Businesses Have Concerns About Instant Messaging Security

October 2002

From customer service to sales, or simply for exchanges among far-flung business associates, companies are finding that instant messaging isn't just for consumer chat.

Business users are expected to make up nearly half--43.2 percent--of the estimated 530.4 million IM users forecast to be online by 2006, according to researchers at IDC. That's up from 2001, when business accounted for only 10 percent of the 182.3 million IM users.

The trend is echoed in a survey by Osterman Resarch. In a March poll of 164 companies, 29 percent of the respondents said they use instant messaging, and 42 percent will or may do so.

But with this surge in business use comes a cascade of concerns about controls, especially security, authenticity, and encryption measures.

Public IM applications such as America Online's AOL Instant Messenger and ICQ, Microsoft's MSN Messenger, and Yahoo Messenger operate using the IM provider's servers and are not protected by a corporate or personal firewall. Unencrypted messages traverse the Internet among users whose identities and intentions cannot be verified. Also, you can't tell who else might be eavesdropping on plain text sent through cyberspace.

Is that IM conversation about next month's sales projections really with a colleague--or a competitor? Is the file you're receiving through AIM transfer a picture of a customer's product, or is it a cover for a virus?

Computer viruses and worms can be sent via IM, which is not subject to the virus scanning, content filtering, and other security measures often employed by corporate e-mail programs. Stealth programs sent by crooked IMers can give outsiders access to everything on an individual PC or network.

The threats are real, although incidents are not yet widespread.

"By and large, we don't see many attacks based on IM, but the potential is certainly there," says Shawn Hernan, a security expert at the Computer Emergency Response Team Coordination Center (CERT/CC), a government-funded Internet security center at Carnegie Mellon University.

That's why some businesses ban instant messaging, Hernan notes. "One of the first tenets of computer security is 'Don't run things that you don't need,'" he says. "You need to concentrate your effort on securing the systems you do need."

Terry Olkin, chief technical officer for security firm Sigaba, says many companies are becoming concerned about intellectual property dribbling out the IM window.

Corporate information officers spend "a lot of money in basically protecting themselves from all the things that can go wrong with e-mail, and now messaging creates a big gaping hole that they have no coverage for whatsoever," Olkin says. "At the moment, many of them have no idea what is going on through this system."

Source...

 

With Dionach you get:

• An efficient, friendly and flexible service
• To talk directly to the experts
• Straightforward assessment reports that get to the point
• Complete confidentiality and utmost discretion