Instant Messenger Security: Now More Than Ever
In the past few months, five major viruses attacked consumer IM networks, which many experts now consider to be one of the most hazardous vulnerabilities to enterprise security. Additionally, 85 percent of all enterprises have public IM in use, but only 12 percent of them have an enterprise solution for securing and managing IM, according to the technology research firm Radicati Group. Yet companies are waking up to the fact that this is a perilous condition, said Evan Sohn, chief marketing officer of Omnipod, a provider of secure IM solutions.
“The recognition we’ve really seen in the industry over the last month or so is that there’s a significant difference between public IM and private IM,” he said. “You don’t use Hotmail, you don’t use Yahoo mail, you don’t use AOL mail as your e-mail system. You wouldn’t dream of it; it’s not secure and it’s not managed. If IM is really going to be a true enterprise tool, it needs to be managed and controlled the same way that your e-mail system does.”
Sohn said there are five main IM vulnerabilities all companies should consider: viruses and worms spread through file sharing, without going through conventional virus-scanning technologies; identity theft (users can register easily under a false name; firewall tunneling, including exploitation of any open port on a firewall; data security leaks, sometimes at the highest levels of organizations; and spim (spam for IM), which comprises 5 percent to 7 percent of IM traffic.
Although there are a variety of strategies and products to employ to deal with this problem, there are four basic approaches enterprises can adopt for IM security, Sohn said. “Choice one is to do nothing, and keep using the free (public) stuff. Obviously, the problem there is you get hit with viruses, worms, etc. You’re second alternative is a very traditional networking solution: You have a problem with point A and a problem with point B, so let’s throw a box in-between. Let’s let this gateway solution be a data-monitoring tool. The good news there is you get things like auditing and compliance, but you really don’t get any virus protection. The third alternative is to build your own private IM network. The fourth alternative is to use a hosted provider of secure instant messaging.”
For businesses and organizations taking the fourth route, Sohn recommends Omnipod’s OnDemand Secure IM solution. “We provide a private IM network, and we do this on an on-demand basis,” he said. The product’s features include encryption and a file depository to ensure more secure transfers of data, as well as an administrative console that allows communication to be limited to specific users. Free test drives of OnDemand Secure IM are available at the Omnipod Web site.
For more information, see http://www.omnipod.com/html/test_drive.html.