To ensure more administrative control over instant messaging, organizations are starting to deploy enterprise instant messaging systems, which add critical features like policy-based rules, logging, archiving, and encryption. As Jacqueline Emigh reports, IM vendors still need to achieve interoperability, though, to better enable secure and managed messaging between users and their outside customers and partners.
Tens of millions of workers today are using instant messaging (IM), and the number is projected to soon skyrocket into the hundreds of millions. To ensure more administrative control, organizations are starting to deploy enterprise instant messaging (EIM) systems, which add features like policy-based rules, logging, archiving, and encryption. IM vendors still need to achieve interoperability, though, to better enable secure and managed messaging between users and their outside customers and partners.
Administrators attending the recent CeBIT show in New York City pointed to the rising popularity of IM within the workplace. "We will definitely be moving to EIM in the near future," declared John Ignatius of AXA Rosenberg Investment Management, one of the speakers in a panel session called "Popup Productivity & Enterprise Instant Messaging."
For the time being, AXA Rosenberg has standardized on Microsoft's long-time IM product, MSN Messenger for Windows. Quite soon, though, Ignatius expects to start evaluating Microsoft's new MSN Messenger Connect for Enterprises -- formerly codenamed Greenwich -- in addition to competing EIMs.
In a Q&A session during the CeBIT panel session, network administrators from companies in the financial services, health care, and manufacturing industries all voiced strong interest in EIM. An administrator from one health care firm said his company wants to establish encrypted communications between an internal EIM system and consumers outfitted with clients for public IM, such as AOL's Instant Messenger and Yahoo! Messenger.
Meanwhile, users are suggesting future market drivers that range from wireless hotspots to integration between IM and outside applications. Another speaker at CeBIT, Paul Mueller, VP for tech services at Schneider National, foresees the day when his company's truckers will exit the highway to hook up to wireless hotspots. There, the truckers will perform file downloads from the corporate LAN, as well as engage in IM chat with co-workers over 802.11 links, according to Mueller.
Boom in Workplace IM
Analysts' statistics underscore the boom in workplace IM. In a recent survey by Nemertes Research, 73 percent of organizations said they've either already implemented IM or plan to do so within the next 12 to 18 months.
Ferris Research, moreover, estimates that IM in the enterprise will mushroom from 10 million users in mid-2002 to 180 million by 2007. Even more bullishly, the Radicati Group expects the number of corporate IM accounts to explode from 60 million in 2003 to 350 million by 2007.
Over the same time frame, Radicati anticipates the gap between consumer and corporate IM will narrow substantially. In 2003, 52 billion corporate IMs will be sent worldwide on a daily basis, compared to 530 billion consumer IMs. By 2007, the numbers will rise to 290 billion for corporate IMs and 1.09 trillion for consumer IMs, according to the analyst group.
Page 2: But EIM Isn't for Everyone at This Point
But EIM Isn't for Everyone at This Point
Still, 30 percent of companies surveyed by Radicati say they're not using IM at all right now. Another 44 percent are implementing IM, but have not yet standardized on a solution. Only 26 percent have standardized on a particular product.
In terms of concerns, 31 percent of Radicati's respondents listed security. A total of 27 percent said they are "skeptical of added value," while 21 percent fret over "lack of productivity due to personal use." Other worries include lack of interoperability (12 percent), cost (12 percent), and complicated administration (10 percent).
On the other hand, IM advocates cite advantages ranging from speedier service to lower phone bills. "Over the past 12 to 18 months, [the combination of] IM and 'presence' has emerged as a new medium of communications over the Internet," according to Radicati's report. Radicati defines presence as "a means for finding, retrieving, and subscribing to changes in the presence information (e.g. 'online' or 'offline') for other users."
"IM is now slowly making its way into the corporate world. What used to be an effective tool for keeping in touch with 'buddies' on various 'buddy lists' is now finding its way into corporate communications for increased efficiency and aiding time-critical applications," the researchers maintain.
