Has instant messaging crept into your enterprise? Rather than banning it altogether, consider developing a management strategy that makes the most of this burgeoning real-time communication medium.
It's arguable that organizations are discovering instant messaging (IM) the same way they "discovered" the PC and Internet after a significant percentage of their employees were already using it. IM is akin to a text-based telephone conversation. Participants communicate with each other by sending typed messages back and forth over the Internet in real-time. In the past few years, this method of communicating has jumped from obscurity to everyday practice for millions of users.
The huge public IM networks have such a strong foothold that they are the default client of choice in many enterprises especially in enterprises where IM is not officially sanctioned.
While typing may not be as easy as talking on phone, "conversations" held over IM are quicker and more direct than communicating via e-mail. This has helped IM find a niche, first in personal, and now in corporate, communications.
The huge public IM networks (i.e., AOL, MSN, and Yahoo!) have such a strong foothold that they are the default client of choice in many enterprises especially in enterprises where IM is not officially sanctioned. The public IM clients are free, well-developed, and often have a subculture of their own, which has added to their popularity. They are called "public" because communication bypasses the enterprise's server and is relayed via the Internet from client to client in a peer-to-peer structure.
The Four Stages of Enterprise IM Acceptance
The downside of public IM is that because it bypasses the enterprise's servers, it brings with it a vast amount of unregulated, unsecured, and uncontrollable communications traffic. In most enterprises, management undergoes a series of reactions:
- Denial: IM, so what? No one here is using it. We don't support it.
- Refusal: Shut it all down!
- Acceptance: Let's see what we can do to manage IM.
- Opportunistic: What advantages can we get from IM?
Enterprises that in remain denial of IM's use are likely to encounter the most trouble: Federal laws such as Sarbanes-Oxley and HIPAA require corporate e-mail and "similar" communications be archived. Unmanaged IM may also lead to intellectual property loss and wasted employee time. IM is also a channel for virus attacks.
Enterprises in the other three stages (refusal, acceptance, and opportunistic) will seek ways to deal with IM. They may turn to private IM servers or gateways (or both). ServerWatch has reviewed a number of gateway products that offer a range of options to better manage IM in a corporate environment.
>> Acknowledging and Managing IM
After IM Use Has Been Acknowledged
IM solutions fall into two models: Enterprise IM networks are available for an enterprise's private intranet (e.g., IBM SameTime or Microsoft Live Communication Server), and hosted IM networks (e.g., Reuters Messaging), where a third party manages the servers offsite but the enterprise has access to the data. With both types of solutions, messages are transmitted via a private server. This is inherently more secure than public IM (although it is not necessarily completely secure), and it is easier to stamp corporate policy and identity on the IM system.
Most IM gateway products are proxy servers attached to a database system. The proxy server monitors IM traffic and enforces policy; the database system records the messages and keep logs of IM operations.
On the other hand, with many employees accustomed to the public IM networks, enterprises may be loathe to cut the outlet off entirely. Although there are risks, allowing the use of public IM does open business possibilities to the wide Internet, especially for businesses that rely on external communication (e.g., brokerage houses, real estate firms, and other sales organizations, as well as tech support outfits). For such organizations, a better solution might be an IM gateway server, which manages all IM traffic both public and internal and adds a high level of control and security to IM communication. Products such as Akonix's L7 Enterprise, IMlogic's IM Director, FaceTime's IM Auditor, and Antepo's OPN System.
From a business perspective, the key to a successful IM strategy is control. By blocking all IM ports at the operating system level, IM traffic is completely stoppable. But the point of using servers and gateways is to have the benefits of IM (and the goodwill of employees) without compromising security and corporate policy. Both IM servers and gateways provide the means to authenticate users and, to some degree, control message content. Gateways are particularly good at enforcing company policy over the who, what, where, and when of IM usage. Most IM gateway products are proxy servers attached to a database system. The proxy server (or its variations) monitors IM traffic and enforces policy; the database system records the messages and keep logs of IM operations.
Rules management (e.g., no file transfers bigger than 1 MB) is crucial to gateway operation, and the granularity (differentiation of levels) for user authentication, administrative management, and rule definition becomes very important especially with a large number of users. A good example of this is support of IM "groups," which incorporates the ability to apply rules to users by assigning them to one or more groups. While all gateway products claim enterprise-level capacity, the real question is: For which enterprise and at what level of capacity? The differences in IM gateway products are not always obvious, so evaluating and testing in specific circumstances is important.
Despite the sophistication of the technology, it takes human analysis and management to make IM systems effective.
There are two key factors to bear in mind when planning your IM management strategy: First, IM has relatively high performance requirements because users expect it to work in real time (not delayed like e-mail). It's also "bursty" with periodic heavy use, and, like e-mail, it may contain other material (e.g., files) that add to the load. An IM system servers, routers, and management software must work in tandem to maintain a user-acceptable level of performance.
Second, despite the sophistication of the technology, it takes human analysis and management to make IM systems effective. Without people to audit messages, update filters, manage authentication, monitor traffic, and enforce compliance with company policy there is no point to making an investment in controlling IM.
It should also be kept in mind that IM products (server and gateway) must almost always work in concert with other systems e-mail archiving, anti-virus, user directories, and the various public and private IM providers so the level of support in these areas is important.
For some organizations, the picture of IM implementation in the enterprise is "yet another headache for IT." For other organizations, IM represents an opportunity to explore another mode of communication for business advantage with the appropriate controls. IM is a young field, yet the companies developing IM products, including giants like Microsoft and IBM, have already committed significant resources to providing IM services and the opportunity to develop IM-based applications. The message here is that they believe IM is a viable technology.
Like the advent of the PC, e-mail, and the Web, it's better in the long run to look for business advantages of IM than get into it by default. In short, assuming the technology is managed properly, being opportunistic about IM will have the biggest pay off.