Glen Vondrick, president and CEO of FaceTime Communications, a company that helps its customers manage IM infrastructure, says financial service professionals were some of the earliest business adopters of IM because by its nature their business requires quick access to information. He says, "We discovered because of the real-time nature of the financial business, with money changing and fluctuating valuations, that brokers and traders and different communities had established IM as quick access to information." In fact, Vondrick says that as financial service professionals downloaded instant messaging clients, they built these communities that mushroomed and grew rapidly.
With more people using IM, it became apparent that enterprise IT departments would want to control the IM process, but they found this increasingly difficult to do because individuals within a given organization were using a variety of consumer-level IM clients that were not tied into the main enterprise computing infrastructure. Ken Hickman, vice president of enterprise product development at Yahoo!, says "IT departments want the same type of management and control they have for other enterprise applications. The main features they are interested in are the standard kind of software features that they get from any enterprise platform, which is centralized control, security, namespace, the configuration, the users, etc."
FaceTime's Vondrick explains that companies go through a common process from denial then discovery and eventually to looking for a way to manage the process. "They all say that they don't know IM is in use or it can't possibly be there. Then they think they have to block it or shut it down because they are afraid of it." Vondrick says that finally they come to the realization that they have to find a way to manage and control it.
Securing the Process
Once companies realize that there are ways to manage and control instant messaging, there are larger security issues related to sending and receiving instant messages in an enterprise setting that would not necessarily come into play on a consumer level. This is especially true in financial services where they deal with confidential information about both the company and its clients. Reuter's Gurle explains, "At the core of security is the notion of identity because we do not see each other, nor do we have the voice aspects like talking on the telephone. In a text-based medium, the notion of identity is crucial." He says, "Once you have achieved that, you have the foundation to build other security mechanisms to address the concerns of the financial industry."
One major concern for financial professionals is confidentiality. To address this, Gurle says Reuters IM "provides encryption at a very high level between end users, whether they are exchanging their presence information or they are sharing instant messages back and forth." Finally, Gurle says, you need to ensure the integrity of the message itself, that a sent message is going to be the same when it arrives at the other end, and you need to make sure that the intended recipient actually receives the message. He asks, "What happens if you type something, and it hasn't arrived, and you thought it had? That's another element we have dealt with."
Ed Simnett, lead product manager for Real-Time Communications Server (RTC) 2003 (formerly known as Greenwich) at Microsoft says, "One of the things we hear from customers that is absolutely critical, are issues around security, authentication, and name space management." Simnett explains that you need to be able to link instant messaging to the enterprise directory to get the name space under control, so you know who somebody really is. This allows companies to do away with funky sign-on names (such as Ed123) and typically link each sign-on name to the corporate email server, so you see something like Ed_Simnett instead and you can more easily identify with whom you are communicating.