Today I noticed Dubs from HR Technology Discussion Board picked up on the HR.com item on IM and the reshaping of organisational communication. Dubs quite rightly mentioned several of the security concerns around using the consumer based IM clients, a reason the big players looked at developing corporate IM platforms and while Lotus Sametime and Microsoft Office Live Collaboration tools will take off, and why many IT shops block the IM ports, have locked down desktops and implement State-full Deep Packet Inspection on their networks. Dubs then found an item in CNet confirming his thoughts. Strangely enough, or not, if you download the IMLogic report you will see that most security issues have come from the MSN network about 75%. These attacks are using social engineering to successful infect end users and due to the nature of the tools being used IM worms will spread through your network at a far greater rate than any email based worm.
Ian Goldberg from blog*on*nymity also posted today on some the issues around IM and brings together some of the encryption and privacy items around the whole topic. Ian gives a very good technical background as to WHY consumer based IM tools have issues. He also raises some interesting thoughts on the whole identity management issue.
All of these issues are why organisations like IMLogic, and others, have created specific products in this area. Many of the existing accounting and legal compliance standard such as SEC, NASD, HIPAA and SOX have legal obligations around storage of client communications.
The benefits of IM are the ability to facilitate multi party collaboration, presence awareness, collaboration anywhere and immediate closed loop communications within your enterprise. These benefits have significant upsides especially when IM is implemented consistently across the enterprise and even integrated into business applications such as CRM, and ERPs. But while the benefits of IM are large from a collaboration point of view the downside can also be very large if not implemented correctly. Once again IM is an area that HR should be working “hand in glove” with IT to ensure all of the legal, compliance and people issues are taken into account.