According to a 2006 report by Osterman Research, 72% of all organizations will use instant messaging IM in 2007. That number will grow to 93% of all organizations by 2009, closely matching the number of companies that use e-mail (99%).

While IM can be a great productivity tool, it also can be a security disaster waiting to happen. Survey statistics from the Osterman Research report “Presence, IM and Real Time Communication Trends, 2007-2010” show that 35% of organizations have suffered from IM vulnerability and 2% have fired IM abusers. The vast majority of survey respondents estimate that an IM or data breach would cost at least $10,000, and one-tenth put the damage at $500,000 or more.

Perhaps part of the problem is that many businesses and professional organizations use or communicate with people using consumer-grade IM products instead of tools that have been specifically developed for business use. Osterman estimates that in 2006, only 54% or businesses used an enterprise IM product, while 87% used a consumer-oriented product. The top IM clients – in business as well as in the home – are AOL Instant Messenger, MSN Messenger, and Yahoo! Messenger.

Though serious IM threats abound, there’s no reason to block IM from your organization. A well-executed program of IM security and hygiene should help make instant messaging the productivity enhancer you expect it to be without the worries of data breaches and other problems.

There are four management areas that enterprise IM should address: authorization, encryption, archival and authentication. Today I’ll cover authentication because there’s a new tool just out on the market that provides authentication of IM users via digital certificates.

Presensoft IM Caller ID from Presensoft addresses the problem of not knowing exactly who is on the other end of your IM conversation. This solution gives you true peer-to-peer authentication, even if you are using a public or consumer IM product, and eliminates identity spoofing. This is critically important for business deals that are transacted via IM – stock trades, energy trades, etc. (Encryption also can be enabled with this technology if Presensoft IM Policy Manager is used in conjunction, giving a secure and compliant IM solution to the previously ignored B2C marketplace.)

Linda Musthaler is a principal analyst with Essential Solutions Corporation.