The explosion of communications channels during the past few years makes it possible that those charged with security – particularly, mobile security – will accidentally overlook something that actually poses big risks. It is important to guard against this.
Instant messaging (IM) is a great example of a threat that hides in plain sight. Communications channels, which can be cobbled together informally or in formal unified communications (UC) packages, are comprised of real-time and non-real time applications. IM is real time, which makes it even more of a potential threat. But it can ride well under the radar of security staff’s concerns.
The reality, of course, is that IM is ubiquitous. Indeed, as employees become less wordy (due to text messaging and Twitter, mostly) and more mobile, it is replacing email as the way to pass quick messages. It is no longer accurate to say that the line between business and consumer apps is fading. It no longer exists at all. Workers use IM. Attention must be paid.
There are technical and human elements to this. Software that buttresses IM security is one aspect. The other is to make sure that employees recognize that IMs are just as sensitive, and just as interesting to regulators and law enforcement, as other forms of electronic communications. Industry veteran Pablo Valerio, writing at InformationWeek, stresses the importance of making sure that the message about IM security gets out:
Same as with the BYOD phenomenon, IT needs to educate users on the advantages, and problems, of using IM for work. If the enterprise has its own IM platform, employees should be instructed and required to use it. Otherwise IT departments need to ensure some basic rules are followed by everyone and sensitive corporate data doesn't go away on a click.
Two things are clear from a roundtable on business communications and compliance at Forbes: that the regulatory and legal dangers from errant IMs are as great as any other type of communications and that employees use “informal” platforms almost without thinking. The latter point is especially true of younger workers who live and breathe by short messages. Training, says Christopher Martini, VP of Skype for Business, “can’t be overlooked.”
IM is part of the mesh, and will stay that way. Dave Michels, a principal analyst at TalkingPointz, points out at No Jitter that IM’s limitations are leading to its being superseded, or at least supplemented, by sophisticated real-time systems. Michels’ piece looks at Mitel, which is adding features to its platform to make it more responsive and flexible. It seems, however, that IM will continue to be a big part of Mitel’s platform.
The fact that employees use IM on a formal and informal basis is hardly news. What is important to remember, though, is that properly securing these platforms is vital. It is also important to drive home to employees that a short IM message sent to the wrong person or containing the wrong information data can be extremely damaging.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.