News Stay informed about the latest enterprise technology news and product updates.

IM too critical a business app to ban

Despite reported security risks, CIOs shouldn't ban employees from using instant messaging (even if they could).

At 5W Public Relations LLC, instant messaging (IM) became such a distraction that it was banned during office hours.

The fast-growing New York public relations firm found that miscommunications were practically a given through IM, as employees carried on multiple conversations at the same time. Not a good thing for a public relations firm where the message is the message. Then there was 5W's company directive that all the members of an account team be copied on every correspondence -- not possible when using IM, which frustrated account managers.

But the IM experience is much different at IntelliCare Inc., a medical services company that considers instant messaging mission-critical. The Portland, Maine-based company's staff of nurses field medical questions and monitor patients through a nationwide network of call centers.

If a nurse is monitoring weight for a patient with congestive heart failure through a scale hooked up to the telephone and has a nagging question, she can IM an expert colleague and get advice. If she is fielding a call from an anxious parent about a child's illness, she can bring a pediatric specialist in on the conversation in real time.

Good to know

Advice from Gartner Inc.'s Tom Eid:

Look to IM as an important component of the overall communications and collaboration infrastructure. Evaluate the deployment options and determine which vendor to standardize on, based on the best alignment to other business applications and functions. In some cases, that might be through telecommunications, and in others, through desktop or enterprise-class applications.

If you are an IT manager or provide IT services within your organization:

  • Develop a clear assessment of actual business uses of IM and align the right type of IM offering to the use-case scenario.
  • Determine the IM tools that are already being used in-house, free and licensed.
  • Survey current users regarding frequency and type of use and key features.
  • Manage IM services the way that you would manage other applications -- IM technologies are not "toys."
  • If you plan to purchase an enterprise-focused IM product, perform a rigorous vendor evaluation in advance.
  • In the vendor evaluation, include IM vendors that provide IM hygiene and proxy servers for IM security.

 "The big thing we're focused on is service," IntelliCare CIO Jeff Forbes said. "We never want to put anybody on hold."

IM is, in fact, the tool of choice for IntelliCare's 250 nurses, 97% of whom work remotely.

IntelliCare, with 350 employees and about $20 million in revenue, implemented IBM's Lotus Sametime instant messaging platform two years ago to keep everybody on the same page. "It went through the organization like wildfire. Nurses will use things that are useful, and they will scream bloody murder if they're not," Forbes said.

Like it or not, experts say, you're smarter to embrace IM than restrict it. Despite the reported security risks, for many companies the benefits will outweigh the drawbacks of using the messaging tool.

And it's not like you can really stop it anyway.

Overhyped security threat?

Clearly, the dangers can't be overlooked, says Gartner Inc. analyst Tom Eid. But the more fundamental issue for CIOs is that IM can't be overlooked. Consumer driven at first, the convenient real-time communications system is becoming a staple at businesses, and the research suggests it's here to stay.

Indeed, IM may get a bad rap when it comes to security. Threats abound, that's for sure. To hear it from the security vendors, instant messaging is the Trojan horse, the worm and the biggest worry of corporate communications. A recent report from IM enterprise software provider IMlogic Inc. in Waltham, Mass., says 2006 is shaping up to be a record year for IM attacks. Data collated from partnerships with Internet security companies including Symantec Corp., Sybari Software Inc. and McAfee Inc., and IM leaders like America Online and Yahoo Inc., shows that IM threats were up more than 200% in January compared with the year before. Worms accounted for most of the attacks.

"IM isn't really so much of a worm/virus/security risk as is e-mail," argued Jonathan Eunice, an analyst at Nashua, N.H.-based Illuminata Inc. "There are some 'send a file' mechanisms in IM, but they are not the first line of attack, especially given how successful webpage and e-mail attacks have been."

IM is the most widely distributed and frequently used IP-based, real-time collaboration technology after the telephone, according to Gartner. The Stamford, Conn.-based research firm is predicting that the enterprise IM market will have a compound annual growth rate of 20% for the next three years, and CIOs will most definitely be on the hook as IM use makes its inexorable march from free services to IM services sanctioned by the company.

"There's no question that, over time, instant messaging will merge with enterprise e-mail services. We're seeing it already with the smaller vendors, such as a small [software messaging] company in the UK called Gordano," Eid said.

Microsoft and IBM currently have more than 90% of the worldwide revenue for enterprise e-mail and 86% of the user base. Eid said once the two companies take IM on, the tool's place in the IT enterprise infrastructure will be official. By 2010, 90% of users with business e-mail accounts will have IT-controlled IM accounts.

IM use within a business context will continue to grow because it provides business value, Eid said, including faster communication, direct contact, improved collaboration and costs savings.

The bigger risks with IM have to do with privacy, experts say. Information can easily be intercepted because it's not encrypted -- a very clear exposure risk.

It is possible to encrypt IM, such as you might find at large conferences or Wi-Fi hot spots, "but it takes special care to accomplish," Eunice said.

Eid said the first thing CIOs need to do is take stock. "You have to do the assessment to determine how much IM is really occurring and then does it make sense to make it an enterprise-level application," he said.

In an ideal world, a governance body composed of senior-level business and IT-level people would be making that decision, but often it simply falls on the shoulders of IT to make the call, he said, adding, "it then falls to the actions of the end users to work around IT."

I defended against the critics, and they shut up now.
Jeff Forbes
CIOIntelliCare Inc.

 At IntelliCare, IM is used not only for medical matters but also for meetings, quick roll calls, in-depth training and -- yes -- chatting, says CIO Forbes.

"The one thing I kept hearing over and over again from corporate employees was, 'Oh the nurses are going to be talking with each other all the time. I pushed right back," he said, first pointing out that building community is essential for a remote workforce and, second, reminding corporate colleagues that their days allowed plenty of room for casual conversations. These interactions helped them be more effective with their co-workers. Why not for remote employees?

"People talk and they get back to business. And we have all kinds of ways to measure that. I defended against the critics, and they shut up now," Forbes said.

Let us know what you think about the story; e-mail: Linda Tucci, Senior News Writer

Dig Deeper on Enterprise mobile app strategy

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

This reminds me of the team I worked with awhile back where the internet was 'banned.' The programmers were also 'banned' from having write permissions to the test servers - they were supposed to file a ticket to push to test.

If you looked hard enough you could even find someone that obeyed the rule.

IM is just too valuable. Ban it and people will use skype on the their cell phones, totally outside of your records and less secure than anything IT would do ...