During the early part of 2002, the US government-funded Internet security watchdog, CERT, issued a series of stern warnings about instant messaging. The tenet of its statements: public instant messaging (IM) services are vulnerable to all kinds of hacker attacks; messages can be used to carry viruses or Trojan horses into the organisation; with relative ease, outsiders can borrow users’ identities and interact without any kind of authentication; and, by illicit means, the content of messages can be ‘sniffed’ and tampered while in transit.
If IT departments couldn’t take control of their users’ largely unauthorised use of such freely downloadable services, CERT suggested, the practice should be outlawed and any rogue messages blocked at the corporate firewall. Plenty of companies took heed. Thousands of users at EDS and Samsung, for example, found their ability to interact in real time with colleagues and clients – and, yes, with friends and family – was blocked.
But in most other organisations the reaction to IM’s risks were less Canute-like. Many are very much aware that IM has become a central tool for both internal and external collaboration, and trying to halt its use is naive and possibly detrimental to the goals of the business.
Of course, we have been here before. Users and technologists have often brought technology into the organisation that has added considerable benefit. Lotus 1-2-3, for example, infiltrated many organisations through the corporate grassroots long before financial analysis was moved off the mainframe. The Linux operating system and the Apache web server appeared in many IT departments in breach of management policies forbidding the implementation of anything but approved software. The benefits, though, quickly became clear to the policy-makers.
Instant messaging has stormed into the corporate world, and concludes that any attempt at resistance is futile. Indeed, its use in a managed environment at companies as diverse as DaimlerChrylser, UBS Warburg and France Telecom suggests the payback is self-evident.
The corporate instant messaging environment developed at UBS Warburg in the late 1990s produced another kind of payback. Seeing its wider potential, the company sold the internally development application to enterprise software company Divine in 2000. At the time, Warburg realised that the hassle of marketing, selling and supporting the software would be too much of a distraction from its core activities.
Applications developed using the standards-based web services approach result in standalone components that can be integrated easily with other separately developed modules or even with legacy applications. That means that IT departments will be able to create web services and offer these as commercial products – either directly or through a broker – thereby generating revenue for the company and supporting its development effort.
As these two articles suggest, IT decision-makers would do well to occasionally examine the software resources that are fermenting within their own organisations.