City banks fail security test

A large number of financial institutions in the City are failing to tighten their security policies to rule out the threat from instant messaging and compliance failure.

More than half (54 per cent) of the execs from City businesses surveyed at a recent Microsoft and FaceTime enterprise IM event said their organisations are using IM and yet almost half of those (46 per cent) said they could not vouch for who was using it, or what they were using it for.

IM provides one of the most direct routes onto the desktop and evades many defences, such as the corporate firewall. It currently provides one the biggest security headaches for system administrators and is one of the greatest 'unknown quantities' in terms of network security. Users could be introducing spyware, viruses or other illegal content, such as copyrighted material, onto their work PCs and onto the network without the IT department and bosses being aware of it.

Many companies using IM are also still failing to heed warnings about the use of consumer applications that offer insubstantial audit trails, archiving and security measures - which are soon to be a requirement of compliance laws such as Sarbanes-Oxley.

Speaking to silicon.com earlier this year about the issue of compliance, Kailash Ambwani, CEO of secure IM provider FaceTime, said: "IM is mission critical to these guys, but they don't normally have in place the necessary security, accountability, logging or archiving to make those IM sessions compliant."

Of those organisations surveyed that use IM, 63 per cent said they use consumer applications from the likes of AOL, MSN and Yahoo!