This week we announced a major update to IMAuditor. The most significant new capabilities are around data leak prevention, and it got me thinking about how our business has shifted over the past few years.
FaceTime first introduced its IMAuditor software in 2001, half a lifetime ago in Internet terms. At the time, it became the standard by which banks monitored and recorded conversations their employees (mainly traders) were having over IM to comply with SEC regulations. Over the past seven years, we’ve refined and advanced the product to stay ahead of the changing Internet and changing employee behavior. Today, employees routinely communicate over social networking sites like Facebook and LinkedIn, use Web-based file sharing sites like SlideShare and transfer information with P2P file sharing software such as LimeWire. That’s the nature of the New Internet.
This also means that setting and enforcing policies for information is more complex than ever… hence, constant updates to IMAuditor.
In parallel, it’s been interesting to observe how my conversations with customers have changed over the past four years that I’ve been CEO of FaceTime. Foremost, our customer base itself has changed: from primarily financial services companies to large enterprises in general. And, the primary concern has shifted from regulatory compliance to security and integrity of enterprise data. Most interestingly, new triggers and pain points have emerged – from AIM to Facebook, from Napster to Skype. As employees bring new Web 2.0 applications onto the enterprise network, protecting the organization against data leaks over these new channels is overtaking concern about incoming malware.
Something else is changing too: companies have started to realize that blocking these new Internet applications is not a solution. Especially in the case of IM, companies have seen the value of real-time communications and are rolling out unified communications suites like Microsoft OCS and IBM/Lotus/Sametime in an effort to realize these new productivity gains. And now, when savvy IT mangers discover that consumer-based applications like public IM or Facebook are in use on their networks, they realize that what they need is not a blocking mechanism but a good policy and some gentle reminders that help enforce it.
Don’t get me wrong – I’m not saying you should not trust your employees. But I’ve believed for some time that the biggest security threat to the organization doesn’t come from the outside, it comes from the company’s own employees. Not because people are malicious, but because people are people.
Last month, we commissioned Osterman Research to survey IT managers about their concerns for information leakage, as well as their preparedness to prevent it in their organizations. The most interesting data point for me is that more IT managers are concerned about unintentional or accidental information leaks than they are about intentional leaks or data loss from malware. Surprised?
Actiance 