How to Avoid IM Security Problems
Love it or hate it, instant messaging has potential for security problems. Here’s how to avoid them. By Jennifer McAdams
Computerworld - Celebrity tabloid headlines would scream if the Screen Actors Guild- Producers Pension and Health Plans (SAGPH) suffered an instant messaging breach that spilled sensitive medical information about the nation’s biggest stars. So, like many other organizations, this benefits provider enforces rules to prevent IM from jeopardizing its data security.
Aside from the bulk of financial services corporations, most companies aren’t totally shutting employees out of IM communication in the workplace. In fact, in an exclusive Computerworld survey of 113 IT managers, 40% said their companies use instant messaging as a sanctioned form of interoffice or intercompany communication.
But while companies are recognizing a plethora of legitimate business uses for the technology, many are moving slowly to incorporate security technologies that drastically reduce IM risks like spyware, virus infiltration, phishing and data compromise — the same vulnerabilities often associated with e-mail. In fact, in a February survey of 192 IT executives by Enterprise Strategy Group Inc., nearly 30% of respondents said they hadn’t deployed any IM security technology.
The Pain of Progress
Upfront recognition of IM as a powerful business tool also requires upfront employee accountability for its use. Companies embracing corporate IM are controlling its use through guidelines and policies, and IT executives are sorting through a variety of security technologies, such as URL filters, proxy servers, firewalls and stand-alone IM security tools.
“Very few companies can ban IM usage outright,” says Peter Firstbrook, an analyst at Gartner Inc. “It has simply become too valuable a communication tool. However, some enterprises are restricting both the type of IM network employees use and advanced features such as file transfers and gaming.”
They may be reluctant to curb or ban IM, but companies expect their employees to behave appropriately, says Kevin Donnellan, SAGPH’s assistant CIO. “The most important action enterprises can take in controlling instant messaging use is to ensure employees are using it under prescribed guidelines,” he says.
SAGPH relies on Symantec Corp.’s IM Manager to enforce usage policies. IM Manager provides security and archiving capabilities for several IM functions, such as text messaging, and application and file sharing — including audio and video swaps, which have become common in IM exchanges. SAGPH and other health care organizations must also contend with IM-related compliance and data retention requirements of major statutes such as the Health Insurance Portability and Accountability Act.
Meanwhile, another heavily regulated sector has looked long and hard at IM and still isn’t convinced that it’s worth the risk. “The financial services industry has had to focus on this area for a few years now because Securities and Exchange Commission regulations require retention of IM communications for three years,” says Richard Wolf, managing partner at Lexakos LLC, a West Orange, N.J.-based business advisory firm that specializes in compliance and records management.
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- Software Asset Management: Ensuring Today's Assets Today's trends like BYOD and SaaS are new and exciting in terms of how they will help make our jobs more productive but...
- Trends Shaping Software Management: 2014 Most IT executives recognize the relationship between mobile computing and worker productivity, and have long issued notebook computers and other mobile devices to...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt. All Legal White Papers | Webcasts