SECURITY

Delivering Instant Message Security and Compliance Through the Cloud

Alison Diana | Date: 11-29-11 | Comments

Many organizations ignore IMs, placing themselves at risk for breaches, attacks and lawsuits.

Instant messaging is a speedy way for colleagues, business partners and customers to communicate, yet its inherent brevity and growing popularity can mean big headaches for IT professionals and governance executives.

After all, instant messages are subject to the same archival laws as emails and paper documents. Regulations protect IMs� content and prevent the sharing of questionable messages�whether they are prejudiced, have sexual connotations, or include proprietary corporate data. Yet all too often, IMs escape the otherwise tightly knit security Web surrounding an organization�s network.

�We absolutely know people treat IM differently than they treat email,� Nick Emanuel, senior product manager for Symantec.cloud, said in an interview.

About 60 percent of respondents use IM to communicate with people outside their organization, with 43 percent using the software to share content unrelated to work, according to Symantec, which conducted the study about corporate use of IM. In addition, 29 percent said they used IM to send information they would not want their boss to know about, the poll found. Alarmingly, 1 in 11.3 links sent over IM are linked to malicious Websites, according to a recent Symantec Intelligence Report. And fewer than half of those organizations surveyed have the necessary controls in-place to monitor IMs, Symantec research indicated.

Symantec Security Operations Center helps organizations protect their instant messages, emails, networks and data centers from malware, theft of proprietary data, and adherence to acceptable use.

Adoption, however, is growing so IT must address these issues. In a Frost & Sullivan survey of European executives, 73 percent cited IM, 71 percent cited telephony presence, and 63 percent pointed to enterprise Web 2.0 as the most popular tools used daily by c-level executives. Well aware of the benefits these tools deliver, 46 percent of those surveyed planned to increase the budget for these tools in 12 months following the poll, which was released in late 2010, said Dorota Oviedo, Frost & Sullivan industry analyst for the Unified Communication and Collaboration group and co-author of the survey.

Other analysts agree.

�Instant Messaging in the workplace is becoming ubiquitous for both internal and external communications in organizations of every size,� said Chris Christiansen, vice president of Security Products and Services at IDC. �But this popularity is one reason why organizations are vulnerable to the risks that come with using desktop IM clients. Corporate IM needs the same high levels of malware protection and regulatory compliance required of email and Web services. Cloud-based security services can provide such protection.�

Technology is not the only tool at IT departments� disposal. Leaders are using disclaimers, education and ongoing training to keep employees aware of the need to treat IMs cautiously and correctly. In the United States, some heavily regulated industries such as finance and health care already have implemented disclaimers�mandated in Europe�on their IMs.

To help organizations avoid both the technological and human dangers associated with IM, Symantec in November unveiled Symantec Instant Messaging Security.cloud (IMS.cloud) with support for Microsoft Lync. IMS.cloud is designed to scan every IM coming into or leaving an organization. The software scans attachments for viruses, worms and URLs that may lead to malicious Websites. All incoming and outgoing messages are also matched against the organization�s acceptable use policies; any message that is malicious, suspicious or violates corporate policy is automatically blocked, and the user is notified.