Symantec calls for more IM archiving

Too few businesses are archiving instant messaging and Internet telephony conversations conducted over their networks, Symantec has claimed.

Too few businesses are archiving instant messaging and Internet telephony conversations conducted over their networks, Symantec has claimed.

The security software company released a YouGov-conducted survey on Thursday, suggesting that 39 percent of businesses do not back up and retain such communications and only 14 percent back up instant messaging (IM) conversations "that they deem important to the business".

Symantec itself sells products under the Enterprise Messaging Management banner to do exactly that, notably its IM Manager and Enterprise Vault software.

"New forms of collaborative messaging such as IM are being used on top of e-mail," explained Symantec's head of sales development for EMEA, Sean Doherty, on Thursday. He claimed that many organizations have told Symantec they do without their ERP (enterprise resource planning) or CRM (customer relationship management) system for days on end, but messaging has become "mission critical by default".

"Especially among younger employees, they are not used to an e-mail culture--many will treat e-mail as something very foreign," Doherty suggested, adding that they turn to instant messaging for business conversations where older employees might use e-mail, which is more widely archived.

Doherty said the survey showed organizations were largely aware of IM but in many cases it was "not part of the officially sanctioned corporately provisioned infrastructure". He also suggested that 85 percent of enterprises felt an increased need to archive messages because of the "change in the legal climate", pointing to the Sarbanes-Oxley Act in the United States, a federal law--resulting from high-profile corporate scandals such as Enron--that requires messaging in corporations to be archived, and which affects U.S.-based multinationals.

"We are becoming generally a more litigious society," Doherty added.

The survey also shows that 48 percent of IT directors feel the issue falls under their responsibility, but "if we have so few of them actually doing it, perhaps people aren't really aware that the technologies exist and are easy to deploy", said Doherty.

End users may also want to record and index their voice over Internet Protocol (VoIP) conversations, said Doherty, who nonetheless maintained it was important to "have a balance between what is required from a legislative point of view and what works for the end user".

Doherty also claimed that IM-borne malware was the "fastest growing vector" for phishing, worms and suspect file transfers, partly due to users cutting and pasting pieces of sensitive documents into IM conversations. The solution, he suggested, was something "such as [Symantec] IM Manager", which provides "real-time threat protection, antivirus for file transfers, content filtering and HR lists to cut down on the use of profanities".