Developer encrypts corporate IM

Instant messaging to become secure for business use due to an encryption program developed in Australia
Written by Rachel Lebihan, Contributor

A small Australian security software developer has found itself a niche in the instant messaging market dominated by big guns Yahoo!, MSN and AOL, encrypting a product for corporate use.

In development since the beginning of the year, CIPHERim is in Beta 1 at the moment -- with some government operations testing the product -- and a large Australian IT consulting organisation is looking to take it up as a product solution for its customer, according to David Banes, one of the directors of product developer Cleartext.

With people still arguing about which instant messaging hotshot will rule the day out of Yahoo!, MSN and America Online, "the market was open for niche players to get out there and make some money," Banes told ZDNet Australia.

With current instant messaging, "people are downloading it as a freebie and using it to chat instead of the phone...but it's an insecure communications system," Banes said.

"We wanted to apply a manageable, secure solution to current messaging and give a corporate alternative to public instant messaging systems," he added.

According to Banes, there are two key differenciators in CIPHERim's security compared to other instant messaging clients on the market.

Firstly it's been designed "from the ground up" to be secure, he said. It offers data encryption from chat window to chat window and deploys use of digital signatures. Where file transfers are concerned, CIPHERim utilises a layer between the chat client and file server, a kind of database that stores messages so infected files don't end up on the end user's PC, according to Banes. It even gives feedback on the strength of user passwords.

Furthermore, CIPHERim is a 1.5-megabyte application running as a single contained executable on each workstation, deploying distributed architecture. This will save users from suffering outages such as that which impacted MSN Messenger for over a week just a few months ago. MSN had to restore and reboot all over its Messenger servers as part of its efforts to restore servers to clients who were affected across the globe.

"Instead of everyone in company sporadically using three different systems the company can set up a [CIPHERim] chat server and connect clients to it," Banes said.

With the inherent slowness of encryption, a careful choice of algorithms and key sizes has ensured CIPHERim is not plagued by delays, Banes said. "With the first message you might wait 10 seconds while the key is swapped but after that like using an unencrypted client."

Yahoo! was the only organisation that got back to ZDNet Australia by press time to discuss the encryption of IM products. Yahoo! Australia & NZ's free Messenger service is not encrypted, a company spokesperson told ZDNet.

"As a leader in this space though, we're constantly evaluating new features and innovations that will offer even more value to our user's instant messaging experience. Although our current Yahoo! Messenger is an essential service to many people's lives with its current feature set, we have a keen eye on various instant messaging options and will continue to introduce future innovations," she said.

See ZDNet UK's Enterprise Channel for full coverage.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet news forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards