Securing Instant Messaging with LCS 2005
I had to talk to a journalist recently about the massive rise in the use of Instant Messaging as a corporate tool, and the risk of intellectual property (IP) leaving the company as people chatted to their friends using MSN Messenger with the possible security risks involved as data moved outside the organisation. One of the cases cited concerned trading houses who may transfer insider knowledge about shares outside their own trading house.
My take on this was that 'any' corporate Instant Messaging system, not just Microsofts', properly configured and managed with auditing and logging could provide the security needed to protect a companies IP. It was probably just bad management on the part of the company concerned. Even MSN Messenger could be hooked up and audited using IMlogics solution, or connected using MSN Connect for Enterprises. As I wasn't pushing LCS 2005 as the panacea to solve this problem, but rather commenting that this was a process issue, not a technical issue, there wasn't a story for him to talk about, and he soon ended the call.
This recently released whitepaper talks about how to secure IM in the Enterprise using a variety of mechanisms: TLS, AD, SQL for auditing etc... it's only 19 pages long, but useful all the same...