Endpoint Protection

It is old news about the security threat from instant messaging (IM) but a reminder of the interesting statistic from IDC on instant messaging is worthwhile. Back in July 2008. IDC predicted that IM would overtake email as the preferred form of business communication by the second half of 2010. As we are half way there and the explosion in IM continues unabated, most of the horror stories to emerge regarding security have focussed mainly on the threat of viruses, worms and botnets. Most IM providers do not encrypt transmission nor can any firewall scan for viruses contained in IM traffic. Few providers store messages for investigatory purposes: all the features that are provided by email.

The other point to consider is that not just messages are sent but files, documents, links - anything can be passed, none of which is encrypted. The reason that IM is so popular is really because of the ease of use over email but with the ease of use comes the lack of security. Once IM has been secured through encryption, message capture, virus scanning, etc then some other method of communication will be invented to circumvent it.

But the question of information protection is the problem here. In any data loss prevention scenario, to stop email, HTTP and USB devices but allow IM to be used unchecked is pure folly.  Organisations need to consider whether IM facilities should be withdrawn for external connections. Certainly any advantage in cost of an IM solution as opposed to email will be negated if all the security protection were to be implemented. I just wonder how much business communication is performed over IM versus chats with your mates. So if it was removed then would productivty suffer? It might actually increase as people get on with their jobs.  cheque please!