IM the Great “Catflap” of Enterprise Security

July 4, 2007: The analysts at Gartner have announced that attitudes are changing and while instant messaging services are no longer seen as ‘the great communications catflap’ when it comes to security, they still represent a security threat.

According to Gartner, the penetration of enterprise-grade IM will rise from the current 25 percent to nearly 100 percent by the end of the decade, increasing risk to enterprise security if staff are not educated properly and no usage policies are in place.

“IM represents a largely unregulated hole in the messaging firewall. And because IM has historically been a consumer-driven phenomenon, with individuals using it for both personal and business purposes most IM applications are installed by the user and not the IT staff,” said Andrew Antal, MessageLabs marketing director for Asia Pacific.

“Our research shows that in Australia over 60 percent of workers use or have used IM at some time and that over 50 percent of these workers use a consumer rather than an enterprise solution. And yet 75 percent of the respondents also admitted they saw IM as a potential security and compliance risk, while even more worryingly 25 percent didn’t think there was any risk.”

Despite these blasé attitudes towards IM security, MessageLabs claims to have witnessed the number of threats targeting IM increasing. The company says its data shows incidents of worms, viruses and other security threats increased 723 percent in the first quarter of 2006 compared to the same period in 2005.

The firm says the MSN network, including both MSN Messenger and Windows Messenger clients, lead the field when it came to total threats for 2005, while threats to the AOL messaging network gained ground. Risks are only going to escalate as use does, particularly with new players such as Google entering the field.

“It's essential that business understands there is no point being 85 percent certain you are protected. As IM grows according to Gartner with ‘adoption similar to the take-up of email in the early 1990s’ business should be aware of the issues,” said Antal.

“The immediacy and informality of IM, which is a big advantage for users, is a disadvantage when it comes to the spread of IM-borne viruses. Viruses can easily penetrate and propagate within a network by being attached to an IM attachment or being an embedded link which IM users are likely to click.”

To help close security holes, MessageLabs suggests that businesses first conduct an audit of IM use, put together a usage policy, educate staff about the risks and overall consider deploying a secure IM client.

Comment on this story