Wesabe is a brand new money management community, whose members
share tips on everything from saving on organic produce to knocking
down credit card debts.
It is also among the companies saying it now takes threats to IM
as seriously as those targeting email and web applications.
 |
| Special report: Messaging
(in)security: | About this special report: Based on the
results of exclusive readership research, SearchSecurity.com took a
closer look in December at the top messaging security challenges
facing today's businesses. This original, multi-media series
explores hot-button security issues like evolving threats, the
increasing reliance on mobile devices, remote email access and
instant messaging, and the technologies designed to secure it
all.
Special report menu:
Day 1:
Messaging insecurity fuels data leakage
fears: The proliferation of messaging technology means
more opportunity for malware to take root and sensitive data to
be lifted.
Day 2:
IT pros look for ways to lock down IM:
To control growing IM threats, administrators are trying to
limit which programs can be used or ban the technology
altogether. But that's not always possible.
Day 3:
Messaging Security podcast: Burton Group
analyst Diana Kelley discusses the latest threats to messaging
security and where the solutions are.
Inside the numbers:A closer
look |
|
| |
|
Small businesses such as Wesabe, which has six workers, as well
as those with thousands of workers, such as Richmond, Va.-based
Media General Inc., are deploying IM-specific software and
appliances designed to keep malware and phishers out, while letting
trusted clients and friends in.
With their sales and creative teams reluctant to give up IM for
the sake of security, the companies are using IM security tools to
implement "no attachment" policies and to block the installation of
unauthorised chat clients. Akonix, Facetime and Symantec are among
those with the most popular--and some users said, the most
effective--IM security products.
The threats to virtually all IM clients, including AIM, Jabber,
and Skype, are mounting, according to the SANS Institute's 2006
Top-20 list
of internet security attack targets. The SANS report recommends
establishing acceptable use policies for IM and considering the
deployment of "products specifically designed for instant messaging
security."
Those products can add to a security team's workload, however.
The IM security software become "yet another silo of security
policies to manage and alerts to monitor," said Trent Henry, an
analyst at the Burton Group.
That's one why many organisations first try to use their web
filtering appliances, such as those from WebSense, SurfControl,
Secure Computing, or Blue Coat, to handle IM, Henry said.
But the Web filters "don't have an adequate degree of
granularity to fully block IM," Henry said.
Wesabe's staff is distributed across Berkeley, San Francisco and
Seattle. And because they need to keep in touch as if they were in
the same room, the company uses IM for group chats and presence
awareness. "It's replaced email for us," said Marc Hedlund, who
heads the company's engineering group.
It is also easy with only six employees, to get everyone using a
single IM system, Hedlund said.
Wesabe uses the Web-based business chat tool Campfire, from
Chicago, Ill.-based 37signals, for IM. Campfire chats are logged
and searchable. Authorised group members can see who's online and
available and what conversations are taking place at any time.
Wesabe staff can also share files through Campfire.
But Wesabe also chose Campfire for its security features,
Hedlund said.
Campfire's paid versions can secure chats via SSL. A Wesabe
employee must have SSL enabled on his Web browser to join a
Campfire chat, said Hedlund.
Chat participants must also be invited into Campfire
discussions, which can be password protected.
At Media General, which has 7,500 employees and owns newspapers
and TV stations throughout the Southeast, weaning staff off their
favorite IM clients seemed unrealistic to Mike Miller, the
company's head of IT security.
The president of Media General's new Interactive division was an
IM supporter and he didn't want to be cut off from clients outside
the company, Miller said.
By 2003, Media General deployed IM Manager, now owned by
Symantec. The software logs conversations and blocks attachments.
It also integrates well with other antivirus applications, Miller
said.
Miller uses IM Manager to limit access to only 300 people who he
says have a business need. Workers in the Interactive division,
salespeople, and meteorologists who use Yahoo Messenger and Jabber
to receive alerts from the National Weather Service are authorised
to use IM through the Symantec software, he said.
Since then, there have been few complaints about not being able
to send attachments through IM.
"We tell them to use email for that," Miller said.