Start-ups strive to lock down IM at work
It's one of the dirty little secrets of corporate communications: Executives and other employees routinely chat via notoriously insecure instant messages.
America Online, Yahoo and the other providers of popular IM applications maintain that their software is focused on the consumer market. That has opened a niche to a crop of start-ups that are beginning to address IM's rapidly growing corporate audience, adding security features and other improvements to make instant messaging more palatable to executives and information systems managers.
Competition is already fierce for the nascent corporate IM market, which analysts expect to explode in the next three years. Corporate IM users are expected to rocket to 181 million in 2004 from a meager 6 million last year, according to an August 2000 report by IDC.
IM companies targeting the enterprise include Jabber, Mercury Prime, QuickSilver, 2Way, Ikimbo, Ezenia, NetLert, ACD Systems and Bantu.
Lotus Development, a unit of IBM, was early to the enterprise IM game with its introduction of the Sametime application in December 1998. Novell markets a corporate IM application based on AOL Instant Messenger called InstantMe. Ericsson, in conjunction with Oz, markets a secure wireless IM product called iPulse.
This proliferation of secure products comes just as corporate IM users are taking a second look at the wisdom of exchanging sensitive information via instant message, the hazards of which were brought into high relief after the purloined ICQ logs of eFront CEO Sam Jain were posted to the Web, causing the company serious difficulties.
"Security has become the sine qua non for success in business messaging," said IDC analyst Robert Mahowald. "When you hear about something like what happened to eFront, it makes a very compelling case on why a business should be spending money on something they could get for free. You're getting a lot more when you're paying for it, from security guarantees to interoperability with other applications, technical support and increased functionality."
The use of IM applications appears to be creeping up on companies as workers download free consumer-oriented software for an unclear blend of personal and business use.
"Within businesses, a lot of people are using the free IM services," said James Kobielus, an analyst with The Burton Group. "It's a grassroots phenomenon. They're using it to communicate externally with business associates or fellow employees on the road or family and friends. People everywhere are trying these services, then demanding that companies implement instant messaging internally."
New game, same challenges
Instant messages introduce many of the same problems that e-mail does. Not only can instant messages harbor viruses, but they are efficient conduits of information that can cause legal headaches for a corporation, including the divulgence of trade secrets or the exchange of libelous or harassing statements.
But the nonstandard nature of IM technology means it's difficult for IS managers to account for it.
"It's essentially mail content that needs to be filtered subject to a company's policies," Kobielus said. "But to the extent that each instant message vendor has its own message format--that makes it difficult to filter."
Jabber, a commercial product based on open-source development organization Jabber.org, recently released Jabber 1.7 for the Windows operating system, which lets its users encrypt messages both when they're in transit and when they're logged on to the sender's or recipient's computer. The updated version also adds directory searching, a new interface, conferences, and support for file transfers via server and peer-to-peer.
Although many start-ups are focusing on IM security, the largest providers of instant messengers convey an "at your own risk" attitude.
America Online's ICQ repeatedly warns members against using the application for sensitive communications.
"Do not use ICQ for Mission Critical applications, Content Sensitive material, if the risk of exposure to objectionable material is unacceptable to you," reads the ICQ security page. Elsewhere, ICQ reiterates its warning more bluntly: "NEVER send any content-sensitive material on ICQ."
AOL Instant Messenger (AIM) does not explicitly warn people against sending sensitive material. But America Online points out that with the exception of its version for the Macintosh, AIM is not capable of saving copies of the messages to a member's computer--as ICQ does--and that it does not store copies of the messages on its own servers. The AOL Time Warner division only keeps logs noting when an individual signed on or off the service, and those are erased after 10 days.
Still, unencrypted instant messages can be intercepted and read en route to their destinations, a point the major providers concede but downplay as a matter best left to individuals' discretion.
"We always recommend that users express their best judgment when communicating sensitive information, whether through e-mail, messenger or via phone," said a Yahoo representative.
Chatting with AIM
AOL declined to say whether it is considering putting out a
corporate-grade version of its instant messenger and said it doesn't know
how many people are using the application at work. But along with Novell's
InstantMe, Lotus and iPlanet--the enterprise software alliance between Sun
Microsystems and AOL unit Netscape Communications--do have products or
product plans that involve AIM.
For Lotus, the deal with AOL lets its Sametime IM application access AOL buddy lists so its members communicate with people on the AIM network. That's something Microsoft and other consumer IM application providers tried to do without consulting AOL, resulting in a high-stakes dogfight over creating an open standard such as the one that lets e-mail traverse any number of competing applications.
Lotus, early if not first to the corporate IM market, says it has seen a sharp uptick in demand for its application.
"Over the last year, it's been remarkable," said Jeremy Dies, brand manager for Lotus Sametime. "Not just with adoption rates, but with the sophistication of the users as well. We've seen a change from people asking, 'Why would I pay for something I could just get for free?' to strategic questions like, 'How I can use this as a business tool to create community among suppliers or possibly to add a real-time component to improve customer service?'"
iPlanet declined to comment directly on its plans to implement AIM in its corporate communications products but suggested that it would release an AIM-based product in the near future.
"We have made no public announcements on IM products," said John Fanelli, director of product marketing for iPlanet's portal and communications products. "However, that said, we've spent a lot of time with our enterprise customers in understanding their needs. Our current line includes calendar and e-mail, and IM would seem an appropriate addition to those tools. I would expect to see an announcement in the near term and would expect that announcement to include some reference to AIM."
Despite reports from Lotus and some others of burgeoning demand, some analysts say AOL, Microsoft and other heavyweights are likely to sit out any corporate IM craze for the simple reason that most business users are still driving demand for the consumer-grade products.
"Business users definitely are demanding these services, but for the most part they haven't demanded strong security," Kobielus said. "That's the grassroots users. The firewall administrators and IT professionals? That's another story. But for now, AOL is content to continue addressing the core consumer market with core IM capability. And people seem to be content with that."