Unified communications won't displace insecure IM

When software localisation vendor Lionbridge Technologies started rolling out Microsoft's unified communications software in 2006, it let its 4300 employees keep on using public instant messaging services such as AIM or Yahoo Messenger. 

Today, its Office Communications Server software handles a million IM conversations per month. That has lessened employees' use of outside IM services but hardly eliminated it, according to IT director Oyvind Kaldestad. 

"We are encouraging people to use Office Communicator for all internal IMing," he said. "But we are a client-driven company and some of our customers like to use Skype or GoogleTalk. So we don't lock down our employees' computers." 

Unified communications (UC) software such as IBM's SameTime, Cisco's Unified Personal Communicator and Microsoft's Office Communicator may offer instant messaging along with powerful related features, such as the ability to detect the "presence" - or availability - of co-workers, and instantly call or videoconference with them via your PC if they are available. And they may also be more secure than public IM systems. 

But most companies are unlikely to clamp down on public IM and similar services as they roll out UC software, choosing instead to try to steer employees to approved, safer communication channels while monitoring and managing the insecure ones. 

Take Avanade, the Seattle-based corporate systems integrator that is a joint venture of Accenture and Microsoft. 

Avanade's own internal approach was to allow use of public IM software but to try to weave Office Communicator in so tightly with its employees' software that they would, for convenience's sake, voluntarily choose to use Office Communicator over public IM for most workday communication. 

<strong>No company is an island </strong>

Public IM services are notoriously good at hopping around to seek open network ports, according to Larry LeSueur, vice president of technology infrastructure solutions at Avanade. And preventing employees from installing IM software on their PCs seemed too harsh. 

"You'll restrict employee productivity and start turning your company into an island," he said. 

Projections from The Radicati Group appear to agree. The research group expects the number of public IM messages this year to dwarf enterprise IM by a factor of eight to one. That ratio will hold in 2011, when 82 billion public IM messages are expected to be sent. 

Radicati does see the number of enterprise IM users world-wide doubling to 127 million in 2011 from 67 million this year. 

But it also sees the installed base of IM seats managed by third-party tools growing more than six times, from 15 million this year to 97 million projected in 2011. 

Such software helps ameliorate risks from use of public IM and similar software. According to a survey commissioned and released this week by one such vendor, FaceTime Communications, nine out of 10 IT managers experienced a security problem related to public IM, Web conferencing or voice-over-IP services such as Skype in the past six months.

Such management software is less necessary with UC software, which is run on a server controlled by the company. IMs mostly flow between authenticated users within a corporate network. Most can be set to encrypt all IM traffic, too. 

That makes it hard for a hacker to impersonate an IM user or for malware to be sent via IM to a user - or, if the proper rules or monitoring tools are set, for employees to send out private company data. 

"They are, a priori, more secure and trustworthy than public IM, without a doubt," LeSueur said.