Gartner Research

Instant Messaging Security: It's Not Just Idle Chatter

Published: 05 June 2007

ID: G00203298

Analyst(s): Diana Kelley


Instant messaging (IM) is becoming a critical business communication channel. As enterprises increase and formalize the usage of IM for business purposes they also have to address security concerns related to the use of IM. This includes review of IM usage via both public (e.g., AOL Instant Messenger [AIM] and Google Talk) and enterprise (e.g., IBM Lotus Sametime and Microsoft Office Live Communications Server) platforms. Organizations must keep the IM channel free from malware and, in many cases, monitor, manage, and archive IM data.

Table Of Contents



  • Instant Messaging: From Personal to Professional
  • Risks and IM Security
    • Policy Violations
    • Lost Business: Loss of Availability
    • Regulatory and Compliance Exposures
    • Malware Infection and Spam over IM (SPIM)
    • Loss of Protected Data
    • Failure to Archive Sensitive Communications
  • Mitigating the IM Risks
    • Application Control
    • Authentication
    • Access Control within IM
    • Content Control and Keyword Filtering
    • Malware and URL Filtering
    • Policy Reminders
    • Encryption
    • Reflection
    • Logging and Archiving
    • Reporting
  • IM System: Public or Enterprise?
  • Architectural Options for IM
    • Example Architecture: IM Security Gateway
    • Example Architecture: IM Security Managed Service
    • Example Architecture: Agent-Based IM Security
  • Market Impact
    • EIM Takes Hold
    • IM Security Remains an Add-On
    • Future Directions
  • Recommendations
    • Assess IM for the Enterprise: Is It Time?
    • Formalize IM Policy
    • Determine What Parts of the Policy Will Be Enforced Technically
    • Client and Inter-Communication Choices
    • Review the Architectural Options
    • Create an Archive Strategy

The Details

  • XMPP and SIP
  • The Vendors
    • Enterprise IM
    • IM Security Gateways
    • Other: Services and Agent



Burton Group References

©2021 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.