One IBM customer, an international bank, is now using the IM and presence features in Lotus Sametime to reduce international phone calling. Before placing calls to colleagues at overseas branches, the bank's employees are required to use Sametime to make sure the co-workers are onsite and available, said Stephen R. Londergan, a senior marketing manager for IBM, during a recent Webcast. According to Londergan, more than 60 percent of the Fortune 100 are now using Sametime, a product that provides Web conferencing in addition to EIM.
Customer Service and Out-of-Band Communications
Robin Gareiss, an analyst at Nemertes, perceives particular benefits for IM/EIM in customer service, out-of-band communications, and project collaboration. Dell Computer, for instance, has substantially boosted its help desk efficiency by letting service reps conduct IM with technical experts while simultaneously talking on the phone with customers, according to Gareiss.
Along similar lines, software maker Avnet has added Sametime IM to its Web site. This gives tech support users an alternative channel for direct communications with Avnet beyond e-mail and phone calling, says IBM's Londergan.
Preventing Loss of Productivity
"What is the business case for using Enterprise IM? This is what companies have to explore," Ignatius noted during his talk at CeBIT. "[It's] easy to deploy IM in the enterprise environment. [It] could be a powerful and effective real-time tool. Software applications could be layered on top of [the] IM infrastructure, capitalizing on the IM features."
Ignatius, though, also pointed to a possible drop in productivity from EIM, "as employees spend time chatting with family and friends." As a result, workers need to be trained in "how to use enterprise IM effectively," he advised.
"Due diligence should be similar to other IT initiatives. Buyers should look at all competitive vendors. Run a pilot program and phase in the technology," he recommended.
"Make sure your company's IT infrastructure is reviewed before a platform is selected. Choose a vendor that meets your needs and requirements -- a vendor that can support [its] applications on your infrastructure. If you plan to develop software which would use the IM features, make sure your vendor will be able to provide you with an API and support."
Page 3: Security a Bugaboo
Security a Bugaboo
Security remains a lingering bugaboo, however. Public IM systems like AOL, Yahoo, and MSN all use the same port for messaging between firewalls, according to security pros. Some organizations try to deal with this problem by blocking this port on their corporate firewalls. However, all the major IM clients fall back to port 80 if the IM port has been blocked. Port 80, though, just so happens to also be the Web port, so most companies opt to keep it open.
Logging and archiving are also becoming big issues in IM. "The SEC already requires financial firms to log e-mails. Now, it looks as though requirements might be extended to IM, too," Ignatius contends. In fact, just last week, the financial services industry's self-regulatory body, NASD, ordered securities brokers and dealers to save instant messages (IMs) sent to clients and employees for at least three years (NASD's IM Order Could Boost Storage Firms). Outside of the financial field, administrators express dismay over the possible impact of the Sarbanes-Oxley Act, which broadens the reach of records archiving regulations to all publicly traded companies.
Sametime Gets Company in EIM Arena
IBM bills Lotus Sametime as the first IM product in the enterprise arena. To give administrators greater control over IM, vendors like AOL, Yahoo, Microsoft, Sun, and Sprint have also recently started rolling out their own EIM offerings. Generally speaking, EIM systems include built-in management and security features such as policy-based rules, logging, archiving, auditing, and to an increasing degree, encryption.
By setting policies, an administrator might ban some employees from IM while allowing others, or restrict all IM to the hours of 9 am and 5 pm on weekdays, for instance.
Beyond these administrative functions, IBM's Londergan points to a number of additional features in Sametime, including audio/video messaging, "one-to-many" IM, and the ability to be alerted when other users are back at their desks and available for messaging.
Internally, IBM is using bots that integrate EIM with help, dictionary, and "acronym abbreviation" functions. Employees can send IMs to find out the meaning of a word or acronym. Some Sametime customers are deploying similar bots, according to Londergan.
