“The majority of our customers are really
concerned about IM compliance issues,”
says Lev. “They want to be able to capture
all their IM messages, log them, and easily
search an archive database when they get an
e-discovery request. They also need to ensure
that their IM communications comply with a
host of federal and state regulations concerning
email usage, including Sarbanes-Oxley
and HIPAA.” Symantec sells an Information
Foundation Bundle that offers the ability to
archive IM traffic through Symantec Enterprise
Vault, the company’s email-archiving
and -retention tool.
A host of rules and regulations govern
electronic communications. IT managers
and CIOs—especially at large enterprises—
would be well advised to be on a first-name basis with corporate counsel and their
finance executives. “All these regulations can
require a lot of different things, including
retaining the content of those messages. IM
is an electronics communication medium,
and the company that provides that service
to its employees bears the liability,” says
Montgomery. That liability can even extend
to personal IM accounts that employees use
at work. “The [IM provider] isn’t relevant, but
the role of the person and the nature of the
communication is.”
Montgomery points to a number of
regulatory bodies—ranging from financial
services (Financial Industry Regulatory
Authority—FINRA), the energy industry
(Federal Energy Regulatory Commission—
FERC, North American Electric Reliability
Corporation—NERC), and general oversight
by the Securities and Exchange Commission
(SEC) for large companies—that can affect
the way you manage and archive instant
messages. The moral of the story is clear: IM
is a vital part of a communications infrastructure,
and you must operate it in compliance
with the same rules and regulations that govern
other digital communications methods.
Vendors that can help you ensure that
your IM channel complies with required regulations
include Akonix (L7 Enterprise Suite), FaceTime Communications (IM
Auditor), and Symantec (Symantec
Mail Security, Information
Foundation Bundle/Enterprise
Vault, and Vontu Data Loss
Prevention).
Confidential-data loss. What about
securing IM from inadvertent data loss by
careless employees? IM was primarily driven
into the workplace by employees using their
personal IM accounts, which often weren’t
managed or secured by corporate IT departments.
That situation has changed over the
past few years, but ensuring that employees
follow company guidelines can still be a
significant challenge. “With IM, businesses
have created another means for employees
to communicate outside the company,
which means you have another way to lose
confidential information,” says Montgomery.
“Many companies in technology industries
compete in their respective markets on the
strength of their patents and intellectual properties,
so keeping that information secure is
vitally important. It’s easy to send a video clip
or detailed drawing of a new product via IM.”
Symantec makes several products
that help keep tabs on vital company
information, including Vontu Data Loss
Prevention. It includes two modules: Network
Monitor, which can track information
within your organization, as well as
who it’s sent to, and Vontu Network Prevent,
a product that can prevent sensitive
information from leaving an organization.
Akonix provides its L7 Enterprise Suite,
and FaceTime’s IM Auditor can help keep
tabs on IM traffic.
Inappropriate usage. A final, often
overlooked potential IM pain point for
IT pros is employees’ inappropriate IM
usage. Because some users believe IM
traffic isn’t tracked or monitored as closely
as email messages are, they often use
IM for inappropriate purposes. “A recent
study revealed that 31 percent of employees are harassed by other
employees at work over IM,”
says Montgomery. “When
you consider that some IT
researchers believe that some
50 million workplaces use IM,
that translates into some 15
million lawsuits just waiting
to happen. Again, the company
provides the IM communication,
so the company
bears liability for the content
of that IM communication.”
Content that should raise
red flags includes hostile,
offensive, and harassing content
and the “seven words you can’t
say on TV” (popularized by
the late George Carlin),
as well as other
inappropriate material.
Products that
can help you screen
your IM traffic for
inappropriate usage
include Akonix’
L7 Enterprise Suite
and FaceTime Communications’
IM
Auditor.
No More
Headaches?
As IM becomes a
more integral part of
the enterprise communications
infrastructure, some of these IM
pain points will be alleviated. That said, new
communications technologies will undoubtedly
emerge, and the stalwart IT pro will be
called upon to deploy, manage, and secure
any new communications channel. But as this
discussion has revealed, an IT pro armed with
the right planning, a toolbox of good products,
and a willingness to embrace change will be
well positioned to face the challenge.