Recently in Enterprise IM Category

• you can ever find it again, even though you know it's in that pile somewhere
• it will be complete, maybe the dog ate half of it
• that it will come back looking the same, maybe you spilled coffee on it or you printed out several pages and they've been mixed up so the order is wrong
  
• that someone else can look through the pile and find the piece of paper
• different things of difference genres or sizes will fit or stay in the pile properly

The drive to extend collaboration outside of our own network boundaries has never been so strong.  Whether our drivers are to save cost, a geographically challenged work force, a diverse supply chain network or reduce time to market - we're all looking to collaborate and communicate with individuals who don't necessarily adhere to the same security, management and compliance controls that you have on your network.

And we're using a variety of tools, I hesitate to admit to how many different applications I use to communicate, not just internally here at FaceTime, but with suppliers around the world, our channel and strategic partners, prospects and customers.  It's probably a good exercise actually to think about that right now.

My real time communications tools:

• Microsoft OCS
• Microsoft Live Meeting
• IBM Lotus Sametime
• Lotus Sametime Unyte
• Cisco Webex
• Skype
• Windows Live (MSN)
• AOL
• Yahoo
• GoogleTalk

Wow.  There's a wonder I ever get any work done with that little lot eh?

But I'm not unique.  It's representative of the world in which we work now - that enterprise deployed Unified Communications platforms, like OCS and Sametime are co-existing alongside those Web 2.0 tools that I installed myself - because - well because that's how I communicate with different folks around the world.

The need to secure and manage the whole picture has never been stronger either. The same risks apply in our 2.0 world as always did in a 1.0 world - so whether your bugbear is inbound threats, outbound data leakage and managing your errant employees - all these areas require consideration.  I guess the only problem is that in a 2.0 real time world - the issue becomes apparent, well, in real time.

Compliance too affects real time communications.  Regulatory bodies, from the SEC, FINRA, HIPAA to the Financial Services Authority have all issued guidelines and rules on use and retention of real time communications - they are, after all, simple electronic communications, and subject to the same regulation - AND LEGISLATION - that your email is.

If you want to take a look at just how much growth there has been in the usage of real time communications tools and how prepared the average organization is to deal with security, management and compliance issues- take a look at the results of FaceTime's fifth annual survey - and compare it to what's going on in your organization.

Today, we launched Vantage, the successor to IMAuditor. 

IMAuditor - farewell old friend, but our world has moved well beyond pure IM and just auditing - Vantage heralds the new standard for security, management and compliance for real time and Unified Communications - giving you a vantage point, a view, visibility and control over all facets of real time and unified communications and the individual tools and capabilities in those platforms. Vantage also gives you a significant advantage - from managing OCS CAC, to controlling federation, non registered employees, logging Sametime announcements - and across the widest range of UC platforms and public IM networks which now includes Skype.

Why not take a look for yourself? - and bring your security, management and compliance for unified communications up to the new standard.

Sarah Carter, who can also be reached on old fashioned email:  scarter@facetime.com

Today's guest blogger is Eric Young.  Eric is FaceTime's Sr, Director of Field Services, and works with FaceTime customers to implement leading edge security and compliance solutions for Unified Communications and Web 2.0.  Eric's worldwide role gives him an insight into the global requirements of organizations implementing real time communications technologies to enable their businesses and works closely with our product team to ensure that FaceTime solutions remain at the forefront of the industry.

Yesterday's solution doesn't address today's issues.

I was onsite with a customer recently completing our fifth competitive replacement within the Fortune 400 in the past 6 months.  As the customer was detailing all of the requirements the previous solution did not satisfy, it made me wonder, how are other customers of these competitors feeling they are operating in a compliant fashion? 

If you, as a compliance officer or legal counsel, cannot make sense of a group chat conversation, cannot actually view the content of a blocked message, or can't see what folks are trying to post to a social networking site; how can you possibly defend your organization from SEC fines or from a lawsuit in a court of law? 

Security technologies evolve quickly, especially in the area of real-time communications - but the adoption of tools like Unified Communications, Instant Messaging and social media has grown exponentially - in many cases even without the knowledge of either IT or compliance.

Regulation and compliance changes too, with the times.  Most recently I've seen FINRA starting to address the issue of social media and issuing guidelines to member organizations and individuals on how usage should be treated. 

We all understand there is a big difference between "logging" and "being compliant" but knowing there are still some banks and other highly regulated companies using these legacy solutions that were designed for technology of a few years back, it begs the questions:  What are the minimum requirements for security and compliance for Unified Communications, Instant Messaging and Social Media?

And, what are you doing about dealing with emerging technology?

[Halcyon:  Oxford English Dictionary: Definition  adj & n calm peaceful]

Sarah Carter definition:  sepia tinted memories of days where you only remember the good bits...often a rose tinted remembrance...

For the fourth consecutive year, FaceTime has commissioned a survey of IT managers and end users to track the use of Internet-based applications - things like IM, Skype, P2P, social networking and other Web 2.0 apps. We also surveyed employee attitudes toward use of those applications and their impact on IT and the organization in terms of security, data leakage and compliance.

