Instant messaging security addresses risks, compliance

By Colin Steele, features writer 08 Jun 2007 | SearchSecurityChannel.com

Channel News Update Digg This!     StumbleUpon     Del.icio.us

Malicious attacks via instant messaging (IM) applications are up 73% so far this year, according to security and compliance vendor Akonix Systems. But other instant messaging security risks, especially the potential for data leaks and policy breaches, are even more pressing reasons businesses and organizations need to secure their IM applications, experts say.

As more businesses realize that need -- and others begin to accept IM in the workplace -- opportunities will increase for value-added resellers (VARs) to create custom solutions that

Most organizations do recognize [the need], but it's just a matter of priority Matt Anderson senior analyst, The Radicati Group

address instant messaging security risks, said Matt Anderson, a senior analyst for The Radicati Group in Palo Alto, Calif.

"There's more movement towards the channel and integrating with other products," he said.

Vendors point to last year's case of U.S. Rep. Mark Foley, who resigned amid allegations that he sent sexually explicit IMs to former Congressional pages, as the wake-up call that made IT officers realize the need to address instant messaging security risks.

"IT departments and counsel were saying, 'If this man worked for us instead of Congress, we'd be liable because it's on our network,'" said Don Montgomery, vice president of marketing for Akonix in San Diego.

The Federal Rules on Civil Procedure, which placed more electronic discovery regulations on businesses when they were revised last year, are also helping to spur demand, Montgomery said. And Radicati predicts that IM use by businesses will more than double between 2006 and 2008, bringing even more potential customers into the market.

Akonix sells its two instant messaging security appliances, the A6000 for large enterprises and A1000 for small and midsize businesses (SMBs), 100% through the channel. Their core features include antivirus, antispam, file attachment scanning and keyword filtering, and they also allow users to archive IMs on email archiving servers by Hewlett-Packard, EMC, IBM and other leading vendors.

Many Akonix partners combine the IM security appliances with those email archiving servers and sell complete archiving solutions, Montgomery said. VARs that are partners with Microsoft also integrate the Akonix appliances with Microsoft's ISA Server firewall and Office Live Communications Server, creating a product that addresses all business IM needs, Montgomery said.

About two-thirds of Akonix clients say their biggest instant messaging security risks are data leaks and compliance breaches; the other third seek protection against viruses, worms and other malicious attacks, Montgomery added.

Another concern is bandwidth usage, if employees are using IM file transfer, audio and video features for personal use, said Guarav Marwaha, product manager of endpoint security for Check Point Software, a Redwood City, Calif. vendor that sells mostly through the channel.

Orchestria, a New York-based vendor, sells most of its instant messaging security software directly, but some channel partners do find opportunities by customizing for specific industries and aligning the software with clients' policies, said Michael Rothschild, senior director of product strategy. The software works like spell check, Rothschild said, scanning IMs before they are sent to look for material that is inappropriate or violates policies. It can then warn the user or block the message from being sent, depending on the severity of the violation.

Most data leaks and policy breaches are not malicious, but that won't protect an organization in court.

"They don't care if it's by accident," Rothschild said. "It happened anyway."

Still, products that address instant messaging security risks aren't always an easy sell, Anderson said.

"Most organizations do recognize [the need], but it's just a matter of priority," he said. "IM security just isn't that high on the priority list for most organizations."

Marwaha agreed.

"People have been worried about instant messaging in their enterprises, but the value they put into actually controlling it varies," he said.

News about IM security breaches, as they become more common, will help spread the word

Instant messaging security resources for resellers More news and tips on IM security Instant threat from instant messaging, and what some companies are doing about it

about the need for security, Rothschild said. And showing the direct effect it can have on businesses helps, too.

Orchestria uses proof-of-concept demonstrations for its potential customers, scanning 1 million or more of their IMs and then showing executives the messages that violated policies.

"It's amazing how the color drains from people's faces as they see what's going on in their own organizations," Rothschild said.

Let us know what you think about this story; email: Colin Steele, features writer.

Tags: Selling Regulatory Compliance Services,  Technology to Support Regulatory Compliance,  Instant messaging and collaboration application security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

<< PREVIOUS | NEXT >>: Data theft creates a rich product, service market...

VIEW ALL IN THIS CATEGORY

RELATED CONTENT Selling Regulatory Compliance Services PCI compliance opportunities for security resellers Global compliance services a competitive advantage for resellers Data theft creates a rich product, service market for security VARs Identity-based security tools give customers control of users, not just ports The security consultant's role in regulatory compliance Sarbanes-Oxley: An email security selling tool Regulations, security failure costs will keep security VARs healthy through 2010 Technology to Support Regulatory Compliance PCI compliance opportunities for security resellers Global compliance services a competitive advantage for resellers Security automation helps compliance, policy enforcement IBM, Symantec join drive toward packaging compliance Data theft creates a rich product, service market for security VARs NAC's role in regulatory compliance Identity-based security tools give customers control of users, not just ports Selling unified threat management: Making the cost avoidance case Instant messaging and collaboration application security Social media security policies: Helping customers understand the threats Compliance, Web threats change email security market, opportunities Sophos integrates encryption into endpoint, email security Email security vendor Sendio unveils new partner program Netgear primes VARs for SMB email and Web security appliance sales Outlook Web Access security: Helping channel customers stay safe Channel Explained: Email security What security settings best apply to the client? Can we offer managed security services to the client for this server? Should we offer periodic security audits of the email server?

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary