Enterprise Grade Instant Messaging
Instant Messaging (IM) is one of the "killer apps" in the consumer
market. Slowly but surely IM gains popularity and it might one day challenge
e-mail as the most important Internet consumer application.
Picking up habits from their home computers, Internet users started a
trend of moving IM from their home machines to corporate desktops. During
last year corporate use of Instant Messaging became a significant factor.
Interestingly, this trend did not start in corporate IT departments. Rather,
IT professionals have been largely caught off-guard. Instead of planning
IM infrastructure they have found themselves trying to regulate user access
to outside IM services. The natural reaction, especially after September
11, was, in many cases, to disable access to public consumer-grade IM
services from corporate desktops.
Is this decision a correct one?
The answer is: yes, it is. Consumer grade instant messaging has no business
on corporate desktops. This white paper explains why by examining various
negative aspects of consumer grade IM and defining features of Enterprise-grade
IM systems.
External service vs. in-house installation
All popular IM systems run on top of infrastructure provided by large
providers. AOL, Yahoo, and MSN dominate the market. This brings us to
the 1st critical question: are corporations to outsource IM services to
these providers? It is interesting to compare IM with e-mail. How many
large corporations outsource their e-mail services to providers that also
handle public, insecure mail systems? We all know the answer - they don't!.
Why should IM infrastructure be different?
At this time, lack of a proven, secure IM infrastructure software makes
corporations scramble for solutions and consider outside service as an
alternative. We believe that this is a short-term trend only. All corporate
IM infrastructure created in next few years will be installed in-house,
as e-mail infrastructure is today. IM will become as business critical
as e-mail is today, and IM infrastructure will be handled accordingly.
Hence, if you are looking today for a corporate IM solution, you should
look for a IM infrastructure software vendor, not for a public service
provider rooted in consumer service culture.
Global vs. corporation-wide reach
Consumer grade IM systems have a global reach - in their separate domains.
Major IM systems don't interoperate. Is this a concern for corporate users?
Shall corporations wait with deployment of IM infrastructure until one
dominant vendor or service provider emerges?
It seems that the answer is clearly "No". IM wars are not like
browser wars - there will be no one winner. A browser solution, operating
in a strictly standard environment, could have been hijacked. IM client
software is a small part of a much larger infrastructure, which is proprietary.
These infrastructures are not going to disappear or be conquered any time
soon. The most likely course of action is that the IETF
standard for instant messaging currently under development will provide
interoperability between different systems. One day we will have a global
IM infrastructure, and all viable IM systems will be able to participate.
In short term, corporations should look for a solution that offers a set
of features best suited to their needs.
Dangers of using consumer-grade IMs in business
Business tool or a fringe benefit?
IM is being introduced in corporate world to improve bottom line by
increasing efficiency. Efficiency is not increased if employees can
receive at any time messages from their friends and engage in private
conversations. Interoperability with consumer grade IMs may actually
be detrimental.
What is all this stuff in my IM? Consumer-grade
IMs are designed according to "kitchen sink" principles: the
more features designers can pack in, the better. IMs try be be a universal
communication application: multiple chat windows clutter the desktop,
audio is being added in rather haphazard fashion, file transfer became
a standard feature, unmanaged "buddy lists" allow communication
with arbitrary groups of users. Letting such service operate in corporate
environment is equivalent to disabling corporate firewall and relinquishing
control over information transfer in and out of corporation.
Built to leak: Corporations are,
and should be, very particular about what information leaves corporate
networks. File transfer functionality does not make any sense
as a part of Instant Messaging. It does not provide any conceivable
advantage over e-mail attachments, and e-mail systems are already well
equipped to provide audit and filtering functions for such content.
Also, large files have no business being transferred using the IM infrastructure
consisting of messaging servers tuned for short messages. Introducing
this type of traffic makes it much more difficult to provision networks
supporting IM. We hence suggest that file transfer should be banned
from IM functionality unless it is handled by automated hand-off to
corporate e-mail system.
