Unified communications won't displace insecure IM

Dealing with clients often means leaving the light on for AIM, Skype and such

When Lionbridge Technologies Inc., a Waltham, Mass., software localization vendor, rolled out Microsoft Corp.'s unified communications (UC) software starting in 2006, it let its 4,300 employees keep using public instant messaging services such as AIM or Yahoo Messenger.

Today, its Office Communications Server software handles 1 million IM conversations per month. That has lessened employees' use of outside IM services but hardly eliminated it, according to IT director Oyvind Kaldestad.

"We are encouraging people to use Office Communicator for all internal IMing," he said. "But we are a client-driven company, and some of our customers like to use Skype or GoogleTalk. So we don't lock down our employees' computers."

Unified communications software such as IBM's SameTime, Cisco Systems Inc.'s Unified Personal Communicator and Microsoft's Office Communicator may offer instant messaging along with powerful related features, such as the ability to detect the "presence," or availability, of co-workers and to instantly call or videoconference with them via your PC if they are available. And they may also be more secure than public IM systems.

Still, most companies are unlikely to clamp down on public IM and similar services as they roll out UC software, choosing instead to try to steer employees to approved, safer communication channels while monitoring and managing the insecure ones.

Take Avanade Inc., the Seattle-based corporate systems integrator that is a joint venture of Accenture Corp. and Microsoft.

Avanade's own internal approach was to allow use of public IM software but to try to weave Office Communicator in so tightly with its employees' software that they would, for convenience's sake, voluntarily choose to use Office Communicator over public IM for most workday communication.

No company is an island

Public IM services are notoriously good at hopping around to seek open network ports, according to Larry LeSueur, vice president of technology infrastructure solutions at Avanade. And preventing employees from installing IM software on their PCs seemed too harsh.

"You'll restrict employee productivity and start turning your company into an island," he said.

Projections from The Radicati Group Inc. appear to agree. The Palo Alto, Calif., research group expects the number of public IM messages this year to dwarf enterprise IM by a factor of 8 to 1. That ratio will hold in 2011, when 82 billion public IM messages are expected to be sent.

Radicati does see the number of enterprise IM users worldwide doubling to 127 million in 2011 from 67 million this year.

But it also sees the installed base of IM seats managed by third-party tools growing more than six times, from 15 million this year to 97 million projected in 2011.

Such software helps ameliorate risks from use of public IM and similar software. According to a survey commissioned and released this week by one such vendor, FaceTime Communications Inc., nine out of 10 IT managers experienced a security problem related to public IM, Web conferencing or voice-over-IP services such as Skype in the past six months.

Such management software is less needed with UC software, which is run on a server controlled by the company. IMs mostly flow between authenticated users within a corporate network. Most can be set to encrypt all IM traffic, too.

That makes it hard for a hacker to impersonate an IM user or for malware to be sent via IM to a user -- or, if the proper rules or monitoring tools are set, for employees to send out private company data.

"They are a priori more secure and trustworthy than public IM, without a doubt," LeSueur said.

Copyright © 2007 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon