Granted, there are programs that allow trading of encrypted messages among different corporate sites if you have a VPN (WiredRed Software's e/pop and Jabber's Messenger, for example). Your users can also chat securely with people at sites that use messaging products based on SIP (Session Initiation Protocol) and SIMPLE (SIP for Instant Messaging and Presence Leveraging Extensions), such as IBM Lotus Sametime. But either way, you still haven't made it safe for users to exchange instant messages with AOL, MSN, or Yahoo, which do not use encryption at their end.

[an error occurred while processing this directive]

No matter how secure your internal IM, letting users talk to the unencrypted public networks means messages are being sent over the Internet and can be intercepted, read, and exploited. Most end users are unaware that seemingly benign business information can put their companies at risk, whether the information is as "innocent" as the name of the janitor or the type of mail server running, both of which can lead to attack by social engineering. Yet instant messages between your employees and outsiders may contain material with much more obvious liabilities -- especially when employees believe their communications are secure.

The public IM networks have plans to encrypt their traffic, but none has delivered as yet. Even the first version of AOL's AIM Enterprise Gateway doesn't have end-to-end encryption. Only one product we've come across has a partial solution for encrypting conversations over the public networks: IM-Age Software's IM-Policy Manager, which adds a management layer to public IM clients. Outgoing IMs request that public IM users download and install a small application to enable encryption at both ends. If the outside party declines, the insider can continue or discontinue the conversation as a matter of choice, policy, or IT enforcement.

If you want to know how many of your employees are already using unencrypted IM networks, download Akonix Rogue Aware, and see for yourself. The free monitoring tool exposes hidden IM traffic and shows usage statistics, but to enforce your policy, your IT department will need IM-Policy Manager, which can restrict employees from using public messengers.

Most companies have rogue public IM clients all over the place, whether they know it or not. While there are good reasons for employees to talk to customers and business partners over public networks, companies shouldn't have unsupervised communications flying around. This may already be required by regulation, in the case of the healthcare and finance industries, but even if it isn't, it's corporate suicide to make privileged information so vulnerable.

1 2	| Next page

[an error occurred while processing this directive]

[an error occurred while processing this directive]