Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IM: Increasing Menace

Few think of instant messaging (IM) systems when the talk is about managing data. But the sad truth is that IM has become a potentially lethal time bomb in many data centers, as managers struggle to police end-users and deal with a plethora of competing technologies.

IM, I believe, still poses a major security challenge for corporations,” says the information security director of a major U.S. airline, who asked not to be named. “Just by the breadth of the installed base, it increases a company’s attack surface substantially.”

To make matters worse, research released today by vendor Reconnex suggests that many users are blissfully unaware of the risks posed by IM. Over the past two months, according to the report, some 78 percent of companies have exposed Social Security numbers via IM and other Web-based communications. Some 38 percent of the 100 companies surveyed also exposed credit card numbers in this way, the survey says.

The airline director was not exactly surprised by these figures. “Most companies haven’t worked out how to deal with IM,” he says. “We struggled with it for about 12 to 18 months before we said, 'Right, this is the route that we are going to go.' ”

Whereas most users place their IM systems behind the same gateway devices that protect other parts of the network, the exec says the trick is securing IM with its own gateways. “IM is a beast that you have to tackle as a one-off and not collectively,” he notes.

  • 1