Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Affordable IT: Securing Your IM Systems: Page 2 of 6

Setting up an IM network is cheap--a public IM system is free--but there are hidden costs. For instance, industry and government regulations, including GLBA, HIPAA and Sarbanes-Oxley, may require you to secure and log all IM transactions, limit who can talk to whom or require encrypted channels. Sensitive information can be leaked, and users and viruses can tarnish your network, your data and your reputation. All these factors will determine whether public IM is even an option and will influence your choice of private IM systems.

Public IM often refers to the "big three": AIM, Yahoo and MSN messenger, with ICQ running a distant fourth. Aside from miniscule bandwidth usage, it costs nothing to use a public IM network. However, these third-party networks are completely beyond local control. Many lack encryption and other security features, and their client software may contain vulnerabilities that could open your workstations or even your entire internal network to attack. Furthermore, most of the public IM services lack logging and auditing capabilities.

Private IM networks can be run exclusively by your organization or by a third party with controlled subscription. The most frequently used private IM system is Jabber (though you can set Jabber up as a public system as well). AOL and Yahoo discontinued their IM corporate suites almost a year ago (see "Enterprise IM Won't Miss AOL, Yahoo,"). Some e-mail and collaboration suites, such as Gordano Messaging Suite and Novell GroupWise, offer IM capabilities. Chat rooms, though not strictly IM products, offer some of the same features too, but many viruses, exploits and social-engineered attacks have come over IRC, the most popular Internet chat protocol.

Before choosing a public or private service, determine your IM's business purpose and your company's data-security requirements. Companies with geographically dispersed locations may derive more value from IM services than a company where all employees are in one office. Additionally, individual departments, such as sales and support, may find IM more beneficial than receptionists and security guards would.





The IMLogic Threat Center Web site



Click to Enlarge