When we think about messaging for the enterprise, is the glass half full or half empty? Optimists can point to the introduction of new handhelds that integrate voice mail, e-mail and calendaring, the maturity of VOIP technology, and new developments in text messaging and RSS readers. Pessimists point to the continuing deluge of spam, ever-more sophisticated phishing techniques, and the burdens of increased regulatory compliance.
To find out what the road ahead looks like, we interviewed Martin Hall of INBOX, the IT Conference, which is devoted to enterprise messaging. As you can see, while not ignoring the challenges, he is more optimistic about the future than one might expect. He also blogs regularly on these issues. If you want more information on INBOX, you can visit the INBOX Web site.
When you look at all the issues surrounding messaging, what do you think are most important challenges facing us right now?
We're seeing a key evolutionary movement of e-mail—from stand-alone application to mission-critical—that's an integrated part of every business, with security, storage, searchability legislative compliance, and business integration being the most urgent factors.
We all know about the challenges of inbound e-mail abuse. But what do we need to do about controlling outbound e-mail to control zombies and the outflow of critical and confidential business information? Has your business done a controlled evaluation of the regulations that impact them and the consequences for the capabilities of their own messaging systems? Are corporate policies in place that govern e-mail use in your organization? Can your users easily locate key information which is inevitably stored in e-mail? These are some of the most pressing issues for IT managers who are responsible for their e-mail communications backbone.
In the United States, a lot of attention has been paid to corporate governance and document retention, in light of Sarbanes-Oxley, HIPAA, and other legislation. Are we creating an inherent conflict between messaging's usefulness for communication and increasing regulatory requirements?
I don't think so. How we do business is and should be governed. Post Enron and Worldcom, everyone should be concerned about due process and rules. E-mails are business records and subject to discovery process. We need to think of e-mail as digital business records rather than amorphous and temporary phone conversations. Those bits have liability implications, so business leaders and IT managers should know what they should and can keep—and what they should and can destroy. And their systems should support those requirements.
Convergence is a term that keeps changing. A couple of years ago, people talking about convergence usually meant integrating a traditional e-mail inbox with a VoIP-enabled phone line, so that you could have your voice mail and e-mail in a single inbox. Then people started to layer in instant messaging. Now you find some who talk about RSS feeds as part of this equation. Is a single inbox a pipedream that we're going to have to abandon, or do you see a path that allows us to integrate these different types of messages?
I think the first signs of integration are already present. One example is "availability flagging" in e-mail clients when a person is available in an instant messaging client. We're going to see that extended to voice too, and with developments at the big ISPs and from individual companies like Skype. We're not too far away from the day when you simply choose whether you want data, voice, or video, and the integrated application figures out how best to communicate with the person or group you're trying to reach. Of course, this all presumes some level of directory integration, so address books, contact managers, and directories are going to be key here.
We're also hearing about some interesting features in forthcoming releases of Mac OS X and Microsoft Windows regarding RSS reader capabilities in the browser. Personally, I think that RSS capabilities are going to have to be built into the browser and e-mail clients. I fully expect e-mail service providers who are responsible for legitimate outbound bulk e-mail to embrace RSS and offer e-mail and RSS capabilities to their customers. In turn, that will enable users to subscribe to RSS feeds, and they need to be able to view that content in their next generation e-mail clients. But there's some way to go on that integration, and we're also already seeing attacks on blogs/RSS in the form of comment spam.
You've blogged about Skype and related technologies. How are you using them now, and what kinds of capabilities do you think they will bring to organizations in the future?
Personally, I'm using Skype to talk to family overseas. I'm using the Skype direct and the Skype-out service. Professionally, our organization is distributed. I've started to use Skype internally, because it allows me to integrate text messaging (in which I can, for example, share URLs for easy clicking) in parallel with a voice conversation.
The integration of media types together with cost savings and workgroup collaboration are going to be the major deployment drivers. I think there's going to be a major battle between the e-mail client, instant messaging, and desktop VoIP providers. They all want us to use theirs as the predominant interface and brand. The user needs integration. The problem right now is the lack of integration and proliferation of communication clients. I've got an e-mail client, AOL IM client, and Skype running with contact management. Not to mention my POTS and cell phones!
Authentication is one of the few things that almost everyone in the industry agrees is a good idea. To reduce spam, and phishing vulnerabilities, the end user needs to really know who is sending each e-mail that hits the inbox. There are a couple of competing concepts for implementing authentication. One is based on IP addresses and the other is based on digital signatures. Do you see the major players agreeing on a common approach anytime soon?
