New Software Aimed at Making IM Secure

Computerworld - Two San Diego-based companies, Akonix Systems Inc. and WiredRed Software Corp., announced new instant messaging (IM) software add-ons last week that make the chat tool more secure, according to industry experts.

WiredRed announced its e/pop Audit and Reporting Server, targeted at financial services companies. It allows users to provide security by storing and monitoring the content of all IM communications. It's also used behind the firewall, which solves most security problems. Beta customer Terra Nova Trading LLC in Chicago uses the software to broadcast financial news via IM, according to David Lipsett, vice president of the firm's online division.

While financial services firms were among the first companies to deploy IM, companies in other industries have hesitated to install the technology, in part because it's not secure. Overall, only about 30% of companies have deployed IM in the U.S., according to IDC in Framingham, Mass., and Osterman Research Inc. in Black Diamond, Wash.

However, as IT managers have stalled on implementing IM, employees have gone ahead and downloaded the client software for free from companies such as America Online Inc. in Dulles, Va., and Microsoft Corp.

Bypassing Security

Recent studies from IDC and Osterman indicate that 70% to 80% of companies report that their employees have downloaded IM software such as AOL Instant Messenger (AIM) and Microsoft's MSN Messenger.

The problem with those products is that they evade most common security practices by opening unsecured firewall ports for a connection. They also commonly lack virus scanning, allow file transfers and have no corporate-based user authentication, according to Ferris Research Inc. in San Francisco.

So installing secure IM software like WiredRed now may not solve all those security concerns because the free consumer IM clients, with all their security problems, are so widely deployed.

However, the release last week of Akonix L7 firewall software addresses this problem without requiring IT staff to visit every PC and reconfigure the IM software, according to Dmitry Shapiro, Akonix's chief strategy officer.

Akonix L7 allows systems administrators to restrict outside-the-firewall access from IM clients, or block it altogether, Shapiro said.

The administrators can also authenticate corporate employees' IM identities by linking them to their identities in Microsoft's Active Directory, he added. The software also routes messages and attachments through antivirus software and has a feature that forces the archiving of messages, depending on how it is configured by the user.

FaceTime Communications Inc. in Foster City, Calif., also provides many of these same features with its IM security software, but Akonix can do all this with peer-to-peer software as well, like Gnutella, said Michael Sampson, an analyst at Ferris Research. The fact that Akonix can, out of the box, integrate with the Windows architecture via Active Directory might give MSN Messenger some viability within the enterprise, Sampson said.