Instant messaging (IM) is not yet viewed as a ‘secure medium’ for external communication - according to security chiefs.Chief security officers (CSOs) taking part in a recent Security Forum workshop all voiced concern about the security and reputational issues that can come about through giving staff unregulated access to IM.

Whilst some CSOs tolerate limited internal use of IM applications, many are concerned that IM is tough if not impossible to audit.

CSOs advise that in terms of IS policies, IM should be give the same status as a telephone call (in that it cannot be recorded and would not stand up in court as evidence) and that if deployed externally should only be considered for use with highly trusted third parties.