There is a need to have an IM system that is easy to implement, as it’s apparent that IT does not have time to oversee all the keys and authorizations as well as authentication. Validian’s SIM system is entirely self-managed with automatic key exchange; the keys are self-contained so that there is no need for a third party authentication authority, even if the system is certificate-based.
"All of the requirements put together make for a very complex IM system that can be installed by a single user in a matter of minutes and in an entire organization in less than half a day," says Maisonneuve.
Users are authenticated either through Validian’s Domain Controller or a Private Corporate Domain Controller depending on the situation. Through the linkage of the Domain Controller with corporate user databases, IT administrators can oversee the approved user lists and file transfer privileges. However, there is no central server that messages travel through, communication takes place only via peer-to-peer transactions. Before two parties can communicate, the user must be an accepted sender of the message recipient. This is done through the use of an "Allow or Deny" pop-up window. Once users have authenticated themselves and agreed to communicate with one another, their status will be stored on each other’s contact lists for future use.
The SIM client can be download from Validian’s website. Should colleagues at different organizations need to Instant Message one another, they can do so if IT has authorized both Domain Controllers to converse with one another. It can be further drilled down to individual people at different organizations having the permissions to send secure IM. For example, two CFO’s may communicate with one another if both parties use the Validian environment.
To meet the needs of the mobile IM user, Validian was the first to incorporate security and authentication into a removable USB device that provides an immediate, secure Instant-Messaging system. The SIM provides multi-layer security through intense user authentication unique to each customer.
Should that fortified security not meet your needs, Validian has also partnered with Sony to produce its Flash Communicator, an implementation of its SIM that works on compact flash media devices and provides three factor authentication: your fingerprint, your password, and the serial number of both the device and the software. Flash Communicator™ works on USB flash memory drives, digital camera memory sticks and other compact flash media. It transforms these storage media into secure, interactive communication devices, allowing rich text communication, message exchanges, image and content distribution and file transfer when connected to the Internet.
Validian defines its main focus as the corporate customer whose available resources are in short supply and who have a need to minimize the oversight of complex systems.
"An ideal customer for Validian is a company sensitive to security, one that is well distributed, and who employs mobile users. Virtual corporations, companies with a large, multinational sales force, users that need to have meetings within meetings to discuss strategy; all of these are models of who would use Secure Instant Messaging," states Maisonneuve.
The SIM also acts as a gatekeeper in that it prevents users from using IM to communicate with unauthorized users outside of the corporation. This can prevent the exchange and transfer of sensitive corporate information with parties who should not have it. Case in point, Instant Messaging was used as a continued source of communication in planning the Enron crimes as it was relatively anonymous, lacked session logging and didn’t archive data.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.