More and more enterprises are embracing the benefits of instant messaging as a corporate application. But many are leaving such applications uncontrolled and vulnerable, and the potential for attack is sending shivers down the spines of network administrators.

E-mail still takes priority over instant messaging (IM) when it comes to corporate security, according to a recent poll of 100 organizations conducted by Akonix Systems, a San Diego-based provider of IM security software. The survey shows that only 11 percent have IM hygiene solutions in place, compared to 73 percent that take care of e-mail. Additionally, almost 50 percent of respondents say deploying an IM hygiene solution never crossed their minds.

Industry observers say this gap between the security applied to e-mail and that applied to IM is particularly alarming since 47 percent of respondents indicated that the people in charge of e-mail are also responsible for securing IM.

Globally, IM use is on the rise with nearly 12 billion instant messages being sent every day, according to IDC, an industry analyst firm based in Framingham, Mass. IM use isn't the only thing on the rise, however. Attacks on instant messaging are going up, as well.

Akonix tracked 62 IM-based attacks last November, and saw a 226 percent increase over the previous month, according to Don Montgomery, vice president of marketing for Akonix.

The primary reason organizations are not focused on IM security, despite the increase in attacks, is that there hasn't been a major IM virus outbreak yet, according to Osterman. While e-mail systems have been pounded by malware attacks, the viruses and worms hitting IM clients and servers haven't made as much of a splash, since the damage has been low - so far.

Many network administrators believe the protections already in place will safeguard IM, as well.

''There's a perception that a lot of investments made in firewalls and perimeter security will protect [networks] from viruses,'' Osterman says. ''They would be wrong, though, because instant messaging uses unique protocols and a firewall won't be able to scan instant messaging for content or for malicious URLs or for the file transfer for viruses.''

Osterman adds that firewalls work by shutting down ports. But public IM clients, like those from Yahoo, AOL ,and MSN, which many employees use in lieu of a corporate standard, are port-seeking. ''You can shut down one port and the public IM clients will find another,'' he explains.

http://www.enterpriseitplanet.com/security/news/article.php/3599606