Business: IM is getting out of control
Published: 26 Apr 2001 15:14 BST
It's one of the dirty little secrets of corporate communications: executives and other employees routinely chat via notoriously insecure instant messages.
America Online, Yahoo! and the other providers of popular IM applications maintain that their software is focused on the consumer market. That has opened a niche to a crop of startups that are beginning to address IM's rapidly growing corporate audience, adding security features and other improvements to make instant messaging more palatable to executives and information systems managers.
Competition is already fierce for the nascent corporate IM market, which analysts expect to explode in the next three years. Corporate IM users are expected to rocket to 181 million in 2004 from a meager 6 million last year, according to an August 2000 report by IDC.
IM companies targeting the enterprise include Jabber, Mercury Prime, QuickSilver, 2Way, Ikimbo, Ezenia, NetLert and Bantu. Lotus Development, a unit of IBM, was early to the enterprise IM game with its introduction of the Sametime application in December 1998.
This proliferation of secure products comes just as corporate IM users are taking a second look at the wisdom of exchanging sensitive information via instant message, the hazards of which were brought into high relief after the purloined ICQ logs of eFront chief executive Sam Jain were posted to the Web, causing the company serious difficulties.
"Security has become the sine qua non for success in business messaging," said IDC analyst Robert Mahowald. "When you hear about something like what happened to eFront, it makes a very compelling case on why a business should be spending money on something they could get for free. You're getting a lot more when you're paying for it, from security guarantees to interoperability with other applications, technical support and increased functionality."
The use of IM applications appears to be creeping up on companies as workers download free consumer-oriented software for an unclear blend of personal and business use.
"Within businesses, a lot of people are using the free IM services," said James Kobielus, an analyst with The Burton Group. "It's a grassroots phenomenon. They're using it to communicate externally with business associates or fellow employees on the road or family and friends. People everywhere are trying these services, then demanding that companies implement instant messaging internally."
Instant messages introduce many of the same problems that email does. Not only can instant messages harbor viruses, but they are efficient conduits of information that can cause legal headaches for a corporation, including the divulgence of trade secrets or the exchange of libelous or harassing statements.
But the nonstandard nature of IM technology means it's difficult for IS managers to account for it.
"It's essentially mail content that needs to be filtered subject to a company's policies," Kobielus said. "But to the extent that each instant message vendor has its own message format -- that makes it difficult to filter."
Kobielus lauded Jabber, a commercial product based on open-source development organisation Jabber.org, for using port 80--the standard port for Web traffic -- thus helping firewall administrators account for and filter IM content.
"If you're a firewall (administrator), you don't want traffic coming in on funky new port numbers you've never heard of before," Kobielus said. "You'd prefer that it come through on a standard port. Firewall administrators are loath to open up to nonstandard protocols."
With the recent release of Jabber 1.7, for the Windows operating system, the company lets its users encrypt messages both when they're in transit and when they're logged on to the sender's or recipient's computer. The updated version also adds directory searching, a new interface, conferences, and support for file transfers via server and peer-to-peer.
Although many start-ups are focusing on IM security, the largest providers of instant messengers convey an "at your own risk" attitude.
America Online's ICQ repeatedly warns members against using the application for sensitive communications.
"Do not use ICQ for Mission Critical applications, Content Sensitive material, if the risk of exposure to objectionable material is unacceptable to you," reads the ICQ security page. Elsewhere, ICQ reiterates its warning more bluntly: "NEVER send any content-sensitive material on ICQ."
AOL Instant Messenger (AIM) does not explicitly warn people against sending sensitive material. But America Online points out that with the exception of its version for the Macintosh, AIM is not capable of saving copies of the messages to a member's computer -- as ICQ does -- and that it does not store copies of the messages on its own servers. The AOL Time Warner division only keeps logs noting when an individual signed on or off the service, and those are erased after 10 days.
Still, unencrypted instant messages can be intercepted and read en route to their destinations, a point the major providers concede but downplay as a matter best left to individuals' discretion.
"We always recommend that users express their best judgment when communicating sensitive information, whether through email, messenger or via phone," said a Yahoo representative.
AOL declined to say whether it is considering putting out an enterprise-grade version of its instant messenger and said it doesn't know how many people are using the application at work. But Lotus and iPlanet -- the enterprise software alliance between Sun Microsystems and AOL unit Netscape Communications -- do have products or product plans that involve AIM.
For Lotus, the deal with AOL lets its Sametime IM application access AOL buddy lists so its members communicate with people on the AIM network. That's something Microsoft and other consumer IM application providers tried to do without consulting AOL, resulting in a high-stakes dogfight over creating an open standard such as the one that lets e-mail traverse any number of competing applications.
Lotus, early if not first to the corporate IM market, says it has seen a sharp uptick in demand for its application.
"Over the last year, it's been remarkable," said Jeremy Dies, brand manager for Lotus Sametime. "Not just with adoption rates, but with the sophistication of the users as well. We've seen a change from people asking, 'Why would I pay for something I could just get for free?' to strategic questions like, 'How I can use this as a business tool to create community among suppliers or possibly to add a real-time component to improve customer service?'"
iPlanet declined to comment directly on its plans to implement AIM in its corporate communications products but suggested that it would release an AIM-based product in the near future.
"We have made no public announcements on IM products," said John Fanelli, director of product marketing for iPlanet's portal and communications products. "However, that said, we've spent a lot of time with our enterprise customers in understanding their needs. Our current line includes calendar and email, and IM would seem an appropriate addition to those tools. I would expect to see an announcement in the near term and would expect that announcement to include some reference to AIM."
Despite reports from Lotus and some others of burgeoning demand, some analysts say AOL, Microsoft and other heavyweights are likely to sit out any corporate IM craze for the simple reason that most business users are still driving demand for the consumer-grade products.
"Business users definitely are demanding these services, but for the most part they haven't demanded strong security," Kobielus said. "That's the grassroots users. The firewall administrators and IT professionals? That's another story. But for now, AOL is content to continue addressing the core consumer market with core IM capability. And people seem to be content with that."
Take me to ZDNet Enterprise
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.
Let the editors know what you think in the
Did you find this article useful?
42 out of 68 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