The industry did a lousy job in 2004 of presenting a common message to the IT world on this. The truth is that there is agreement around IP authentication in the form of SenderID. Things have been relatively quiet on that front over the past few months because we've moved into the implementation phase. Organizations are publishing their records and vendors and service providers are working on the inbound record checking technology. So, deployment is the watch word here.
On the digital signatures front, there was consternation at the end of last year that we were seeing the CallerID/SPF debate replay itself in the form of Domain Keys (a Yahoo! proposal) and IIM (a Cisco proposal). Behind the industry curtain, these players are being urged to merge their specs and I expect that to happen "real soon now".
So, do you agree with the view of some that we'll see both strategies implemented, with IP Addressing (SenderID) being deployed first and some version of digital signatures following later?
Yes. SenderID is probably a year ahead of a hopefully integrated signing approach and deployment should be happening now. We'll likely see the large ISPs, as they have with SenderID, be the first networks to deploy the signing solutions. Yahoo! and Google are already into that. I should point out, as part of the largely agreed upon accountability framework, that e-mail requires that the next phase involve more use of accreditation and reputation systems, and things are starting to bubble there. If 2004 was the year of IP authentication, 2005 is likely to be about signing solutions, and I'd expect 2006 to bring reputation and accreditation into the spotlight.
In the US, we're increasingly addicted to e-mail and IM, with RSS feeds coming on strong. In other parts of the world, text messaging via mobile phones has been huge for a long time. Does this kind of text messaging have implications for corporate messaging infrastructures? And what trends do you see in this area?
It's possible that mobile devices will play a key role in the integration of these communications technologies. At the end of the day, these devices are communications devices first and foremost, and they're still relatively limited in terms of memory, processing capabilities, and storage. E-mail and messaging are not as entrenched as they are on desktop computers. Together, that creates an interesting set of reasons to expect the integration of e-mail, instant messaging, SMS, and voice being a stronger motivating factor for vendors in this space.
I fully expect the "Crackberry effect" to drive greater adoption of e-mail and text messaging capabilities in corporate messaging systems. Again, integration with existing systems will be key. Blackberry support for Microsoft Exchange and Lotus Notes is an indication that this need is well understood.
Studies show that as much as 80% of corporate e-mail is either outright spam or virus/phishing attempts. While the industry has spent an enormous amount of time and money fighting both of these, the volume of bad e-mail is still huge. Is there light at the end of this particular tunnel?
Without a doubt, there is light. First, massive investment in spam and phish fighting (look at IronPort and CipherTrust VC investments and Microsoft setting up a group dedicated to safety) means we're seeing great technologies emerge. Second, it's not just VC dollars that are flowing. E-mail security products and services are being bought in the hundreds of millions of dollars. That doesn't happen if they don't work.
The pump is being primed with new technologies that include the accountability triumvirate of authentication, accreditation, and reputation. I'm very excited by the promise of these to make further inroads in the spam and phishing war and turn messaging systems into systems where you get much more of what you want and much less of what you don't want.
You talk about messaging as moving from stand-alone application to mission-critical part of all business processes. In many organizations, e-mail is the most important computer application. However, we are starting to see the rise of desktop search tools from both Google and Microsoft, which have the potential to change the way people work. How do you see desktop search and related functionality working with messaging?
Three search-related stories last year presaged what I think we're going to see. First, Google's Gmail opened some eyes and threatened some companies with what they came out with in beta form. Second, Stata Labs was acquired by Yahoo! for its desktop-based search capabilities. Third, a small, quiet, but virally successful plug-in for Microsoft Outlook, called "Lookoutsoft," was acquired by Microsoft.
What does this all mean? I think it means that the big data gateways, such as Google and Yahoo!, want to parlay their power in Web-based access into more desktop capabilities. Microsoft will look to defend their ownership of the bulk of desktops and to be the primary interface to search. And, quietly, Apple will continue to shine a light on search possibilities with the forthcoming release of Tiger. We're facing a battle on the desktop for predominant ownership of search. That battle will not just be about Web page search, but e-mail search too.
I'm intrigued to see what both Yahoo! and Google will do to enable desktop e-mail search. I can "pop" my Gmail e-mail today. But what will Google do to reach out to that "popped" desktop e-mail with ad relevance? Will it top or tail my e-mail with ads? And how will instant messaging play into this battle and the evolution of search capabilities? This is going to be a fascinating year.