"Government compliance" quickly became the fashionable phrase when Sarbanes-Oxley started holding court over industry. However, for financial institutions and large companies with a presence on the NASDAQ, the realities of NASD Rule 3110, coupled with the SECís Rule 176-a-4(b)(4), are of intimate concern. With encrypted IM, a unique key session between the user and the recipient ensures the authenticity of the exchange while providing the valuable log data required by these rulings.
The Secure Instant Messenger (SIM), a product of Ottawa-based Validian Corporation, is poised to change how IM is handled at the enterprise level. The SIM, in conjunction with Validianís Application Security Infrastructure (ASI), provides high-level security currently unavailable in the usual "over-the-counter IM". ASI guarantees the delivery of messages and files to the target destination without fear of interception at any point in transit. Bilateral and multilateral exchanges can take place between numerous individuals while at the same time, secured files of varying sizes can be transferred. Logging of IM sessions takes place at the sender and recipient points-of-contact, whether PC-to-PC or PC to portable USB fob. As an extra measure of security, a mobile user using their removable USB device for IM leaves no trace of their session or communications once the USB is removed from the host computer. While this feature may appear anti-forensic in nature, the IM session is logged on both the USB device and on the receiverís computer, making it ultimately traceable.
Does the world need secure Instant Messaging? The evidence points to "yes". As Dr. Andre Maisonneuve, President and CEO of Validian, explains, "We created our product in reaction to the changes we are seeing in the IM environment. At this point and time everyone is mobile, and therefore the IM system needs to reach people wherever they happen to be. Corporate networks are growing in complexity and security is increasingly important. To add to this, IT has realized that their efforts to block the use of IM isnít materializing. In the same sense, IT needs to gain control over the IM technology, preventing open IM systems from allowing viruses and worms into the corporate network. A major change in the IM environment is the requirement for end-user authentication. People want to talk securely and they need to exchange images, documents and files securely. These are the requirements that corporate security professionals are asking of the IM world."
Public IM systems are notorious for leaving the door open to malevolent actions. Instant Messaging, though well-loved by many for its ease of use, has had a hard time finding favor with those in charge of network security.