Executive Conversation: The Future of Instant Messaging is Simple, Secure, and Self-Managed
by Melisa LaBancz-Bleasdale - Monday, 5 July 2004.
For a moment letís suppose I am the CEO of a multi-million dollar corporation and I send an Instant Message to my General Counsel. He sends me information that should never be seen by the outside world. As vetted peers, my General Counsel and I can chat in encrypted real-time. The communications are neatly logged on my removable USB fob (assume Iím traveling), and on the General Counselís laptop hard drive. We have met critical criteria with this exchange. Our IM is protected and therefore not accessible to interception, and we are compliant with both the National Association of Securities Dealers Inc. (NASD) and the Securities Exchange Commission (SEC), which, to paraphrase the rulings, state that Instant Messaging communications must be logged and authenticated; their validity unalterable.

"Government compliance" quickly became the fashionable phrase when Sarbanes-Oxley started holding court over industry. However, for financial institutions and large companies with a presence on the NASDAQ, the realities of NASD Rule 3110, coupled with the SECís Rule 176-a-4(b)(4), are of intimate concern. With encrypted IM, a unique key session between the user and the recipient ensures the authenticity of the exchange while providing the valuable log data required by these rulings.

The Secure Instant Messenger (SIM), a product of Ottawa-based Validian Corporation, is poised to change how IM is handled at the enterprise level. The SIM, in conjunction with Validianís Application Security Infrastructure (ASI), provides high-level security currently unavailable in the usual "over-the-counter IM". ASI guarantees the delivery of messages and files to the target destination without fear of interception at any point in transit. Bilateral and multilateral exchanges can take place between numerous individuals while at the same time, secured files of varying sizes can be transferred. Logging of IM sessions takes place at the sender and recipient points-of-contact, whether PC-to-PC or PC to portable USB fob. As an extra measure of security, a mobile user using their removable USB device for IM leaves no trace of their session or communications once the USB is removed from the host computer. While this feature may appear anti-forensic in nature, the IM session is logged on both the USB device and on the receiverís computer, making it ultimately traceable.

Does the world need secure Instant Messaging? The evidence points to "yes". As Dr. Andre Maisonneuve, President and CEO of Validian, explains, "We created our product in reaction to the changes we are seeing in the IM environment. At this point and time everyone is mobile, and therefore the IM system needs to reach people wherever they happen to be. Corporate networks are growing in complexity and security is increasingly important. To add to this, IT has realized that their efforts to block the use of IM isnít materializing. In the same sense, IT needs to gain control over the IM technology, preventing open IM systems from allowing viruses and worms into the corporate network. A major change in the IM environment is the requirement for end-user authentication. People want to talk securely and they need to exchange images, documents and files securely. These are the requirements that corporate security professionals are asking of the IM world."

Public IM systems are notorious for leaving the door open to malevolent actions. Instant Messaging, though well-loved by many for its ease of use, has had a hard time finding favor with those in charge of network security.


101,000 US taxpayers affected by automated attack on IRS app

The IRS has revealed more details about an attack it suffered last month, mounted by unknown individuals with the aim to file fraudulent tax returns and funnel the returned money to their own bank accounts.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th