By R. Boyd Zack Instant messaging is growing up and rapidly becoming commonplace in mainstream businesses around the world. The business community is realizing the benefits of IM in terms of rapid communication, presence awareness and delivery confirmation, but with rapid adoption rates and lack of controls is it doomed to the fate of e-mail?
Public IM networks including AIM, MSN Messenger, Yahoo IM and others are easy to use and download onto user systems. They allow people to chat with anyone else on the network by simply accessing their screen name or buddy list. These programs were designed for casual “chatting” between users, as well as avenues for the IM network providers to access their users. Business IM, or Enterprise Instant Messaging, acts as a business tool that increases productivity and efficiency in the workplace. Business IM can generally be deployed in one of two manners. The first is to utilize the public IM networks through security systems that monitor, record and make efforts to secure the communications. Akonix (http://www.akonix.com/) and IMLogic (http://www.imlogic.com/) offer systems designed to sit on top of public networks and provide businesses with a level of security far greater than simply unsecured public IM. The second approach to business IM is one where the message server is hosted internally by the business or externally by a hosting organization, and utilized on a permission-only basis by individuals explicitly included on the network. IMiN Secure Instant Messaging (http://www.ebs-imin.com/) and Alvaka Networks IMWorx (http://www.alvaka.net/) offer business users a hosted solution that is private and does not utilize the public IM networks.
Businesses can enjoy some of the same benefits of IM as home users do, including avoiding the high cost of long distance phone charges with real-time communication and more immediate response not achieved through e-mail. At the same time, IM can be a real-time sink and can expose users to security threats through buffer overflows, malicious file attachments and on-line identity theft. Utilization of public IM networks in the workplace increases these threats to the enterprise.
Public IM programs have evolved beyond simple text message platforms to file transfer, file sharing, advertising and gaming systems. The AIM platform allows on-line video streaming, while chatting and sharing files between systems. This not only consumes potentially significant amounts of bandwidth, but also introduces security risks associated with unchecked files entering the network as well as leaving the network.
In the workplace, more often than not you will find public IM employed to function as a business tool. While productivity gains can be realized by being able to get answers through IM while conversing on the phone, productivity loss can occur through the same mechanism. Casual use of IM to chat with friends, family and even co-workers can kill productivity and suck hours of time and money out of your business. When employees are “chatting” through IM, they may appear to be busily working away while they are in actuality wasting hours away.
Public IM programs are under constant attack by hackers and spammers (IM spam is referred to as spim) seeking to gain access of the user’s computer or network and push unwanted, often pornographic advertisements on the IM user. With the easy use of alias in the public IM networks and no user authentication, electronic identity theft is simple to achieve. IM users are easily tricked into believing they are chatting with a friend only to find out they have become victim of a hacker looking to spread their malware.
IM—The Next E-Mail
And what is so bad about e-mail anyway? A report published by Information Week on 12/21/2006 by Gregg Keizer states that spam was up 35 percent in November with surges of 85 billion spam messages a day. Put another way, this is spam at the rate of over 13 messages for every person in the world every day. All indications are that due to the profitability of spam, this trend will continue upward in 2007 and beyond. Spammers are getting more innovative in their methods and finding more ways to get their messages through the anti-spam filters employed by most businesses.
By design, e-mail allows us to communicate with whomever we want by simply being given, or even guessing, the e-mail address. This also opens us to receiving communications from anyone who wants to reach us, even if it may be an unwanted contact. Similarly, public IM is designed to easily reach others. Once someone has your screen name, it can be difficult to evade access to you and your machine.
With the immediacy of IM, the spread of malware has proven to be extremely rapid. When a hacker gains access to one’s buddy list, the spread of unwanted access and messages can reach worldwide distribution in a matter of hours rather than the days it often takes with e-mail.
Additionally, allowing employees to utilize their personal screen name in the workplace exposes the company to further risks. When employees leave an organization, they are generally not able to continue to utilize their business e-mail address since the account is disabled or removed. Conversely, those who use personal IM screen names at work can continue to use those even after leaving the organization. This means they can still have access to staff, customers and vendors as though they were still employed through their IM buddy lists. While this risk is far less technical than others discussed herein, it is easy to see the potential damage that can be inflicted on a business by a disgruntled ex-employee.
By approaching business IM in the same manner as e-mail and allowing open access to anyone who wants to reach us, we are exposing our companies to unwanted threats and time sinks.
A Better Way
By approaching business IM as an internal tool to be shared with only people we wish to or need to communicate with, we can realize the benefits of this technology without the threats. IMiN Secure Instant Messaging allows business users to communicate with colleagues in a secure manner in every respect. Messages are encrypted when sent out over the Internet, keeping them from prying eyes. Users are insulated from outside IM- born threats because IMiN does not use public IM networks. Compliance requirements are met through the use of message archival and encryption. Abuse is limited by the simple knowledge that all correspondences are recorded and can be reviewed by administrators. Identity theft is virtually impossible due to user authentication and administrator-based permission.
The telephone is a common tool used for communication in both business and the home. While this tool is used in both these environments, rarely do we find companies trying to use home phone systems for their businesses telephone needs. And why should an Instant Messaging solution be viewed any differently?
R. Boyd Zack is the President of R.B. Zack & Associates Inc., a Torrance California based company with 25 years of experience in development, implementation, maintenance and support of custom business software and IT services. “Building Business Applications that Work Since 1981”. He can be contacted at http://us.f565.mail.yahoo.com/ym/Compose?To=Boyd.Zack@rbza.com or via the web site at http://www.rbza.com/
No comments:
Post a Comment