Enterprises see promise in instant messaging but are slow to make it part of their daily operation because of security concerns and a lack of interoperability, the Yankee Group said in a new report.
Phebe Waterfield, a security and services analyst for the Boston-based research firm, interviewed a combination of IT managers, presidents and vice presidents at enterprises in May and June for the report, "Lack of secure interoperable protocols hinder enterprise IM and online collaboration." She found the biggest roadblock to full IM adoption is "the lack of interoperability on IM networks and the absence of unified collaboration solutions."
"The 25 enterprises I spoke to all had the same complaint: IM could not be adopted enterprise-wide due to the lack of interoperability with public networks," Waterfield said. "This was seen as both a security and a business concern. It reduces the usefulness of the technology and makes it difficult to manage, which in turn makes it difficult to secure."
When significant risks are perceived or use of IM is widespread, Waterfield said enterprises "turn to IM security solutions that can provide content controls and antivirus protection. But many other enterprises are failing to find sufficient business need, and instead are adopting a 'no use' policy for IM and attempting to enforce those policies at the perimeter using firewalls and IDS."
To date, Waterfield said the lack of interoperability has actually prevented threats from spanning multiple networks. But as better interoperability enables more businesses to adopt IM in the future, security threats will increase. "The need for robust IM platforms that are secure will eliminate the market for point IM security solutions," she said.
There are already signs of a market convergence that will make IM more attractive to enterprises in the future, she said. They include developing partnerships between Yahoo Enterprise Messaging, Web conferencing vendor WebEx and portal vendor Plumtree. Meanwhile, large business application vendors like IBM, Oracle and BEA Systems are moving toward the content management space and will need to partner with leading IM vendors to enable integration. Hardware platform vendors Hewlett-Packard, Sony, Nokia and Ericsson will also play a leading role in developing collaboration features on mobile networks and will partner with enterprise collaboration vendors to integrate with corporate systems, said the report.
Companies that already rely on instant messaging to trade files with clients and keep in touch with a growing mobile workforce have quickly found the technology comes with a host of security headaches. One of the biggest problems is that employees get their IM client from a variety of big-name providers. IT departments have little or no control over these consumer-based services, which can be vulnerable to hacking and incompatible with company networks.
"A lot of clients have asked us about guidelines for IM policies they can implement," said Chris Novak, senior security consultant for Belgium-based security firm Ubizen. "A lot of financial institutions are worried about the instant communication of IM. They want to be able to track IM conversations. There's also a lot of concern about how to comply with government regulations."
He agreed with the Yankee Group's assessment that lack of interoperability is an obstacle and that the focus will shift to security as that problem is ironed out.
Tom Corn, vice president of business development for Cambridge, Mass.-based security firm Mazu Networks, agreed. "People are moving very cautiously," he said. "That in itself is a problem, because if you don't give people a secure route to IM, they'll find another way to get it. That's when you open the door to threats."