iTechNote

As instant messaging technology is embraced by information workers and their organizations, it is important that system administrators and information technology (IT) professionals within these organizations recognize both the value and the potential risks posed by this new technology.

For some organizations, the use of public IM clients is an acceptable, low-cost alternative to traditional forms of communication. However, reliance on public or consumer-class IM applications creates some unique obstacles:

Risk 1

The organization has little or no control over how IM applications are used and implemented. Public IM applications cannot be easily “locked” to constrain the types of messages sent or with whom they may be exchanged.

Risk 2

The lack of interoperability between major IM applications makes standardization difficult. Users may have to install multiple IM clients to communicate with all of their intended parties.

Risk 3

As both legitimate and unapproved use of instant messaging clients and peer-to-peer networking increases, new worms and viruses are increasingly using these mechanisms to spread. According to the IMlogic Threat Center, IM-based threats are increasing at an alarming rate. Without specific security measures in place to protect against IM-based attacks, organizations may be exposing corporate networks to unacceptable levels of risk.

Risk 4

IM interactions are not easily captured, logged, or audited. After the client software is closed, messages are typically deleted. Hence, these messages do not become part of any interaction history, and thus the information cannot be mined or used for customer relationship management (CRM) or compliance purposes.

Risk 5

Organizations with strict regulatory compliance burdens have a particular difficulty with public IM clients that do not provide the tools or capabilities required by regulatory bodies.

via TechNet