Monday, 21 July 2008

Archiving your IM

By Phil Muncaster
A return to the issue of IM archiving that I flagged up a few months ago. New research by enterprise IM vendor ProcessOne caught my eye this week. Alright, some of it might look a little on the self-serving side - i.e. three quarters of respondents agreed with the suggestion that IM could provide their organisation with business benefits around increased collaboration. You don't say. But after all, this is a vendor-sponsored survey, and there were actually some more interesting findings than that.
The survey of IT decision-makers in sectors such as financial services, manufacturing and retail and distribution, found that nearly 90 per cent were concerned about the security risks of allowing public IM use in their organisation, while nearly three-quarters banned usage because of this. Security fears, of course, in this instance primarily refer to losing sensitive information through the firewall, rather than being subject to IM-borne malware.
But it was the stats around IM audit trails that were most interesting. Unsurprisingly 88 per cent said they did not keep an audit trail of IM messages sent by employees using public IM tools. But 8 per cent said they don't bother with the archiving and IM management process because it is too complicated, while a surprising 10 per cent said they didn't know they needed to keep audit trails.
In industries like financial services, where regulations are among the tightest there are in mandating the storage of electronic communications, it seems amazing that IT managers don't know that they need to maintain audit trails. And then there are legal requirements - the infamous Sarbanes Oxley legislation, for example, requires firms listed in the US to implement audit trails.
Perhaps the reason for these results is more down to internal silos and the priorities of IT leaders, who are under increasing pressure to keep the lights on, while at the same time contributing to more strategic, innovation-driving projects. Despite the penalties for non-compliance, it could be the business managers, the data owners, who aren't communicating seriously enough the importance of IM archiving. Perhaps there need to be more prosecutions or high profile cases like Societe Generale (where fraudster Jerome Kervier was found to have been using MSN to carry out covert IM conversations), to make organisations sit up and take notice. Otherwise, issues of a more tactical, mission -critical bent will continue to dominate the technology agenda.

No comments:

Post a Comment