Survey highlights IM threats
Corporate networks at risk from ad hoc use of increasingly popular business tool
Instant Messaging (IM) is opening up enterprises to major security risks as the application grows into an important business tool, according to the results of a survey conducted by the Information Security Forum (ISF).
Resellers should be closing the loopholes found on customer networks as a result of unregulated IM use, the report claimed.
Adrian Davis, ISF project manager, said IM has become far more than a recreational messaging tool. "It now includes file transfer and conferencing facilities, and is used for a range of important business purposes such as e-commerce, financial trading and IT support," Davis said.
He added that the market is still immature and there are few industry-wide standards or interoperability between services, applications and add-on products.
The report cited poor identity management, weak user authentication, inadequate logging and limited encryption as problems with most IM applications.
Davis said the report was carried out in response to concerns expressed by the group's 260 corporate and public-sector members.
Corporate acknowledgement of the problem is reason enough for resellers to be adding to their portfolios. In the report the ISF recommends a five-step process to secure IM services. These include risk analysis, configuring IM application controls, securing IM infrastructure and applying management controls.
David Ellis, director of e-security at distributor Unipalm, agreed that corporate networks are at risk as a result of "ad hoc" deployments of IM. He said firms must act quickly to standardise and secure its use.
"Groups within corporates have deployed IM without the involvement of central IT departments and there have been security risks introduced to these companies," Ellis said.
"There has been an increase in the number of products going into firms to protect against IM security risks, and it is an area resellers should be addressing."
Unipalm distributes products from Blue Coat and Websense that target such risks.
Ashley Bateman, technical sales manager at reseller Data Integration, said the need to secure IM use is growing. "It's a useful business tool that has a personal use, so firms need to control it, not just block it," he said.