By 2007, it will be considered strange if a company is not using
some form of instant messaging (IM) technology.
That's a far cry from a few years back, when IM was still
somewhat mysterious and many enterprises did not allow its use for
fear of plummeting productivity and information leaks. But as 2006
marks the year IM breaks into the workplace, network managers have
new security concerns, such as worms, viruses and leaks of
sensitive information. Many products are now on the market,
however, that curb IM-related threats, allowing network managers
and operators to quell IM hassles before they start.
 | | | | | "It's not just worms and viruses
anymore, it's spyware, rootkits and keyloggers getting in through
public IM."
Frank Cabri
Marketing Vice
President FaceTime
Communications |
| | | | | |
| |
|
According to Nemertes Research principal analyst and program
director Irwin Lazar, a recent study found that between 2005 and
2006, IM use in the enterprise has "exploded."
In a 2005 survey, Nemertes found that 76% of medium and large
companies use some form of IM. Gartner Inc., in a similar study,
found that 65% of employees use IM in the workplace. Gartner also
suggests that public IM usage in the enterprise will be ubiquitous
by 2008.
"This number will clearly rise as the IM-savvy next generation
enters the workforce," Gartner analyst Peter Firstbrook wrote in a
report. "IM is recognized as a fast way to get co-workers'
attention, rapidly resolve issues/questions, and save
telecommunications costs. However, uncontrolled IM usage, as with
uncontrolled email, is a recipe for disaster for
organizations."
But Firstbrook's report cautions that IM, like email, is
becoming a channel for viruses and other malicious software. IM
lacks encryption for sensitive information and bypasses corporate
email-oriented content inspection filters. Also, the lack of a
permanent record of communications is a compliance risk and
productivity hazard.
And a large number of enterprise IM users are still relying on
public IM applications such as AIM, MSN, Google and Yahoo, instead
of using enterprise-class IM such as Jabber, Microsoft's Live
Communication Server, or IBM's Sometime.
Lazar said using public IM can be a security threat. It can
introduce worms, viruses and other malware into the network. On the
other side of the coin, IT has very little control over public IM
usage, meaning it is highly probable that an end user could send
out sensitive data or corporate information via an IM session and
never be caught.
"That's been a real fear because there's no control over the
application," he said. "You don't know what [users] are
sending."
Michael Osterman, president of Black Diamond, Wash.-based
Osterman Research, said that between 2004 and 2005 the number of
viruses, worms and other malware associated with IM grew between
1,600% and 2,200%.
The spreading of a worm or virus is a major concern, but
Osterman contends that IT managers should not be so worried about
what's coming in as about what's going out. He said consumer IM
clients aren't encrypted and sessions are not conducted behind a
firewall. There is no auditing or logging, and public IM lacks
"name space control," meaning that when someone leaves a company,
he can retain his IM name, giving the appearance that he's still
associated with that company.
Osterman said that many IT managers understand IM-related
issues, but securing IM is not a top priority just yet.
"IM today is where email was around 1995," he said. "A lot of IT
departments haven't flagged it as a concern. If you don't control
IM use … there's a potential for loss of IP."
The 2005 Nemertes survey found that 58% of corporate IM users
are using an enterprise-class model, while the rest use consumer or
public services. Of all IM users polled, however, 62% said they
find that security is absolutely critical, while 26% considered
security important.
Recently, though, the market has been flooded with IM hygiene
products to help manage and secure IM sessions, both on public and
enterprise-class IM applications.
Lazar said some products can make IM sessions go through a proxy
where they can be logged and monitored. Some even block users from
attaching and sending files.
Products from Akonix Systems, Blue Coat Systems, CipherTrust,
FaceTime Communications, IM-Age Software, IMlogic and Microsoft are
designed to protect overall IM hygiene and ensure security.
Frank Cabri, vice president of marketing for FaceTime, also
noted the clear trend in enterprise IM adoption. FaceTime, which
makes IMAuditor, an IM security tool, has methods to protect both
the use of public IM and the use of enterprise IM applications.
"Security concerns extend into both the enterprise and public IM
worlds," Cabri said, noting that recent research found that the use
of public IM increased 2,000% between 2004 and 2005. With more than
40 public IM clients available, that can create an interesting
challenge for IT.
"It's complex," Cabri said. "It's not just worms and viruses
anymore, it's spyware, rootkits and keyloggers getting in through
public IM."
And as IM becomes as commonplace as email, enterprises need to
be concerned and to regain some control over the IM clients that
end users select. Public IM is easy to download and unsanctioned,
but it also has a solid business use, according to Cabri.
Enterprises must now weigh the potential security threats against
the business case.
"It's not any one thing that's going to solve the problem," he
said.
Cabri suggests that IT set up some kind of acceptable-use policy
outlining IM behaviors, and though that written policy is
necessary, it may not be sufficient.
FaceTime, which last week rolled out the latest version of
IMAuditor, 8.0, helps enforce those policies, Cabri said. It can
create a pop-up warning when an end user is breaking the
acceptable-use policy by scanning for keywords or file attachments
in IM sessions in real time, ensuring that nothing sensitive gets
out.
IMAuditor also protects from inbound IM threats based on
behavior. For example, if it notices more than three messages sent
by a single user's IM client in one second, that user is
quarantined, because a worm or virus could be propagating. IT can
also allow only certain IM clients and log sessions, and perform
various other security and monitoring functions.
Chris Berry, information security manager at Lam Research, a
Fremont, Calif.-based semiconductor company, said he deployed
IMAuditor about a year ago as part of a directory services and
messaging platform upgrade. Berry said that the deployment, though
still in the testing phase, helps keep internal IM communications
on the up-and-up.
"We wanted to make sure we had a monitoring and prevention
system" Berry said, in order to keep tabs on IM sessions and make
sure that users follow corporate acceptable-use and communications
policies.
Lam Research is looking at using internal IM to enhance mobility
and communications. Still, Berry said, he doesn't plan on allowing
IM sessions outside corporate walls any time soon. He said Lam
Research has a policy against end users downloading public or
consumer IM clients and monitors at the gateway to ensure it is not
being used.
"We are concerned with it, but we have that risk mitigated," he
said, adding that Lam Research's IM deployment is part of a
staggered rollout plan.
Osterman suggests that companies that are concerned with IM use
first install some sort of free sniffer software to get a better
idea of how frequently IM is being used within company walls. Then,
the company must determine how it wants to use IM -- whether it
wants IM sessions to remain internal or reach outside office walls.
That will help guide whether employees should continue using public
IM or whether an enterprise-class solution would be preferable.
Osterman's most recent IM tracking survey found that roughly 93%
of North American organizations use IM in some capacity, and
roughly 34% of corporate email users use IM. But by 2009, he said,
nearly 100% of North American companies will have employees who use
IM.
"IM is definitely here to stay," Osterman said. "It's showing
growth that's fairly significant."
This article originally appeared on
SearchVoIP.com.