At the moment, instant-messaging (IM) applications seem to benefit consumers and IM application vendors rather than enterprise-level users.
"IM's a waste and a risk for large companies," says Joseph Fuccillo, senior vice president at infrastructure and outsourcing provider XAnd. "Even if the software is free, every application a company runs costs them money to implement and maintain. Besides, if a company uses Exchange or Notes, I can send them a secure email, and it pops up on the recipient's machine in seconds."
Instant messages compound the security problems that plague email. For example, instant messages can import viruses or export marketing intelligence, trade secrets, or harassing remarks. However, while email has numerous tools and filters to help administrators centrally monitor security and even occasionally eavesdrop, IM applications have comparatively few.
In fact, its "ready, shoot, aim" nature thwarts administrators' attempts to impede the unregulated spontaneity of instant messages. And that's not a risk any company can afford to take in this litigious age--at least not for the convenience of saving a couple of seconds now and then. In the face of this legal threat, it's small comfort that an instant message typically has a short life. You can be sure that some will live on long enough--in the form of a saved copy--to cause problems later.
There may be one exception to the no-IM-in-the-enterprise rule. If you want to collaborate over an intranet or the Internet with a group of colleagues in real time and exchange files with them, then IM might make sense. Then again, you could use any of a dozen other solutions, including online collaboration sites, such as Intranets.com, WebEx, or ScheduleOnline. Costs range from free to US$20 per user. These sites and others offer encrypted and password-controlled document exchange, data storage, collaboration, and embryonic project management. Microsoft SharePoint Team Services, a new Web or intranet-based collaboration service available with Office XP, offers a suite of similar secure services that is tightly integrated with Word. IM-only companies who target the enterprise include Ezenia, Bantu, Lotus, and Jabber. Lotus Sametime can integrate with Notes and thereby benefit from Notes' extensive security features.
A more traditional and secure method for exchanging messages is groupware, although IM enjoys a performance edge. IM technology is not as well suited for intense collaboration as is Lotus Notes, Microsoft Exchange or Novell GroupWise, but IM applications are cheaper and easier to learn. Another, although left-handed, advantage to officially adopting IM applications is that a company can then exert some control over employees' use of it. The hope is that through monitoring and logging, an administrator could discourage employees from idle chatter that masquerades as work.
Centralise the data stream
If, however, staffers successfully lobby for real-time, pop-up messaging, administrators should consider limiting potential liabilities by creating a dedicated Internet Relay Chat (IRC)/IM server. Centralising the message and data stream would simplify the task of keeping tabs on who says what to whom, depending on the IM application's feature set. For example, Jabber and Lotus Sametime offer centralised management; many other applications do not.
Another way to have some control over incoming and outgoing data is to use a nonproprietary IM application, such as Jabber. Built with the help of open source development group Jabber.org, the IM app uses port 80, the standard port for Web traffic, making it easier for network administrators to log and track messages. Jabber's newest release, Server 2.0, begins to address security with message encryption, multiple levels of authentication, and support for SSL. Hmm, that's starting to sound a lot like what email already does.
While the benefits of IM are minor, its potential to undermine your security policies is major. If you're still curious whether IM can improve communications, and no existing application can meet the same need, I suggest trying a pilot program on an intranet using Jabber, which is free. "IM is not likely to be a critical application," says Fuccillo. "Try it experimentally as you would with any new technology."
