4.1 Overview

E-mail differs from IM in that IM allows users to see whether a chosen friend or coworker is connected to the Internet, and the messages are exchanged directly (almost instantly), allowing for a two-way communication in near real time. An IM service will typically alert a user if somebody on the user's contact list is online. IM is now a widespread, efficient medium for everyday business users to collaborate, organize strategy meetings, and share internal files and information.

Popular systems such as America Online's Instant Messenger and ICQ, Microsoft's MSN Messenger, and Internet Relay Chat (IRC) have changed the way we communicate with our friends, acquaintances, and now our business colleagues. Although IM is increasing in popularity in both professional and personal applications, its increasing use has led to an associated increase in the number of security risks. Companies face a difficult choice now that they are coming to understand some of the security issues associated with the use of IM in their businesses. Most of the potential problems stem from the fact that free public IM clients and networks, such as AOL Instant Messenger, Yahoo! Messenger, and MSN Messenger, do not offer security, monitoring, logging, or any other features commonly associated with corporate IT applications.

Security has taken a backseat in many IM clients. Without security mechanisms in place, IM can allow the unfettered transmission of confidential files, malicious code, and inappropriate content, for which an organization can be held liable. Managing IM use is a problem...