On the third-party side, NetIQ's imMarshal for MSN adds the ability to record, archive, and audit chat sessions in the existing MSN Messenger for Windows. The tool also provides IM scanning and monitoring, content analysis with keyword detection, support for outside antivirus products, corporate policy enforcement, and -- to save on bandwidth -- administrative control over the types and sizes of files sent.
Page 4: Interoperability Isn't That SIMPLE
Interoperability Isn't That SIMPLE
Interoperability poses another barrier. At the moment, clients for IM systems like Sametime, MSN, AOL, and Yahoo remain incompatible. The IETF's emerging SIP/SIMPLE industry standard is supposed to solve that problem eventually.
"Vendors are [slowly] beginning to implement SIP/SIMPLE," Ignatius acknowledges. "However, they're still working out interoperability between their various implementations."
SIP (Session Initial Protocol) is a protocol already widely deployed for telecommunications call signaling. SIMPLE (SIP for Instant Messaging and Presence Leveraging Extensions) is a set of SIP extensions for the IM industry.
A working group within the IETF has already completed a number of draft requirements, with additional drafts due by July 3 and August 3. September 3 is the scheduled due date for submission of the Presence/IM System Architecture draft to the IESG (Internet Engineering Steering Group), for publication on an "informational" basis.
Critics charge, though, that public IM vendors like AOL, Microsoft, and Yahoo are dragging their heels when it comes to SIP/SIMPLE compliance. "The public IM players are still stubborn about accepting full and complete interoperability with their systems," asserted analysts at the Yankee Group in a recent report. Instead, true interoperability is likely to first appear in products like Lotus Sametime and Reuters Messaging, according to the analysts.
As an alternative to SIP/SIMPLE, a company called Jabber, Inc. has now produced an XML-based IM interoperability protocol called XMPP (Extensible Messaging and Presence Protocol). XMPP and SIP/SIMPLE can reportedly coexist in the enterprise, and some have even predicted the possible emergence of a Jabber working group within the IETF.
Another XML-based protocol now gaining ground is SAML (Security Assertions Markup Language), an offering from OASIS (Organization for the Advancement of Structure Information Systems). SAML is designed to bolster security as well as interoperability. The standard is an attempt to let businesses exchange credentials across disparate authorization methods.
Third-Party Vendors Step In
Third-party vendors are taking advantage of the interoperability dilemma with new products and services meant to provide security and manageability across IM platforms. Omnipod was the first in this space with a managed service for enterprises. A server in Omnipod's datacenter receives IM traffic from AOL, Yahoo and MSN; applies IM policies to the messages; and then dispatches them to a piece of software outside the corporate firewall. When Port 443 is opened on the firewall, the IM traffic is encrypted and sent to Omnipod desktop clients.
Meanwhile, FaceTime's new IM Director product, slated for Q3 availability, is designed to work across public systems like AOL, Yahoo, and MSN as well as private IM systems such as Sametime. Administrators will be able to set IM control preferences and permissions at the enterprise, departmental, and individual employee level. Realtime visual reporting features will include the ability to identify groups, employees, and "outsiders" that are most active in IM messaging, for example.
IM Director will also support a suite of other IM administrative software from FaceTime, including IM Auditor (for regulatory compliance), IM Call Center, IM Presence Manager, and IM Guardian (for security management).
Akonix L7 Enterprise 2.0, a product already on the market, is aimed at internal management of IMs emanating from ICQ, AOL, MSN, and Yahoo public networks. Sitting inside the firewall, the Akonix gateway logs and archives IMs; generates standard and custom reports on usage; and enforces corporate policies such as message content, file transfer properties, time-of-day, and directions of messages. Other features include a controlled namespace to ensure employees' screen names adhere to a corporate template and protection from "information leakage" by automatically keeping internal messages inside the network.
For IM to reach its full potential, though, business users need to be able to chat securely beyond corporate firewalls. While new third-party products and services go a long way toward meeting that objective, EIM, however, will become much more seamless from an administrative standpoint when SIP/SIMPLE interoperability comes to pass.
See All Articles by Columnist Jacqueline Emigh