With
instant messaging (IM) poised to become the de facto electronic
business communication tool, small and medium-sized businesses
(SMBs) need to get a grip
on
its security risks.Research firm
Gartner predicts that by 2011 instant messaging will be the main
conduit through which people will communicate, using video, voice
as well as text. It will be so entrenched that by 2013, 95% of
workers in leading global companies will use it as their primary
way of communicating.
And if
SMBs want to do business with those global organisations,
they'll have to step up to the plate and adopt technologies to
secure and manage IM use.
Peter Firstbrook, a research director at Gartner, said SMBs
should treat IM the same way they would email. If a company has
examined its risk with email and determined that it needs to have
policies and technology in place for
electronic discovery, records retention,
content inspection and data leak protection, those polices and
technologies should be extended to instant messaging as
well.
Unfortunately, SMBs aren't taking IM seriously enough.
"I would argue that most SMBs are looking the other way or
blocking it -- or they think they're blocking it," Firstbrook
said.
It boils down to priorities.
"Their focus is on enabling the business and helping the
business make money. They have to be working on projects that are
making money. This is pretty low on their radar."
 | | | | | Some companies just try to block
IM. The problem with doing that is IM clients tend to be port
crawlers. They find a way in.
Michael Osterman
principalOsterman Research
Inc. |
| | | | | |
| |
|
Many SMBs have policies forbidding IM use, but they are difficult
to enforce, Firstbrook added. Companies might try blocking IM
technology at the firewall, but most consumer IM clients are good
at finding ways around firewalls.
"Some companies just try to block IM," said Michael Osterman,
principal of Black Diamond, Wash.-based Osterman Research Inc. "The
problem with doing that is IM clients tend to be
port crawlers. They find a way in."
An alternative to just blocking IM is to implement something
from Akonix Systems Inc., FaceTime Communications Inc. or Symantec
Corp. These products generally allow IT to control the clients used
and to map IM handles to email addresses. You can really manage it
without affecting users too much. "A third approach is to rip all
that out and just deploy an enterprise IM solution," Osterman
said.
IM is where email was about 12 years ago, Osterman added, when
companies were trying to figure out whether there was a business
case for the technology. Back then, he said, companies were
debating whether they needed to take control of email.
"Today you'd be hard-pressed to find anyone to say that,"
Osterman said.
Firstbrook said SMBs need to take a realistic look at what their
risks are by not taking control of IM use.
"Using instant messaging has a couple of risks," he said. "One
is disclosure of sensitive information -- intellectual property
losses or salacious material. It's also a new channel for malware.
That's a risk for everybody."
Vendors are banking on the belief that SMBs will recognise a
need to invest in technology. For example, Akonix, a San
Diego-based IM management technology vendor, recently released the
A1000 IM Essentials appliance, an IM risk management product that
starts with licensing for up to 100 users at a price tag of just
less than $7,000.
"There are a lot of SMBs and enterprises to this day who have no
IM management," said Don Montgomery, vice president of marketing at
Akonix. "But smaller firms are starting to apply the same rigor to
email and IM retention, mainly because they're trying to do
business with larger firms. And larger firms are compelling
them."
Montgomery said SMBs will also be more inclined to manage their
IM use because of the new
federal rules of civil procedure adopted
last December, which set rules for the legal discovery of
electronic records.
Firstbrook said vendors like Akonix are providing good technology
for IM management, but he said SMBs should ultimately be looking
for products that combine IM and email management.
"Akonix and FaceTime and other vendors -- as a whole they're not
in the email stream," Firstbrook said. "They're in the IM
stream."
Firstbrook said SMBs that get separate vendors for email and IM
management are just duplicating their work. They need a product
that can do both.
"That's the best approach, IM and email integration," he said.
"But the number of products you can choose to do that are still
pretty slim."
Let us know what you think about the story; email:
Shamus McGillicuddy,
News Writer