Media General has been encouraging employees in its interactive division to use America Online's AIM public instant-messaging network since 2001. But after two years, the company's IT department became very concerned about the unmonitored and unmanaged use of instant messaging.
"I was worried about viruses, file transfers, because it was going around protections we already had," said Mike Miller, the company's director of support services.
"I realised the majority of our instant messaging traffic was between coworkers here, who could be asking each other 'what is the password for this server?' and that was going off to AOL and coming back, which wasn't very secure," he added.
He got the green light from the company's chief information officer to evaluate products to manage, control and secure the company's instant messaging usage.
Media General chose IM Manager from IMlogic, which has security features, such as virus scanning, file transfer control, spam filtering, user authentication and instant messaging traffic routing; compliance features such as logging and archiving of instant messaging sessions and content filtering to flag language deemed inappropriate; and IT control features, such as user access control and screen-name registration.
IMlogic is one of three recognised leaders in what are known as instant messaging gateways, along with Akonix Systems and FaceTime Communications. These three suppliers' products all provide IT departments with software tools to manage instant messaging use in the workplace.
Soon after Media General installed IM Manager about one year ago, the tool proved useful. "We found abuse by some users who rather than doing their jobs, were doing instant messaging their entire shifts," Miller said.
Media General has about 130 instant messaging users, out of about 8,000 employees. The company owns newspapers, TV stations and websites.
The process Media General went through - from promoting the unmanaged use of workplace instant messaging, to realising the need for IT control, to choosing a tool to accomplish that - is a process that is happening in many IT departments around the world.
According to a recent study by The Radicati Group, instant messaging is used in 85% of all enterprises in North America, while 20% of all enterprise users worldwide use instant messaging today. Radicati expects 80% of enterprise users will use instant messaging by year-end 2008. By the end of 2004, there will be 42 million enterprise instant messaging users, according to the research group.
Because becoming a user of a public instant messaging network, such as the ones from Yahoo, AOL and Microsoft, is free and easy, users worldwide have linked their work PCs to these instant messaging networks without consulting or informing their IT departments.
In the process, employees have made their companies' computing environments vulnerable to viruses, spyware, spam, hackers and Trojan horse software programs. They have also put their companies at risk of violating an increasing number of laws and regulations that require certain industries to log and archive work-related instant messaging sessions.
IT departments have two options in addressing the use of instant messaging in their organisations:
- Get their users off of the public instant messaging networks and install an inherently more closed and proprietary enterprise instant messaging platform behind the firewall such as Microsoft's Live Communications Server (LCS) or IBM's Lotus Sametime; or
- Leave the users on the public instant messaging network of their choice and install an instant messaging gateway product that monitors and filters instant messaging traffic and flags problems related to usage, security and compliance.
So far, the second option has been most popular, primarily because it has been generally less expensive, more transparent to end-users and simpler for IT to manage. Most of the instant messaging use within corporations is still over free, public instant messaging networks, according to the Radicati Group.
Instant messaging gateway software was also the option merchant bank Thomas Weisel Partners chose when it bought FaceTime's IM Auditor. Since its founding in 1999, the bank had allowed employees to use public-network instant messaging.
"We were in denial for a while. There was a lot of instant messaging usage back in 1999 and 2000 and we just kind of said 'ok, whatever,'" said Beth Cannon, the bank's chief security officer. But concerns led the bank to implement the FaceTime product in September 2001.
Since then, a variety of laws and regulations related to the use of instant messaging in the financial industry have been created, and FaceTime helps the bank comply with them. "Whatever we do [with instant messaging] we have to log it and archive it, so even if we decided to move to an enterprise instant messaging platform, we would still have FaceTime," Cannon said.
While IT departments seeking to control instant messaging are currently content with tools from small, start-up suppliers, they may eventually be presented with options from bigger, established suppliers, especially those in related areas such as security, systems management and messaging and collaboration.
Considering that the three instant messaging gateway leaders are small and young - FaceTime, founded in 1998, is the oldest and has the largest staff with about 130 employees - should IT managers and chief information officers who have invested in their products be concerned about these suppliers' future in light of potentially crushing competition?
After all, instant messaging gateway suppliers have nabbed as clients large, global companies. IMlogic's clients include Merill Lynch and Bear Stearns, FaceTime's include Wachovia and NCR and Akonix's include Cingular Wireless and Qualcomm.
Industry experts agree that instant messaging gateway suppliers in general have got a strong head-start and developed expertise that is so deep and specific that no newcomer, no matter how large and mighty, will be able to match them for at least two years. The potentially bad news is that it's hard to know what will happen to instant messaging gateway suppliers in the long run.
In the meantime, analysts say IMlogic, Akonix and FaceTime today are the best at what they do and, although all three are private companies and as such do not disclose financial details, they seem to be succeeding in a growing market.
"Instant messaging management suppliers are where the money is today. They have a great business model and they're solving a lot of problems for companies," said Genelle Hung, a Radicati Group analyst. "Of course, in five or six years, it might be a very different landscape but these instant messaging management suppliers have a long-term approach to their business and their products. They're not here to make a quick buck and disappear."
A potential threat comes from IBM's Lotus division and Microsoft with their respective enterprise instant messaging platforms, Sametime and LCS. Clearly, both suppliers want to continually expand their platforms' capabilities, but executives from both companies concede that IBM and Microsoft either can't provide or aren't interested in developing functionality the instant messaging gateway suppliers already offer.
"We definitely see them filling out the partner ecosystem and being very much an add-on set of solutions that extend an LCS environment," said Dennis Karlinsky, LCS lead product manager at Microsoft.
"The instant messaging gateway suppliers provide high-value services on top of Sametime," said Ken Bisconti, vice-president of collaboration and human interaction products at IBM's Lotus division.
Still, instant messaging gateway suppliers can't let their guard down, another analyst said. "These instant messaging gateway guys will be challenged to come up with ways to stay ahead of Microsoft in particular, which has a history of co-opting utility functions that third-party providers have found a niche in and then cutting them out of that market," said Lou Latham, a Gartner analyst.
Other potential competitors are providers of systems management platforms, such as Computer Associates with Unicenter, Hewlett-Packard with OpenView and IBM with Tivoli, and providers of security software, such as Symantec and McAfee.
However, executives contacted at each of these five organisations all played down the possibility that their respective platforms would be extended in the near future in any significant way to encroach into instant messaging gateway functionality. In fact, partnership relationships already exist between instant messaging gateway suppliers and many suppliers in these spaces.
"Potentially as this space grows, one of those large suppliers could start doing something similar to what instant messaging gateway suppliers do. No question about that. But it's an interesting dilemma (the large suppliers) face" over which instant messaging gateway features to develop themselves, said Joe Laszlo, senior analyst with Jupiter Research.
Overall, IMlogic, FaceTime and Akonix are guarding their space well, Laszlo said. "Even in the face of competition from more established suppliers, instant messaging gateway suppliers are well enough established and will probably be around for the long haul."
This should bring a sense of relief to IT professionals who are relying on these tools to perform the important task of protecting their company's IT infrastructure from potential threats brought about by workplace instant messaging use.
Juan Carlos Perez writes for IDG News Service
This was first published in October 2004