1.1 Purpose and Audience

IM is expected to influence the drop of e-mail usage by 40 percent in 2006 [1] and is resulting in new legal, regulatory, and privacy issues that are challenging security professionals and users to reevaluate the security, technology, and employee productivity issues with regard to IM. We believe there is also a gap in the current commercial literature with regard to IM security. According to research firm Gartner, over 70 percent of corporate employees depend on Instant Messaging for business communications, despite the fact that, according to Nemertes Research, 70 percent of IT executives claim to have banned the use of commercial IM services [2]. The reality for IT organizations is that authorized or not IM is being used on most networks, and authorized or not it poses a serious security threat if left unchecked. Not surprisingly, Gartner recently labeled IM security one of "five technologies you need to know," and research firm Yankee Group called securing IM one of the top three priorities for IT managers in 2004. Senior IT executives overwhelmingly concur, as 62 percent told Nemertes Research that they worry about IM security. IM is quickly becoming prevalent as a business-critical communications tool, and with its use come new security challenges for businesses around the world [3]. The security concerns with the use of IM are myriad and range from technical vulnerabilities, such as client buffer overflow attacks, to inappropriate usage risks, such as the leakage of intellectual property. This book is designed to help you fully...