Corporate instant messaging usage: opportunities and threats

Ovum and the EEMA (The Independent European Association for e-Business) have conducted a joint survey to examine the state of corporate instant messaging (IM). The organisations surveyed member enterprises to discover where they are in their IM deployment, where they expect to be at the end of 2005, and what are their major concerns.

The survey found that the average respondent had 6,018 IM users at the end of 2004, and expected to have 11,351 at the end of 2005.

The following benefits were identified:
* IM has reduced e-mail traffic
* IM has lowered voicemail use
* IM helps make decisions faster
* IM improves better communication
* IM can play a major role in managing crises.
* IM can be disruptive if best practice not followed
* IM is widely used by home tele-workers
* Ability to make presence available to applications
* All large organisations are planning for future use
* Aids video and tele conferencing
* Chat enabled help desks

The following issues and requirements were identified:
* Many organisations don’t even realise they use IM
* Security - virus and worm Attacks, SPIM and Identity Theft
* No focus on logging and archiving
* No controls or auditing
* Appears to be considered outside legislation
* Open standards are required for interoperability
* Enable internal users to communicate with external consumer IM users
* Large organisations saw a requirement for mobile phone interoperability
* Presence enable corporate directory applications
* Business case justification & ROI

Compliance and Governance issues
The survey identified the following areas that need consideration when assessing corporate IM usage:

* As with any compliance or governance exercise organisations need to establish the risk, activate an avoidance policy; consider archiving, harassment, presence, micro monitoring and what needs to be discoverable in terms of litigation.

* Technology is being adopted very quickly and accelerated change can often cause problems with the law and regulators. For example misrepresentation is more likely as IM becomes more widespread. It is important to make it clear what users can and can’t do – business best practice needs to be more granular to clear up the grey areas. However, this does not mean repackaging the e-mail and Internet use policy.

* Multiple, simultaneous IM conversations mean mistakes can easily happen. For example, inappropriate content or infringement of 3rd party IPR can occur. Also increased informality increases the risk of harassment – this is now a big issue as there is a blurring from joking to harassment.

* Organisations are finding that users are often deploying IM in a deliberate manner to circumvent corporate content control this is particularly relevant in highly regulated environments.

* Archiving issues arise such as when using non-corporate systems, one user can archive without the other knowing.

* How do you prove aliases and what disclaimers do you need? IM could also be used by HR to micro monitor work patterns which could constitute disproportionate monitoring.

* In the future, watch out for content rich SPIM, however, in assessing risks, don’t overlook the undoubted benefits of the medium.

EEMA are exhibiting at Info security Europe 2005, 26th – 28th April 2005, the Grand Hall, Olympia. www.infosec.co.uk

•Date: 25th February 2005 • Region: UK/W.Europe •Type: Article •Topic: ISM
Rate this article or make a comment - click here