www.instantmessagingplanet.com/enterprise/article.php/1384011

Back to Article

Enterprise IM: A Mid-Year Report, Part I
By Bob Woods
July 12, 2002

The enterprise IM (EIM) market has made a number of gains since I last took a bird's-eye view of the sector last December and last March. The stadium is starting to fill with corporate gladiators, willing and able to take on each other for the prize of survival in an arena that's already becoming filled with contestants.

Okay, enough with the metaphors. But you get my drift. As the EIM market expands, more comers are going to make their marks. As with any emerging market, some will hit and others will miss. While I think the market expansion is good, I definitely don't see an explosion of dot-com proportions. This is a good thing, because the higher you go, the harder you fall.

The general tightening of venture capital will be good for EIM, too. This means only companies with solid business plans will get funded. Or better yet, the bootstrapping firms that depend solely on their own revenues will succeed because they have proven technologies that are being demanded by enterprises.

With all of that in mind, let's take a look at EIM:

The AOL Factor
I keep promising myself I won't continue to harp on AOL and its upcoming enterprise offerings. So after this mention, I'll try my best not to -- until it actually announces its intent or something really "big" comes out.

As of this writing, AOL is promising "Enterprise AIM," an AOL Instant Messenger (AIM) extension that lets enterprise users exchange encrypted instant messages with other users of Enterprise AIM. The AOL-hosted Enterprise AIM will distribute VeriSign security credentials to enterprises that want to authenticate their employees to use encrypted messaging via AIM. Enterprise AIM will provide end-to-end encryption to ensure message privacy. The actual encryption is virtually transparent to users, and the issuance of security credentials is handled by a one-click system.

Communications with non-Enterprise AIM users -- the people on the consumer end of the AIM service -- would be in unencrypted clear text. All communications currently conducted via the AIM service are "in the clear."

In late May, I had found marketing materials that promised a much more robust EIM solution -- one hosted by AOL. It would have not only have had the security aspect currently mentioned in the Enterprise AIM service, it would have included a Secure Document Delivery Service, a logging/auditing feature, and the reconciliation of AOL screen names against a corporate directory, making users easy to recognize and remember. In other words, a fully hosted EIM-quality system.

Soon after I published my findings, though, AOL deleted any mention of a fully hosted EIM service from its Web page. I can't say that AOL pulled the content as a result of my story.

Will such an offering ever come? AOL only says it will not comment on its enterprise offerings until it formally launches them, and that's expected sometime this summer. But I do hope that AOL is planning on doing the whole EIM enchilada, because it would certainly be attractive for small- to medium-sized businesses wanting a secure, hosted solution. I can't see many Fortune 500 firms wanting this kind of service, though -- their IT people generally want full control over their operations.

It would definitely be interesting to see if AOL could break its consumer chains to successfully offer such services to the enterprise market. Based on its past failures in the business market, I'm not sure the company would succeed. But it'd be fun to watch it try.

Security
Security is stepping into the limelight in both the EIM field and in IM overall. And that's exactly where the subject belongs.

Those companies using an EIM system that has a "closed door" policy of no interoperability with public IM don't have to worry about security threats. But enterprises that let their employees use the public IM nets -- or those who don't know their workers are IM'ing via AOL's AIM, ICQ, MSN or Yahoo -- are asking for a world of trouble.

Malicious hackers can use social engineering to contact a worker via IM and get him or her to click on a hyperlink in the IM window. That link could contain a virus or worm that would make its way into an enterprise network. Or it could link to a Web site designed to elicit information from the employee. In addition, the very use of the public IM client gives malicious hackers a back door directly into a network -- a door that can bypass firewalls.

Companies that have EIM systems that connect to the public IMs should contact their vendors to see if they have potential security issues.

Probably the most interesting EIM security-related announcement in the past few months came from Akonix Systems. The company's new Akonix L7 system not only protects enterprise networks from "rogue protocols" like public IM networks and peer-to-peer (P2P) networks, it can eliminate the need for a company to buy a corporate IM solution. Akonix L7 protects corporate networks by intercepting public IM and P2P at the network perimeter and controlling them based on policies that can be customized by an enterprise. Akonix L7 detects, virus-scans and blocks infected files at the network perimeter, and reduces the risk of attack by enforcing the use of up-to-date client software.

One of the more unique features of Akonix A7 is that two users inside can use any of the public IM network clients to IM each other without worrying about anyone "listening in" on the other side of the firewall. Normally, such conversations go through the public IM system "in the clear," or in clear text, outside of the firewall. With the Akonix A7 system, though, the two users are only shown as being "available" on the public IM network. The same kind of protection is afforded to remote offices or employees that are connected to the corporate network.

With this protection, combined with all of the other features of the Akonix A7 system, the company believes that enterprises do not have to use proprietary, enterprise-strength IM systems to protect them from electronic eavesdropping and rogue protocols.

Speaking of public IM, other companies were concentrating on making public IM safe -- or safer, at least -- for the enterprise:

  • Romanian software firm Softwin offers its BitDefender line of antivirus products for several IM applications. While the company's software does not encrypt conversations, it can protect PCs and enterprises from receiving files that are charged with disrupting or destroying data or networks. The company currently does not provide services for AOL's hugely popular AIM network, though.

  • New York-based IMpasse takes care of the other end of the IM problem. The company says its new platform encrypts messages sent via AOL's AIM, MSN Messenger and Yahoo Messenger. For $20 per person, IMpasse automatically encrypts and decrypts conversations using 448 bit CBC mode Blowfish encryption. It also protects file exchanges via the public IM networks with 3072 bit modulus RSA encryption. As with any encryption program, though, parties on both sides of the conversation need to use the IMpasse solution to protect the conversation.

    How important is taking every step possible in securing from public IM maladies? Just check out InstantMessagingPlanet's Security channel to see all of the recent problems related to public IM. If this doesn't convince IT pros to do something to deal with the public IM security crisis, nothing will.

    Click here for page 2 of this article.

    •   Go to page: 1  2  Next