Commentary: Free IM not to be trusted

Businesses that use instant messaging are introducing serious risks not yet widely recognized or properly addressed.

2 min read
By Robert Batchelder and Maurene Caplan Grey, Gartner Analysts

Businesses that use instant messaging are introducing serious risks not yet widely recognized or properly addressed.

For most companies, IM started as a casual tool for sending quick greetings between colleagues and friends. Available as a free service from America Online, Microsoft, Yahoo and others, IM is rapidly becoming an essential business communication tool--so much so that workers with IM accounts are routinely creating parallel, unmanaged communication universes to facilitate important business processes.

For example, many workgroup members use IM for real-time collaboration on time-sensitive projects, such as delivering a product or service to clients. Customer support staffs use IM to obtain information from management while talking to a customer on the phone.

With companies finding more ways to exploit the business value of IM, and business users signing up for free IM services at an alarming rate, it is essential to recognize these attributes of IM systems:

 They are based on nonstandard, proprietary architectures designed by their providers--and thus may not be interoperable.

 They employ low-level Internet protocols, which offer very little security, error checking and retransmission capabilities.

 They have infrastructures that are difficult to operate on a global scale and include minimal failover and redundancy.

 They are largely transparent to, and unmanageable by, internal IT support organizations.

See news story:
MSN woes open door for IM rivals
To mitigate those risks, companies should do the following:

 Determine the degree of free IM use within the organization and the business purposes for which it is used.

 Establish policies stating what uses of IM are appropriate within certain business transactions--and with whom IM sessions can be conducted.

 Evaluate and, as required, install commercial (behind the firewall) IM applications.

 Configure the firewall to deny access to unsupported or unauthorized free IM services. Before doing so, however, ensure that an alternative, corporate-supported IM service is in place, IM-enabled applications are moved to the new platform, and users are properly trained.

 Consider using an application service provider for corporate IM services, particularly where users have IM exchanges with customers, vendors and other external users.

(For related commentary on instant messaging, see TechRepublic.com--free registration required.)

Entire contents, Copyright ? 2001 Gartner, Inc. All rights reserved. The information contained herein represents Gartner's initial commentary and analysis and has been obtained from sources believed to be reliable. Positions taken are subject to change as more information becomes available and further analysis is undertaken. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of the information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof.