Reining in public IM

There is no question that IM is entrenched in the enterprise. More than 90 percent of businesses report IM activity, according to Osterman Research. A main reason, as we discovered in "Getting serious about enterprise IM," is the improved productivity and reduced communications costs that IM delivers. What should concern CIOs is that unsanctioned consumer IM networks -- such as those from America Online, ICQ, Microsoft, and Yahoo -- make up 80 percent of corporate IM use today, and the number of users of these unsecured IM networks is growing at a fast clip, according to The Radicati Group. True, public IM networks offer enterprises some protection, such as very basic identity control. But organizations are still exposed to a multitude of security risks, including viruses and breached firewalls.

What’s more, IT executives can’t ignore the significant legal and compliance issues brought about by employees using both enterprise and consumer IM software. Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, the Graham-Leach-Bliley Act, and related legislation all require secure, auditable electronic communications, including instant messages.

Rather than advising you to block IM use -- or suggest you implement enterprise IM, with its 12- to 18-month revision cycle -- I looked at solutions from Akonix, FaceTime Communications, and IMlogic, each of which helps secure consumer IM and disable p-to-p network activity. With such a solution in place, users can continue to benefit from consumer IM products -- especially in terms of communicating with clients and partners outside your organization -- without exposing your corporate network to added risks.

So why not simply beef up your existing firewalls? After all, IM and p-to-p applications each use well-known ports that could be blocked. Unfortunately, these applications easily tunnel through other common ports used for legitimate HTTP, e-mail, or FTP. To make matters worse, IM applications slip files past anti-virus scanners as well.

The answer -- employed by all three security products reviewed here -- is a gateway specifically tuned to detect IM and p-to-p use. From there, these solutions enforce the access policies you set. For example, you could permit MSN text messaging but not file transfers.

Predictably, testing these offerings uncovered differences in performance, usability, and how they integrate with enterprise IM. Akonix L7 Enterprise 3.0 is a software proxy gateway that provides compliance logging and integrates well with enterprise IM. For basic IM and p-to-p identification and connection termination, Akonix Enforcer 3.1 works well. FaceTime’s RTG500, a plug-and-play network appliance, connects to existing networks to screen IM software, while the companion IM Auditor 5.0 blocks unsafe IM features. IMlogic’s IM Manager 6.0, another software gateway, stands out with excellent usability, very flexible policy management, and scalability.

In the end, locking down IM will challenge IT departments already stressed with the burden of dealing with security holes in other applications. But the products tested here, along with some commonsense steps, will reduce the likelihood that IM systems will create security problems for your network.

Akonix L7 Enterprise3.0