Tuesday, June 07, 2005

Allowing your users to use IM while you protect the corporate net, Part 1


NETWORK WORLD NEWSLETTER: MICHAEL OSTERMAN ON MESSAGING
06/07/05
Today's focus: Allowing your users to use IM while you protect
the corporate net, Part 1

Dear networking.world@gmail.com,

In this issue:

* Best practices for instant messaging
* Links related to Messaging
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by CipherTrust

Federal legislation has forced businesses in every industry to
rethink how they communicate. Organizations must be more
vigilant than ever to ensure compliance with federal and state
legislations regulating the dissemination of private
information. Download CipherTrust's whitepaper to learn how an
e-mail security appliance can help your organization ensure
compliance.
http://www.fattail.com/redir/redirect.asp?CID=105697
_______________________________________________________________
WORST-CASE SCENARIO

If your company commits a serious HIPAA or Sarbanes-Oxley
violation, who takes the fall? Could it be you? You've probably
heard loose talk about this risk at industry conferences and in
the press. But can an IT exec actually end up doing hard time?
See what experts predict:
http://www.fattail.com/redir/redirect.asp?CID=106057
_______________________________________________________________

Today's focus: Allowing your users to use IM while you protect
the corporate net, Part 1

By Michael Osterman

Chances are very good that if you operate a corporate network of
any size you will have a fair number of users who are running
consumer instant messaging products on your network, as well.
Our research shows that about 90% of organizations have some
consumer IM operating in their networks, and that one in four
e-mail users is also an IM user.

Although enterprise-grade IM is becoming much more common and
many organizations are deploying these systems, the consumer
space's 'Big Three' - AOL Instant Messenger, MSN Messenger and
Yahoo Messenger - are also the Big Three in the workplace.

While consumer IM systems are extremely useful tools, they carry
with them the potential for creating havoc in a corporate
environment. For example, a file downloaded through IM typically
bypasses all of the anti-virus and other defenses set up to
protect against threats that might enter the corporate network.
Users can send confidential or other sensitive information out
through consumer IM systems, bypassing policy enforcement
systems that might be in place. In short, consumer IM allows all
sorts of bad stuff to bypass corporate defenses.

In terms of best practices for defending against these types of
threats, there are a number of things that IT management should
do.

First, discover how much consumer IM traffic is really traveling
across your network. While there are fewer surprised senior
managers today than there were a year ago when confronted with
the sometime dramatic levels of IM traffic, many are still
unaware of how much consumer IM is really used in their
organizations. There are a number of very good tools available
- some free, some at very low cost - that will allow an
organization to 'sniff' the network for IM traffic, quantify it
by screen name, and so forth. Once an organization has a handle
on how much IM traffic is moving around and who are the biggest
users, it can take the next step and decide what to do about it.

What to do about consumer IM use varies widely by organization,
but it's typically best to not simply block all traffic in
response to the potential for threats entering the network. Our
research has found that more than one-half of organizations use
IM for actual business purposes - cutting off users' access to a
tool that many of them are using to do real work can have
significant ramifications, few of them good. Instead, a wiser
course of action is to evaluate how IM is being used in an
organization, why it's being used and what can be done to allow
continued use while at the same time protect the network.

We'll continue this discussion in the next article.

RELATED EDITORIAL LINKS

Companies rush to plug 'data leaks'
Network World, 06/06/05
http://www.networkworld.com/news/2005/060605-data-leaks.html?rl
_______________________________________________________________
To contact: Michael Osterman

Michael D. Osterman is the principal of Osterman Research
<http://www.ostermanresearch.com/>, a market research firm that
helps organizations understand the markets for messaging,
directory and related products and services. He can be reached
by clicking here <mailto:michael@ostermanresearch.com>
_______________________________________________________________
This newsletter is sponsored by CipherTrust

Federal legislation has forced businesses in every industry to
rethink how they communicate. Organizations must be more
vigilant than ever to ensure compliance with federal and state
legislations regulating the dissemination of private
information. Download CipherTrust's whitepaper to learn how an
e-mail security appliance can help your organization ensure
compliance.
http://www.fattail.com/redir/redirect.asp?CID=105696
_______________________________________________________________
ARCHIVE LINKS

Archive of the Messaging newsletter:
http://www.networkworld.com/newsletters/gwm/index.html
_______________________________________________________________
FEATURED READER RESOURCE
CALL FOR ENTRIES: 2005 ENTERPRISE ALL-STAR AWARDS

Network World is looking for entries for its inaugural
Enterprise All-Star Awards program. The Enterprise All-Star
Awards will honor user organizations that demonstrate
exceptional use of network technology to further business
objectives. Network World will honor dozens of user
organizations from a wide variety of industries, based on a
technology category. Deadline: July 8. Enter today:
<http://www.networkworld.com/survey/easform.html?net>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To unsubscribe from promotional e-mail go to:
<http://www.nwwsubscribe.com/Preferences.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: networking.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments: