"My first position paper"
Posted by Tanner Dabel
Surprisingly IM (instant messaging) systems were created in the 70’s, but went unnoticed until the mid 90’s. It was at this time that client systems like ICQ and AOL started to resonate with the mainstream population. Many attribute this to our mass awakening of the internet and its common day usage in the mid 90’s. This quickly became the age of the internet, email, chat rooms and instant messaging systems. Communication no longer was limited to verbal or print; it had transcended the boundaries of becoming digital.
Early on IM systems were adopted primarily by teenagers as a social and recreational tool. This was a means to communicate with friends and family through ones computer rather then on the phone or in person. Usage of IM systems often occurred outside of school and the workplace. Due to this informal usage; rules, laws and polices were loosely defined and rarely needed. One needn’t be concerned with the legal, financial or regulatory issues involved with using an IM system for private and personal use.
Slowly over the last decade though, this loosely defined form of digital communication has been seeping into the corporate world. Those users whom were teenagers just ten years ago are in their 20’s and now hitting the corporate world. As the saying goes, old habits die hard. For those who want to eradicate it from their already infected business, I have one phrase for you; “Good Luck!” For those who haven’t been infected yet, I have another phrase for you; “Start planning!” Like a virus with no cure, IM systems in the workplace are spreading faster than the corporate world can coupe with them.
As with an incurable virus, businesses only have one real choice, “acceptance”. But, instead of allowing IM to be an ongoing virus, businesses can morph it into an antivirus; viewed more as a solution, rather then a problem. Basically, you get what you make. You can’t make IM go away, so make it into something positive, rather then negative. IM may be young, but it’s stubborn. Its here and it isn’t going to go away. If a company is smart, it will use IM to its advantage, using all its features working it into the companies’ schema. If a company isn’t, it’ll either a.) bury its head and ignore it or b.) attempt to eradicate and fail.
Since its always fun to discuss the bad news first, I’ll quickly cover why it’s bad for a company to ignore IM as a potential problem and why it’s bad to try to eradicate it from you company. As with most problems, the issue isn’t going to go away. Most likely, the people whom work for you are more technically savvy than you, especially the younger ones. As stated above, old habits die hard. These people have been using IM for years and it’s now embedded in their day to day life. If nothing is done, these people will (if they haven’t already) take it upon themselves to install these IM systems and use them unchecked and uncontrolled. Starting to see how ignoring this could be very bad to your company? Imagine all the confidential leaks, intellectual property issues and privacy concerns that might be occurring and you’ve chosen to ignore it. Oh and this is just the outbound threats. Now imagine all the people your people are talking to. Think a few of them might have viruses, worms, spyware or malware? I bet so, and all it takes is one person to click “accept” for one peer to peer file transfer and now your dealing with a level 3 Symantec threat dancing around on your network. Sounds fun doesn’t it. Those are considered the inbound threats. Lastly, let’s not forget all the legal and financial ground that IM systems seem to tread on. Most of this ground hasn’t been covered yet and has the potential to be a powder keg of lawsuits waiting to happen.
Now let’s discuss trying to eradicate it. How do you plan to do this? Block specific ports that IM systems use? Sorry try again, most current IM systems use port crawlers and can get around this. Tell your workers not to install or use them? Yeah, that’s like telling a kid “don’t touch this”, then walking away and hoping they listened. Block all ports from allowing IM system a way in, yeah, but its going to cost thousands in what I’d consider wasted funds. Oh and you know, as soon as its completely blocked, someone will start developing a “work-a-round” to enable it again. In addition, completely blocking it takes away all the positive uses IM systems have to over. Oh and it gives your workers just one more reason to be disgruntled with you.
Ok, enough dwelling on the negative reaction to IM systems, lets move on to the more logical and beneficial aspects to an IM system. If implement correctly, a lot of the cons to having an IM system quickly evaporate. First things first however, when deciding to implement an IM system you’ve got to round up the troops and get a plan in motion. The best course of action is to bring management, IT and legal together. Management needs to decide on what the IM policy will be. This is very important. The policy should cover how the IM system should be used, when to use it and with who and why it should be used. It should also cover who controls it, who monitors it, who installs and upgrades it. In addition, it should also be mentioned that the IM system is an extension of the company and all incoming and outgoing IMs are subject to being logged and on file for future record keeping, investigations and potential audits. Oh and lastly, the policy needs to cover enforcement and punishment if IM is abused (and it might be good to define what abusing it would entail). Basically, the policy needs to clearly explain all the aspects that could be considered when using IM in the workplace. As this is being done, the IT department should look into what clients are available, and need to start coming up with an implementation, monitoring and upgrading plans for the IM system. IT needs to understand how the system will be integrated into the company and its business function. Lastly, legal needs to be brought into the conversation so they can clearly explain to the company where IM might be abused and how it could impact the company when and if it is abused.
IM systems have plenty of reason as to why they shouldn’t be used. But most of those reasons are only there if the IM systems are not correctly implemented and have no policy or are not subject to any guidelines. If time is taken to correctly implement an IM system and a well thought out policy is developed, many great things can be done with IM. The key to running an IM system within your company successfully is to understand everything there is to know about that IM system and to communicate this information to your workers as well. Knowledge and awareness will go a long ways in turning this potential problem into a great solution.
So, let’s go back to that initial question: Is there room for IM in the corporate world? Simply put; I don’t think we have a choice. IM systems are working their way into businesses left and right. Weather we want them or not, they’re going to seep in. Now that they are here, let’s work at turning it into a positive situation, rather then allowing it to be a negative one.
No comments:
Post a Comment