Thanks to AOL, MSN, and Yahoo, many corporate users are using instant messaging (IM) to communicate with colleagues, clients, and friends both in today’s enterprise and at home.

As I noted in a previous article, employees like the real-time communications IM provides, and many use the often-free service as an adjunct to corporate e-mail. The problem for tech departments, however, is that most users have simply downloaded a free application without any IT knowledge or endorsement, so the communications tool is likely operating under the radar at most companies.

While individuals and departments enjoy IM’s benefits, the enterprise as a whole is not necessarily gaining any advantages. In fact, IM could likely be silently impacting some serious operations, as it takes up valuable bandwidth and could pose security and liability threats down the road.

For all of these reasons, CIOs are realizing the need to formally support IM by deploying a corporate IM solution. And, as with other solutions, CIOs must take into account both users’ needs as well as the company’s infrastructure, security programs, and bandwidth concerns.

In this article, I’ll examine two possible options in determining the appropriate IM application and offer insight and guidance to help CIOs make the right choice from the beginning.

The first step: Investigate needs
On the enterprise level, there are several approaches to IM use: CIOs can support a commercial service (AOL, Yahoo, MSN, etc.), build an IM server, or outsource IM needs to a service provider. Which approach is most appropriate must be determined by how well it fits both user and enterprise needs.

First of all, CIOs need to know what messaging will be used for and what level of IT control is warranted. For example, if IM is being used to support customers, choosing to support the widely available free commercial services may be a wise choice due to the inherent difficulty in controlling outside user applications and platform use. Conversely, if IM is going to be used as an internal collaborative tool, where the information being exchanged needs a high level of confidentiality, a CIO might want to set up an internal IM server in order to control access. A third possibility is outsourcing the IM service to a provider. This option is a good fit for those enterprises whose IT support teams are slim and tasked with more critical enterprise applications and infrastructure support issues, such as e-business initiatives like collaborative commerce.

Approach must allow for control of IM use
In terms of security and liability protection, IM use should be monitored on the same level as Web surfing and e-mail use.

For example, many enterprises block employee access to certain Web sites to avoid sexual harassment issues, and companies exert similar control over e-mail use. And as security concerns (especially with free commercial services) continue to grow, organizations are realizing that IM use carries the same potential liability problems. While most users believe that IM can’t be intercepted or traced, there have been incidents where IM address books have been compromised. And, because IM uses traditional password protection, online impersonation is also possible, which can compromise corporate information.

Instant messaging series: Part 2

This is the second of a three-part series examining instant messaging issues within the enterprise. The first article, “Why CIOs should embrace IM,” discussed why CIOs need to be proactive to thwart security issues. The final installment will discuss the need for CIOs to integrate IM with existing communications systems and the cost of ownership issues of using IM as a standalone system vs. integrating IM with other communications systems.

Aside from security and liability concerns, IM use also poses possible productivity issues akin to the problems many companies experienced during the initial days of Web access. Much anecdotal evidence exists that IM, while often viewed as a productivity tool, can actually drag corporate productivity down.

“If you’ve got employees informally using their home IM for work, we’re finding they’re using the same [screen/buddy name] both at home and in the office on that service,” explains William Rantner, a systems administrator at a Boston financial services firm. “So naturally, when one of their personal buddies sees they’re online, there’s no indication the person is working, and you start getting conversations about last weekend’s football game or something not related to work.”

For this reason, some CIOs are considering IM products that provide control over who can access IM via the corporate network.

“We’re worried about the confidentiality of the information being exchanged,” says Robert Perkins, CTO at a small mergers and acquisitions firm. “We consider all of our communications highly sensitive.”

That’s why Perkins searched for an IM product that encrypts communications. Currently, there are a handful of vendors, including Bantu, Ikimbo, Jabber, and JabCast, that provide encrypted IM software products.

Some tech managers also want expanded messaging features, along with the security of a corporately deployed IM system. One product that can fulfill those needs is Lotus Sametime, an application that allows internal IM, group chat discussions, and integration of AOL IM—a feature that could prove useful in outside customer environments. For example, internal users could use Sametime while outside clients and customers use AOL IM, with no compromise to the enterprise’s internal security and control.

IM choice is not just about messaging
It’s pretty clear at this point that the real challenge in choosing and deploying an IM application is not just choosing a messaging venue. Enterprises must find a solution that provides employees with a robust communications tool while not compromising the internal infrastructure, and one that can also work with other applications within the enterprise.

In the third and final part of this series, we’ll examine the inherent integration issues that come into play when bringing IM into the corporate landscape.