How to Avoid IM Security Problems
Love it or hate it, instant messaging has potential for security problems. Here’s how to avoid them. By Jennifer McAdams
Computerworld - Celebrity tabloid headlines would scream if the Screen Actors Guild- Producers Pension and Health Plans (SAGPH) suffered an instant messaging breach that spilled sensitive medical information about the nation’s biggest stars. So, like many other organizations, this benefits provider enforces rules to prevent IM from jeopardizing its data security.
Aside from the bulk of financial services corporations, most companies aren’t totally shutting employees out of IM communication in the workplace. In fact, in an exclusive Computerworld survey of 113 IT managers, 40% said their companies use instant messaging as a sanctioned form of interoffice or intercompany communication.
But while companies are recognizing a plethora of legitimate business uses for the technology, many are moving slowly to incorporate security technologies that drastically reduce IM risks like spyware, virus infiltration, phishing and data compromise — the same vulnerabilities often associated with e-mail. In fact, in a February survey of 192 IT executives by Enterprise Strategy Group Inc., nearly 30% of respondents said they hadn’t deployed any IM security technology.
The Pain of Progress
Upfront recognition of IM as a powerful business tool also requires upfront employee accountability for its use. Companies embracing corporate IM are controlling its use through guidelines and policies, and IT executives are sorting through a variety of security technologies, such as URL filters, proxy servers, firewalls and stand-alone IM security tools.
“Very few companies can ban IM usage outright,” says Peter Firstbrook, an analyst at Gartner Inc. “It has simply become too valuable a communication tool. However, some enterprises are restricting both the type of IM network employees use and advanced features such as file transfers and gaming.”
They may be reluctant to curb or ban IM, but companies expect their employees to behave appropriately, says Kevin Donnellan, SAGPH’s assistant CIO. “The most important action enterprises can take in controlling instant messaging use is to ensure employees are using it under prescribed guidelines,” he says.
SAGPH relies on Symantec Corp.’s IM Manager to enforce usage policies. IM Manager provides security and archiving capabilities for several IM functions, such as text messaging, and application and file sharing — including audio and video swaps, which have become common in IM exchanges. SAGPH and other health care organizations must also contend with IM-related compliance and data retention requirements of major statutes such as the Health Insurance Portability and Accountability Act.
Meanwhile, another heavily regulated sector has looked long and hard at IM and still isn’t convinced that it’s worth the risk. “The financial services industry has had to focus on this area for a few years now because Securities and Exchange Commission regulations require retention of IM communications for three years,” says Richard Wolf, managing partner at Lexakos LLC, a West Orange, N.J.-based business advisory firm that specializes in compliance and records management.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- OpenStack and Red Hat: IDC White paper Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Legal White Papers | Webcasts