IM creates 'rampant security risk'

Some IT managers are concerned that IM can send files that are not virus-checked past corporate firewalls , creating a threat to network security

Instant messaging (IM) is taking off in companies but self-installed consumer versions of software that allows this type of communication are posing a "rampant security risk" on networks.

Already some companies see IM as a time-wasting technology -- as was the case when email, Web access and even the telephone were first put on workers' desks -- but the latest warning, levelled by Blue Coat Systems, is based on three key factors.

The security appliance vendor highlights that IM is used to send files which firewalls don't pick up because they do not pass through corporate email systems; they are not checked for viruses; and they are not logged.

Nigel Hawthorn, Blue Coat's European marketing director, told "We're not against IM but companies must either stop end users installing IM software or, without such a policy, use tools to monitor its use. Both options come down to control."

Gartner analysts have declared 2003 the year when IM will take off and have warned IT managers that if they don't embrace the technology, their staff will do so often outside of the IT department's reach.

IDC has forecast there will be 255m worldwide IM users in the workplace by the end of 2006. However, according to a Blue Coat poll conducted outside train stations in the UK, around 88 percent of corporate IM users now only use the technology to communicate with friends and family.

Flagship providers of IM including AOL, Microsoft and Yahoo! are now gearing up for pushing corporate versions of their software, which pay more attention to recording communications and security.

Steve Boom, senior vice president, Yahoo! Enterprise Solutions, said: "There is no rampant security risk. Users know messages aren't encrypted, for example, and the way forward isn't to control consumer IM but look at integrating it with [a company's] IT."

He said IM can in some cases be at least as secure as email, with systems based on directories, such as those provided by Microsoft or Novell, for authentication purposes.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

For all job and work-related news, or to search for a job and get information on training, go to ZDNet Jobs.

Let the editors know what you think in the Mailroom.