Quick Message to UK Businesses: Banning IM is a Bad Idea


The reality that banning a generally available platform due to security fears is folly is accepted by most IT pros, especially those who were paying attention during the early days of wireless local-area networks.


The first problem is that employees will find a way to use the product anyway. Indeed, this will make the situation worse because the replacement likely will be a security-challenged consumer version of what is being banned. It also will be operating outside the control -- or even knowledge -- of the IT department. Finally, banning doesn't work simply because the verboten platform will be used by competitors, who will now have an advantage.


Seems pretty clear, right? Well not to businesses in the U.K. As a recent IT BusinessEdge post reported, almost three quarters of businesses have banned IM, according to ProcessOne. Apparently, the decision wasn't made by IT, since 88 percent of directors are concerned with use of Windows Live Messenger and other consumer products. To make sure that these companies are doing the equivalent of smoking while filling up with petrol, only 12 percent keep an audit trail of IM messages.


Anyone who thinks that the idea that IM is a potential source of trouble is over-hyped should read the beginning of this useful CSO Online piece on tools to protect IM. The writer says that Akonix tracked 20 piece of IM malware in February, a 43 percent increase over January. The three kings of IM security are FaceTime, Akonix and Symantec, with bits and pieces available from St. Bernard, Trend Micro, Barracuda Networks, Secure Computing and Websense. Hosted approaches are available from MessageLabs, Postini, MX Logic and FrontBridge. The piece says that key capabilities are archiving, authorization, compliance and manageability. Finally, the writer offers dos and don'ts for IM security.


eWEEK Mid-Market paints a picture of an business world moving inexorably toward IM. Security is a major concern, the writer says, and lays out two approaches: Corporate platforms offer built-in security, and consumer systems can be better protected by functionality from Symantec, Iconix, Facetime or others. The writer discusses some of the management tools that are present on corporate systems but must be added to consumer platforms. Such software, which can provide managers insight into how the system is being used, are closely related to security.


A blogger at State Spelling Chimp -- we had to use the blog's name -- offers a nice list of ways in which IM platforms can cause trouble. The problems, which are particularly acute in consumer systems, include vulnerable clients, traffic sniffing; use by dishonest employees to traffic sensitive data; weak user authentication leading to identity theft; clever hacking to read IP addresses and social engineering attacks. Some good safety tips are available at Security Teacher.