Instant Messaging risky without internal mechanism
October 6, 2008 5:23 am General, Infrastructure, Instant Messaging, Internet openness, anti-spam, antivirusLove it, hate it, use it, Instant Messaging sites and technologies may pose a communications risk to the sensitivity of company information. Here is a perspective on why to block public services and replace with internal offerings.
Many organizations use instant messaging (IM) for departmental and organizational informal communication. This communication can become a hodgepodge mix of personal and company related interaction. IM technologies are in a sense a grey area in communications management. For example, most organizations audit and archive email to a certain standard, but IM traffic is not subject to that requirement. IM traffic can go to any number of different Internet sources such as Yahoo!, AOL, MSN and others as well as individuals hosting their own IM servers at home. This makes the task of specifically identifying the traffic a challenge beyond the big players from a network perspective. IM communication is not as official as email, and it is unclear if it would apply to the same archival requirements from a compliance perspective. What makes this issue worse is that public-service IM communication is not secured over the Internet, can be adware-ridden and allow file transfers. Identifying the risks can go on for hours, but allowing unmanaged IM services to the public sites brings up topics of trade secret information, internal communications and announcements being sent to competitors and basic archival and tracking of communication.
So what options are available? One approach is to block all traffic at the firewall to the relevant pubic services. This however underscores the true benefits of IM technologies for internal company use. I do think IM is good internally used, but using it over a public service seems ironic. So, we can focus on managed IM services or internally hosted systems. There are a large number of IM systems that can be hosted internally, and some can even work from groupware products like Microsoft Exchange that may already be in place within an IT environment that may not require additional purchases. Further, there are plenty of open source mechanisms that can set up internal messaging servers for no costThe utopia of IM communication a mechanism that is internally hosted with traffic archived to the same standards of email and has interoperability with Internet IM services. One such service is the Sun Java System Instant Messaging offering, which has all the management as well as public gateway communication. The key to reducing this data loss risk is provide a solution administered by the network team that protects the company’s interests yet allows people to do their jobs and use the positive benefits of IM technologies.
How do you approach managing IM traffic in regards to protecting unaudited information leaving your network? Share your comments below.
