How to Avoid IM Security Problems
Love it or hate it, instant messaging has potential for security problems. Here’s how to avoid them. By Jennifer McAdams
Computerworld - Celebrity tabloid headlines would scream if the Screen Actors Guild- Producers Pension and Health Plans (SAGPH) suffered an instant messaging breach that spilled sensitive medical information about the nation’s biggest stars. So, like many other organizations, this benefits provider enforces rules to prevent IM from jeopardizing its data security.
Aside from the bulk of financial services corporations, most companies aren’t totally shutting employees out of IM communication in the workplace. In fact, in an exclusive Computerworld survey of 113 IT managers, 40% said their companies use instant messaging as a sanctioned form of interoffice or intercompany communication.
But while companies are recognizing a plethora of legitimate business uses for the technology, many are moving slowly to incorporate security technologies that drastically reduce IM risks like spyware, virus infiltration, phishing and data compromise — the same vulnerabilities often associated with e-mail. In fact, in a February survey of 192 IT executives by Enterprise Strategy Group Inc., nearly 30% of respondents said they hadn’t deployed any IM security technology.
The Pain of Progress
Upfront recognition of IM as a powerful business tool also requires upfront employee accountability for its use. Companies embracing corporate IM are controlling its use through guidelines and policies, and IT executives are sorting through a variety of security technologies, such as URL filters, proxy servers, firewalls and stand-alone IM security tools.
“Very few companies can ban IM usage outright,” says Peter Firstbrook, an analyst at Gartner Inc. “It has simply become too valuable a communication tool. However, some enterprises are restricting both the type of IM network employees use and advanced features such as file transfers and gaming.”
They may be reluctant to curb or ban IM, but companies expect their employees to behave appropriately, says Kevin Donnellan, SAGPH’s assistant CIO. “The most important action enterprises can take in controlling instant messaging use is to ensure employees are using it under prescribed guidelines,” he says.
SAGPH relies on Symantec Corp.’s IM Manager to enforce usage policies. IM Manager provides security and archiving capabilities for several IM functions, such as text messaging, and application and file sharing — including audio and video swaps, which have become common in IM exchanges. SAGPH and other health care organizations must also contend with IM-related compliance and data retention requirements of major statutes such as the Health Insurance Portability and Accountability Act.
Meanwhile, another heavily regulated sector has looked long and hard at IM and still isn’t convinced that it’s worth the risk. “The financial services industry has had to focus on this area for a few years now because Securities and Exchange Commission regulations require retention of IM communications for three years,” says Richard Wolf, managing partner at Lexakos LLC, a West Orange, N.J.-based business advisory firm that specializes in compliance and records management.
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Planning for Mobile Success Many organizations are seeing clear and quantifiable benefits from the deployment of mobile technologies that provide access to data and applications any time,...
- The Challenges and Opportunities of Mobile Application Development Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Legal White Papers | Webcasts