The article is excellent but I think you forgot to mention one important aspect of the security over IM besides encryption and secure archiving and that is the need of user authentication. If a user is encrypted on IM to a malious user at the other end, he/she is more likely to send sensitive information over IM under the false impression that the data is protected and it is harmless to do so. I therefore feel that knowing who is on the other side of the channel beforehand i.e. authentication is more important than plain encryption.
I have heard of a new technology called IM Caller ID provided by Presensoft which claims to achieve 100% user authentication along with data encryption over IM using digital certificates. If this is true then I believe IM usage could be made safe not only for B2B but B2C communication as well.
I have heard of a new technology called IM Caller ID provided by Presensoft which claims to achieve 100% user authentication along with data encryption over IM using digital certificates. If this is true then I believe IM usage could be made safe not only for B2B but B2C communication as well.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1657/1007#1007