Tips for choosing an IM security product
- 26 August, 2008 22:00
Instant messaging (IM) has become an increasingly useful business tool for modern corporations. Data from a Forrester Research survey suggests that 71 percent of businesses will invest in real-time messaging this year.
For many organizations, however, IM security is still a nascent topic. Given the phenomenal increase in IM adoption and the business difficulty of limiting the usage strictly to internal use, organizations are beginning to explore security capabilities that support instant messaging and other real-time communication applications.
To choose an appropriate IM security product, organizations should follow these four steps:
1. Determine the types of IM-related risks and threats that are relevant to your organization.
For example, if IM is used strictly inside the corporation, the threat of SpIM (instant messaging spam) may not be relevant, but archiving or data leaks may be. This step helps you narrow down the set of security requirements. In a typical enterprise deployment, you should consider products that support real-time virus scanning, deep content inspection and SpIM prevention.
2. Determine whether traffic logging and content archiving are important to you.
Compliance and legal needs drive logging and archiving. Look to products that offer either native support for archiving or integration with third-party storage products. FaceTime Communications provides integration with EMC's Centera for IM archiving, while IMlogic, a Symantec company, offers its own archiving product. A bonus capability here is archive search and management.
3. Determine what IM usage policy is relevant to your organization.
It's quite common to have a policy that states that IM communications are blocked for certain groups but permitted for others. Some policies may dictate whether to allow public IMs and file transfers and whether to allow external parties to use your corporate IM. These policies will determine whether you need inline filtering or passive monitoring.
4. Determine any fine-grained controls for IM filtering.
Examples of such controls include filtering based on user identity, IP address, file attachment type and embedded URLs. One customer of FaceTime is an organization with 180,000 users, of whom 12,000 are deemed "regulated employees." It's extremely important for this company to monitor and archive the communications of those regulated personnel and at the same time use a lighter approach for others. The cost of doing otherwise would be prohibitively expensive. For fine-grained filtering, consider products that offer expressive policy definition and configuration and integration with user directories.
Instant messaging is a major enabler of real-time business communication that connects workers across multiple locations. As IM becomes increasingly critical to business operations and progressively converges with other communication platforms, you should include it as an integral part of your content security framework.
Chenxi Wang is a principal analyst at Forrester Research, where she services security & risk management professionals. Download a complimentary copy of Forrester's recent report on IM security.