Anybody eavesdropping? Unencrypted data and
no support for audit are another detrimental factor. Some of the vendors
move IM traffic to VPNs. This is entirely incorrect solutions. VPNs
are not designed to support random connectivity. Data security in instant
messengers should assume insecure network and be handled on application
level, with embedded, maintenence-free PKI provided within IM infrastructure.
Message logging should be supported to enable audit.
"We encrypt messages hence we are secure"
- this is what AOL and Yahoo wants you to believe. What good is message
encryption if you don't really know with whom you are exchanging messages?
To be secure, a product MUST support AT LEAST user authentication, user
authorization, and data integrity. Any of these elements is missing,
and the product does not qualify as secure. Encryption alone does not
solve anything. You may want to consider the fact that of all the security
breaches we have seen since Internet went commercial not even one involved
actually breaking data encryption!
Am I your buddy, Susan? "Buddy lists"
seem to be a prevalent mechanism used to manage user groups. While working
fine for private use, buddy list is a useless concept in corporations.
Doing business is not about "buddies" - dynamic group structure
is driven by tasks, projects, and relationships that must be centrally
managed. Failing to do so results in broken communicating patterns -
"You are on my buddy list but I'm not on yours - don't you like
me?" With no concept of centrally managed communities, consumer
grade IMs don't have tools to build and support workgroups.
Don't talk to me, boss! Since consumer-grade
IMs are already being attacked by spammers and/or by viruses (courtesy
integrated file transfer),
designers were quick to provide filtering capability. In corporate setting,
filtering should only be accessible for IT personnel. After all, users
want to be certain that their messages are received!
Can I manage my users, please? Having
no way to build communities, consumer grade IMs of course lack tools
for user authentication, authorization, and for setting access rights
to workgroups. Implementation of secure group-wide communication is
very problematic in such situation.
Instant messaging vs. collaboration Kitchen-sink
design of consumer grade IMs demonstrates ignorance of the consumer-grade
IM designers in the matter of structured communication and collaboration
process. By packing "collaboration" features such as audio,
chat, and whiteboards, IM vendors try to get into collaboration tools
market. Yet, these ad-hoc solutions are inferior and, frankly, quite
naive. IMs cannot and should not replace high-quality enterprise
collaboration tools.
An IM client should provide three basic functionalities: community
access, short messages support and presence manager. These features
are all necessary but also sufficient to provide users with the awareness
and feel of connectivity. Once these are established, the IM should
be able to jump-start collaborative sessions using arbitrary collaboration
software by providing a "gateway menu". This gives
IT managers freedom to pick up best IM and, independently, best collaboration
software. IM should support a "single sign-on" capability,
i.e., if a user has already identified him/herself to instant messenger,
her/his credentials should be securely transferred to the collaboration
toolset.
How many chat windows I need to stop me from doing
my work? The issue of HOW instant messages are delivered is very
often ignored. Yet, it is critical if a corporation hopes to reap measurable
benefits from deploying an IM system.
The consumer grade IMs adopt a multi-chat paradigm - if a user communicates
with several other users, multiple mini-chat windows pop up on the desktop.
In our experience, this is a terrible design. Managing these windows
is a chore and a distraction. A much more efficient design is to deliver
a message in a pop-up window, let user respond, and hide the messenger
interface - a la SMS. This approach lets users do whatever they are
doing while being able to interact with minimal distraction.
If a situation calls for an extended one-to-one or group meeting, the
above mentioned gateway
to a collaboration systems brings up more advanced tools for an
instant collaboration session. Conversely, notifications about
scheduled virtual meetings can be delivered via IM. This is an important
part of what we call Secure Unified Collaboration approach.
CollabWorx SIM - Instant Messaging for Enterprise:
We offer an IM solution that has been designed for corporate use from
ground up. Please refer to the detailed
product description for more information.
|