As in prior years, the research was conducted among a large sample of corporate IT managers and end users across all size organizations in North America, UK and Europe. The research study includes compiled data from more than 500 IT managers and end users. The results are quite revealing.

• Use of consumer oriented Internet applications has reached 97% of organizations, up from 85% in 2007 and, on average, companies report 9.3 applications in use by its employees on the enterprise network
• 73% of IT managers report at least one security incident as a result of Internet application usage; Viruses, Trojans and worms (59%) are most common, followed by spyware (57%) for a close second
• 37% of companies report an instance of non-compliance; 27% report accidental data leakage
• IT managers report an average of 34 incidents per month, and the largest companies project $125K monthly to remediate Internet usage related security, compliance and data leakage issues
• 51% of end users access social media sites at least once per day and  79% of employees use social media (Facebook, LinkedIn, You Tube) at work for business reasons
• Sixty-eight percent of IT managers have archiving and retrieval methods for corporate email. About half that many--31 percent--store IM communications. One in four has copies of audio conferences (25%), while slightly fewer (20%) archive corporate Web conferences
• If requested by corporate attorneys to reproduce IM communications--in the event of a lawsuit, for example--51 percent of IT managers could not do it. Thirty-eight percent because they have no such capabilities and 13 percent could do it but not in any practical time frame
• Unified Communications suites exist at about 29 percent of IT respondent organizations. Ten percent have deployed pilots to a limited number of users, while 19 percent have deployed UC for the majority of their endusers

We'll be delving into various aspects of this exhaustive survey in the coming weeks, to break down just what this data is telling us about what's happening on corporate networks and what it means to both IT managers and end users.

... or even what it is?

Back in the old days, TV networks would run public service spots before the nightly news saying: "It's 10 pm, do you know where your children are?" The fact that the spots ran for twenty years in cities like New York points out that it is easy to lose track of stuff, even important stuff.  Which brings me to ESI--Electronically Stored Information.  Not that it is as important as your kids, but in the discovery phase of a big lawsuit, it might seem that way.  And, like kids, ESI can be surprisingly easy to lose track of.

ESI is the catch-all term for the digitally stored files of litigants in a federal case.  During the pre-trial discovery phase of a lawsuit, all ESI is subject to discovery, meaning it all has to be checked for relevant information that the other side has requested to help it prove its case.  Only the relevant files need to be actually given to the opposing party, but all ESI has to be checked to make sure all the relevant files have been located and handed over.  It sounds simple enough, but it is hard if you are not prepared in advance and a lot can go wrong. 

When the e-discovery rules changed in late 2006, there was a lot of commotion about it, and a lot was written about the need for companies to have their ESI organized and well maintained in order to be able to respond to the tight discovery timelines set by the new rules. I don't think that message has really sunk in though.  And now that the rules are no longer "new," and the commotion has died down, it is easy for companies to lose track of whether they have really prepared to meet the current e-discovery challenges.  Yes, the e-discovery market is growing nicely, but more spending is not assurance that the companies really understand all the risks or even the problems they are trying to solve. 

As the resident lawyer at FaceTime, I am occasionally asked to talk about e-discovery issues with customers, or on a panel. Sometimes I can tell that a person I'm speaking with just doesn't want to have to deal with instant messaging in e-discovery, even when IM is used for business purposes in their company. To them, the most obvious way not to deal with it is to make it go away, or more precisely, to take the position that IM logs are not business records and therefore will not be saved. 

No saved IM records, no IM ESI, problem solved. 

There are undoubtedly circumstances where this is a sound policy, but what I've seen is that such a position is most often taken without enough attention to the reality of how easily IM logs are stored in hard-to-find places, and how difficult it is to effectively enforce a "no IM records" policy when employees use IM for business purposes and may need to refer to those logs the way they refer back to e-mail.  The company falls into the trap of mistaking its ESI policy, what the company wants its ESI to be, with the reality of what its ESI actually is -- i.e., what is actually saved, either inadvertently or surreptitiously against policy. 

The resulting danger is that the ESI is there, but the company doesn't know it exists until too late. My recommendation is usually that if IM is used for business, then it will generate business records that should be maintained and be treated on par with e-mail records for e-discovery purposes.

If the IM-savvy, and sometimes IM-dependent, companies that FaceTime deals with are still coming to terms with IM logs in regard to e-discovery, then I have to believe that companies in general have not moved much beyond e-mail archiving, if they have a proactive e-discovery solution at all.  To me, that's like being happy that one of your kids is watching TV with you at 10 pm. and forgetting about the one you haven't seen since yesterday.

I'm admittedly not an "early adopter," and I'm typically not the latest to jump on a new technology trend (and yes I still have problems organising my DVD recorder), but heading up FaceTime's EMEA marketing group has meant I've needed to get with the program. Along the way, I've made my share of social networking faux pas, so I came with a plan to see how many more luddites there were trying to make their way in the social networking world... and how many had made the same mistakes as me.

