Malicious attacks via instant messaging (IM) applications are up 73% so far this year, according to security and compliance vendor Akonix Systems. But other instant messaging security risks, especially the potential for data leaks and policy breaches, are even more pressing reasons businesses and organizations need to secure their IM applications, experts say.
As more businesses realize that need -- and others begin to accept IM in the workplace -- opportunities will increase for value-added resellers (VARs) to create custom solutions that
"There's more movement towards the channel and integrating with other products," he said.
Vendors point to last year's case of U.S. Rep. Mark Foley, who resigned amid allegations that he sent sexually explicit IMs to former Congressional pages, as the wake-up call that made IT officers realize the need to address instant messaging security risks.
"IT departments and counsel were saying, 'If this man worked for us instead of Congress, we'd be liable because it's on our network,'" said Don Montgomery, vice president of marketing for Akonix in San Diego.
The Federal Rules on Civil Procedure, which placed more electronic discovery regulations on businesses when they were revised last year, are also helping to spur demand, Montgomery said. And Radicati predicts that IM use by businesses will more than double between 2006 and 2008, bringing even more potential customers into the market.
Akonix sells its two instant messaging security appliances, the A6000 for large enterprises and A1000 for small and midsize businesses (SMBs), 100% through the channel. Their core features include antivirus, antispam, file attachment scanning and keyword filtering, and they also allow users to archive IMs on email archiving servers by Hewlett-Packard, EMC, IBM and other leading vendors.
Many Akonix partners combine the IM security appliances with those email archiving servers and sell complete archiving solutions, Montgomery said. VARs that are partners with Microsoft also integrate the Akonix appliances with Microsoft's ISA Server firewall and Office Live Communications Server, creating a product that addresses all business IM needs, Montgomery said.
About two-thirds of Akonix clients say their biggest instant messaging security risks are data leaks and compliance breaches; the other third seek protection against viruses, worms and other malicious attacks, Montgomery added.
Another concern is bandwidth usage, if employees are using IM file transfer, audio and video features for personal use, said Guarav Marwaha, product manager of endpoint security for Check Point Software, a Redwood City, Calif. vendor that sells mostly through the channel.
Orchestria, a New York-based vendor, sells most of its instant messaging security software directly, but some channel partners do find opportunities by customizing for specific industries and aligning the software with clients' policies, said Michael Rothschild, senior director of product strategy. The software works like spell check, Rothschild said, scanning IMs before they are sent to look for material that is inappropriate or violates policies. It can then warn the user or block the message from being sent, depending on the severity of the violation.
Most data leaks and policy breaches are not malicious, but that won't protect an organization in court.
"They don't care if it's by accident," Rothschild said. "It happened anyway."
Still, products that address instant messaging security risks aren't always an easy sell, Anderson said.
"Most organizations do recognize [the need], but it's just a matter of priority," he said. "IM security just isn't that high on the priority list for most organizations."
"People have been worried about instant messaging in their enterprises, but the value they put into actually controlling it varies," he said.
News about IM security breaches, as they become more common, will help spread the word
Orchestria uses proof-of-concept demonstrations for its potential customers, scanning 1 million or more of their IMs and then showing executives the messages that violated policies.
"It's amazing how the color drains from people's faces as they see what's going on in their own organizations," Rothschild said.
Let us know what you think about this story; email: Colin Steele, features writer.
Dig deeper on Application security and data protection