Instant Messaging (IM) is a form of electronic communication between two or more users who are simultaneously connected to the Internet, allowing for fast-paced chat sessions that mimic actual voice communications. In order for instant messaging to work, both parties must be online at the same time, must be willing to accept messages, and must be connected to IM services that ensure the exchange of presence and message data. As IM's popularity grows, interoperability between IM services becomes more important to enable users to communicate with the people they most want to reach.
Instant messaging faces a major hurdle in it's growth: security. The fact remains, however, that a majority of IM clients currently used are not designed for business use and, moreoever, do not provide strong authentication. Authentication is critical to verifying the sender of the message. It has been suggested that digital certificates be implemented in future IM programs to overcome this.
The reason IM faces security issues is that, like the major e-mail protocols, commercial IM protocols emphasize speed and convenience over built-in security. Future IM programs, like Windows Messenger, promise stronger encryption. Encryption is essential so that passwords, as well as messages, are not intercepted and made understandable to snoops.
Aside from the authenticity and integrity of messages being sent, IM faces the security risks of human error. The security of major chat clients is one that relies on each end-user to make independent security decisions rather than relying on a central enforceable security policy. Users can easily make the mistake of conversing confedential company information over insecure channels without realizing it. What results is a broader base of exposure to risk across a network with less central control, making security policies that make chat client usage difficult to implement and enforce. In house messaging programs like Lotus Sametime rely on a server that is within the network. This permits traditional security methods, like the firewall, to fulfill the role of filtering traffic. Until IM technology catches up, the best security is to have educated users.