instant messaging (e.g. IBM Lotus Sametime or Microsoft Office Live Communications Server) or unsanctioned access to the public IM networks (e.g. AOL Instant Messenger, Google Talk, Windows Live Messenger, or Yahoo! Messenger).
Functions Performed by IM Management Systems
To mitigate risks and satisfy the need to reduce liability and adhere to regulation, companies and government agencies install IM management systems. Examples of leading companies providing IM management products or hosted services include Akonix, Brosix, CSC, FaceTime Communications, Global Relay, ScanSafe, Surfcontrol, and Symantec. All of the leading products and services perform the following functions:
(1) Antivirus scanning of IM attached files, utilizing antivirus software.
(2) Identification of typical "signature" strings in hostile IM messages that use social engineering (security) to fool the recipient into clicking a poison URL, which in turn, downloads malware to the unsuspecting recipient's computer.
(3) Filtering of content within messages, typically scanning for keywords and regular expression phrases (e.g. the phrase "hot stock tip" might trigger a security alert if found in a message sent by an employee at a stock brokerage. Likewise a string of numerals in the format xxx-yy-nnnn, might trigger a block or alert due to the likelihood that it is a Social Security number.) IM managers also typically block the transmission of the seven dirty words.
(4) Archiving of IM chats according to organizational policy. Archiving of IM is typically integrated with email archiving systems that provide for effective storage, retrieval, indexing, and destruction of electronic messages.
The emergence of IM as a legitimate, productivity-enhancing communications medium in business is a relatively recent trend. As a result, IM management systems are only utilized in an estimated 10% to 25% of companies (with some estimates being even grimmer, such as the 2007 study by industry analyst The Burton Group, which found IM policy in only 10% and IM security in only 5% of organizations surveyed[3]), while IM is estimated to be used by employees in 85% to 90% of companies. The gap between the need for protection and the implementation of protection is a significant concern, as over 1300 attacks using IM networks to deliver malware have been identified by security companies and tracked at the IM Security Center as of the middle of 2008.[4]
References
- ^ Akonix Systems, Inc., Survey of 388 random respondents, http://www.akonix.com/press/releases- details.asp?id=130, March 2007
- ^ "The Collaborative Internet: Usage Trends, Employee Attitudes and IT Impacts". FaceTime Communications. October 2008. Retrieved 2009-05-01.
- ^ Kelley, Diana, Burton Group, "Instant Messaging Security: It's Not Just Idle Chatter", June 5, 2007
- ^ The IM Security Center
External links