So, with this in mind, we launched a (completely anonymous) survey and I sent out invitations via good ole email, and even via my Facebook and LinkedIn buddies ... oh boy.  I have to say it was interesting reading (and I almost wish it hadn't been anonymous now!).

We immediately received stories from users who showed an almost Olympian prowess at doing the wrong thing. Computer Weekly reported on some of the results of the survey.

Here's a recap: More than a third of the 77% of respondents that can access IM services at work admitted to sending an instant message to the wrong person, occasionally to the very person they were talking about and frequently to their superiors. Sending kisses, checking on the whereabouts of loved ones and derogatory comments about co-workers and superiors have all ended up in a manager's chat window. One respondent even confessed to sending a joke of an explicit sexual nature accidentally to the Financial Director.

A lack of forward thinking (I put myself at the head of the list!) when posting new and updates generally was evident in faux-pas anecdotes given during the course of the survey.

One respondent posted to Twitter "Woohoo! I've finished for the day" at 4pm rather than his finish time of 5:30 pm, only to receive a call from a colleague asking how he was enjoying the sunshine. Another stated that he was an eager job seeker to his current, and rather surprised, employer.

Just 5% of respondents had sent confidential information to the wrong person. However, one such error resulted in the company's telephony and internet access being used by someone else at the organisation's expense.

Nearly 16% of respondents said that they had clicked on an attachment or a link within an IM that had turned out to be malware. 42% of those said their anti-virus protection did not catch it.

Nearly three quarters of people surveyed could access social networking sites at work, but only two thirds said that their employer's policy allowed them, showing that adequate policy enforcement tools were not in place. The most popular sites by far that people used were LinkedIn and Facebook, with 33.1% of respondents saying they had the most friends on LinkedIn, compared with 32% that said real life friends topped their list. 

The bottom line is, people are engaging in communications via IM and social networking at work. Enabling IM and Web 2.0 communications can bring great benefits to companies, but IT departments need to consider the risks involved and make sure that security, policy control and compliance are introduced as standard best practice.

Perhaps the best advice for users is summed up by one of the survey respondents who said "I always check twice, to see if I've been naughty or nice."

I recently did a podcast interview with Michael Osterman of Osterman Research for Messaging News.

Here at FaceTime, we're immersed in unified communications every day. We talk to our customers about what they hope to get out of UC, what modalities (messaging, VoIP, Web Conferencing, etc.) they are deploying first, and how they are struggling with internal issues regarding architectural considerations, alignment with business processes, IT ownership and more. Sometimes I get too close to these issues, so it's nice to step back and think about how to answer questions like the ones Michael presented in a way that provides a broader market perspective.

I hope I did that in this podcast and I hope you have time to listen to it. For those of you with time constraints, here are some of the points we talked about:

• UC is entering the workplace in much the same way as the original PCs, or more recently, wireless access points. Users are downloading consumer-oriented UC-like applications like Skype, and  reaping collaboration benefits.
• Most organizations aren't deploying UC with multiple modalities all at once. They are starting with presence and  IM and extending to Web Conferencing and VoIP - putting policies in place that can be extending across future modalities once they are deployed.
• Productivity through collaboration is typically the #1 driver for deploying UC, but cost savings and employee attraction and retention are close seconds.
• More avenues are available to bring information into the organization and more options for employees to communicate outside the company. This means that security and compliance are top concerns when deploying UC.
• IT wants effective management and control of all these communications options, but the bottom line is that forward thinking IT professionals want to add value - they are motivated by enabling employees to be productive and contribute to the success of the company.
• When an organization rolls out UC they often find it exists in a heterogeneous environment that includes "rogue" consumer applications that do not go away. It's not uncommon to have 8-15 rogue applications (IM clients, file sharing tools, social networks etc.) running on the enterprise network. They may not all be bad, but they're not visible and not sanctioned.

Bottom line, management is looking for two things: strong ROI from its UC platform and a way to control the universe of consumer-oriented applications that employees bring onto the network. We see a range of company policies - lots of companies are experimenting and don't want to shut things down if it can provide a competitive advantage through better employee collaboration. Others are in an industry with stricter requirements and need to block or closely manage certain apps.

I'd love to hear how your company is dealing with unified communications, both the consumer and enterprise versions. Does the above ring true for you?

Gotta makes a good point, but I'm not convinced the onus lies with the Microsoft gateway provider.  The Microsoft gateway doesn't support XMPP... ok, so what?  You can make the case that Facebook (in which Microsoft invested $240 million) and other sites will need to add a SIP gateway to support connections from OCS.  It's not a mandate, but one or a few sites may take the plunge and make themselves easily accessible to the millions and millions of (eventual) OCS users --- the others will have to follow suit.

Or Microsoft bites the bullet and adds XMPP support to their gateway but restricts it so that can't connect with their arch-rival Google.  That's possible.  But again, will a company looking at OCS say "Gee, sorry I liked the solution but chose Sametime instead because it can connect to Twitter"?  Maybe that day will come, but not any time soon in my opinion.