Executive Conversation: The Future of Instant Messaging is Simple, Secure, and Self-Managed
by Melisa LaBancz-Bleasdale - Monday, 5 July 2004.
"IT wants to be able to implement their own corporate namespace within the IM system. Anyone can call themselves ĎBlackcrow555í and itís not very conducive to a professional namespace. There is a need to have some control over who can send and receive messages via IM, but an even bigger need to encrypt the files that are being sent. File transfers often involve corporate intellectual property, so these files must be encrypted on the interchange."

There is a need to have an IM system that is easy to implement, as itís apparent that IT does not have time to oversee all the keys and authorizations as well as authentication. Validianís SIM system is entirely self-managed with automatic key exchange; the keys are self-contained so that there is no need for a third party authentication authority, even if the system is certificate-based.

"All of the requirements put together make for a very complex IM system that can be installed by a single user in a matter of minutes and in an entire organization in less than half a day," says Maisonneuve.

Users are authenticated either through Validianís Domain Controller or a Private Corporate Domain Controller depending on the situation. Through the linkage of the Domain Controller with corporate user databases, IT administrators can oversee the approved user lists and file transfer privileges. However, there is no central server that messages travel through, communication takes place only via peer-to-peer transactions. Before two parties can communicate, the user must be an accepted sender of the message recipient. This is done through the use of an "Allow or Deny" pop-up window. Once users have authenticated themselves and agreed to communicate with one another, their status will be stored on each otherís contact lists for future use.

The SIM client can be download from Validianís website. Should colleagues at different organizations need to Instant Message one another, they can do so if IT has authorized both Domain Controllers to converse with one another. It can be further drilled down to individual people at different organizations having the permissions to send secure IM. For example, two CFOís may communicate with one another if both parties use the Validian environment.

To meet the needs of the mobile IM user, Validian was the first to incorporate security and authentication into a removable USB device that provides an immediate, secure Instant-Messaging system. The SIM provides multi-layer security through intense user authentication unique to each customer.

Should that fortified security not meet your needs, Validian has also partnered with Sony to produce its Flash Communicator, an implementation of its SIM that works on compact flash media devices and provides three factor authentication: your fingerprint, your password, and the serial number of both the device and the software. Flash Communicatorô works on USB flash memory drives, digital camera memory sticks and other compact flash media. It transforms these storage media into secure, interactive communication devices, allowing rich text communication, message exchanges, image and content distribution and file transfer when connected to the Internet.

Validian defines its main focus as the corporate customer whose available resources are in short supply and who have a need to minimize the oversight of complex systems.

"An ideal customer for Validian is a company sensitive to security, one that is well distributed, and who employs mobile users. Virtual corporations, companies with a large, multinational sales force, users that need to have meetings within meetings to discuss strategy; all of these are models of who would use Secure Instant Messaging," states Maisonneuve.

The SIM also acts as a gatekeeper in that it prevents users from using IM to communicate with unauthorized users outside of the corporation. This can prevent the exchange and transfer of sensitive corporate information with parties who should not have it. Case in point, Instant Messaging was used as a continued source of communication in planning the Enron crimes as it was relatively anonymous, lacked session logging and didnít archive data.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th