Vendors of IM security technology say you really need their products.

Akonix Systems Inc., a vendor of instant messaging (IM) security and compliance technology, emailed me some new data over the weekend. Apparently the company’s researchers have seen a 78% increase in malicious code attacks over IM networks this year. So far, Akonix’s IM Security Center has detected 226 IM malware threats in 2007, including the IM worms Exploit-YIMCAM, Hupigon-SJ, InsideChatSpy, SpyPal, StealthChatMon, Svich and YahooSpyMon.

About a month ago, Akonix competitor FaceTime Communications released data that showed a quarterly decrease in IM-based attacks. It reported that in the first quarter of 2007 it detected 74 attacks via mainstream IM networks (AOL, Yahoo and MSN). The number of incidents dropped to 64 in the second quarter. However, overall malware attacks over real-time communications channels (which includes peer-to-peer file sharing and Web-based greynets in addition to IM) increased by 5% from quarter to quarter. FaceTime, as well as Akonix, provides technology that protects against malware attacks via all these communications channels.

Both of these vendors have uncovered data that seems to indicate that you should buy their products. While that should be no surprise, the rise in overall attacks is worth noting, especially since I can pretty much guarantee someone in your company is using these consumer communications applications.

BREAKING NEWS: Businesses use IM! 

I love it when old media stalwarts like The Wall Street Journal and The New York Times write these big technology trend stories on a subject that my colleagues and I have been reporting on for more than a year. Seriously, do any of you think it’s news that instant messaging has “invaded the office,” as the WSJ headline so boldly announced? 

This story illustrates in great detail how employees use IM in the workplace, but it doesn’t touch on any of the risks associated with IM use. There’s one brief mention that employers fear “security breaches,” but there’s no discussion of IM-based malware, content monitoring or message retention policies.

In a story about the grass-roots adoption of IM in businesses, the WSJ should have been explaining to its readers the risks they face when they don’t have comprehensive policies and management technologies for IM. As mentioned at ITBusinessEdge.com, the Burton Group has found that only 10% of organizations have formal IM policies, and only 5% have security technology in place.  

Now if large enterprises are so lax about managing IM risk, what are SMBs up to? You guys have less money to play with. Can you afford to take control of IM? You should at least be looking at your options. 

If your employees are using consumer IM clients from AOL, Yahoo, Google, etc., you should do some sort of risk assessment. Analysts have told me that if you’re managing and securing your email, you should be doing the same for your IM. The risks of leaving IM unprotected are too great. You’re open to malware attacks and data breaches. And if you’re in a litigious industry, you’re always under threat of electronic discovery order. You need to retain your IMs if you’re retaining email.

There are some cheap appliances and on-demand services available for managing IM. Look into them. Pretty soon, vendors will be offering products that manage and secure email and IM. Watch for them. You’ll save money and time by managing both on one platform. 

The computer virus celebrates its 25th birthday this year! It seems like only yesterday it was in diapers, but now it’s all grown up and still wreaking havoc. From the Machinist:

“The computer virus conception story begins in 1981, when a tech-savvy 9th grader named Richard Skrenta got an Apple II for Christmas. Over the following few months he began cooking up ways to trick his friends using the machine. “I had been playing jokes on schoolmates by altering copies of pirated games to self-destruct after a number of plays,” Skrenta once told the tech news site SecurityFocus. “I’d give out a new game, they’d get hooked, but then the game would stop working with a snickering comment from me on the screen.”

When his friends realized his tricky ways, they banned Skrenta from their machines. And that’s when he had an epiphany: He could put his code on the school’s computer, and rig it to copy itself onto floppy disks that students used on the system. Thus was born Elk Cloner, the world’s first computer virus.”

My, how time flies. Read the rest of the Machinist’s musings on the computer virus hitting the quarter-century mark here.

Google on Tuesday announced the release of Google Custom Search Business Edition, a hosted search appliance that allows companies to utilize Google’s search technology on their Web sites sans advertisements for as little as $100 a month. Custom Search is aimed at businesses that want to improve their sites’ search functionality but don’t have a lot of extra cash lying around to do so. In other words, SMBs. 

According to the Google press release, companies can tailor Custom Search in a number of ways, including adding corporate logos and creating “sectional groupings” for search results that will help match a site’s “look and feel.” 

The Mountain View, Calif.-based search giant is actually giving away Google Custom Search to customers that don’t mind display ads accompanying search results. But either way, with either the free edition or the $100 offering, Custom Search looks like a quick and simple way for an SMB to improve its Web operations and, ultimately, its bottom line: The easier it is for customers to find the products they’re looking for, the more likely they’ll follow through on an online purchase. 

Speaking to eWeek, Nucleus Research analyst Rebecca Wettemann said Google Custom Search “enables the smaller site players who couldn’t afford an investment in a broader site management searching tool to really make their sites a lot more usable and customer-friendly.” 

With this latest offering, however, perhaps Google has wider ambitions than just helping SMBs improve their Web site search capabilities. Despite claims to the contrary, it is widely believed that Google hopes to one day rival Microsoft in the enterprise apps market. And if Google can lure SMBs in with Custom Search, making them Google Apps customers might be that much easier.

Everyone’s happy with the iPhone, for now.  

What a surprise! A new survey shows that just a week after iPhones hit stores, their buyers still love them. The honeymoon is still in full swing. 

As reported in USA Today, 90% of 200 iPhone users said they were extremely or very satisfied with their devices. Eighty-five percent said they would recommend the iPhone to others.  

That survey was conducted by Interpret LLC, a “next-generation media and market research firm,” about a week after Apple Inc. released the iPhone on June 29. Chances are iPhone users will have plenty of time to find something to complain about.
Battery power comes to mind. And anyone who bought an early-generation iPod (hello me) recalls how much they loved the new MP3 player until the thing crashed. Heck, my iPod died four times (replaced with a new one every time by Apple). So we’ll se what the future holds for iPhone and its happy owners. 

After all, some folks over at AppleHound found 68 bugs with the iPhone as of July 14. Sixty-eight sounds like a high number, but as the AppleHound poster noted, finding the bugs was difficult because the OS X GUI and applications are “extremely solid.” I think just about everyone is expecting to find bugs in a first-generation mobile device. But some flaws can be pretty costly, as SPI Labs found out. The iPhone’s Safari Web browser allows users to dial any number on a Web page by tapping the number. The research lab at SPI Dynamics found that this feature can be hacked so that attackers can redirect phone calls, track calls and create plenty of other problems. 

The Interpret survey of happy iPhone owners also offered a snapshot of what the iPhone launch means for Apple and AT&T, the mobile carrier with exclusive rights to offer the iPhone to its customers.  

Thirty percent of iPhone buyers said the device was their first Apple product, meaning that the company is definitely tapping new customers. And more than 50% of respondents said they were using a mobile service other than AT&T before buying the iPhone. This means that about half of iPhone customers left their old mobile carriers and signed up with AT&T so they could spend up to $600 on a new phone. And 35% of those who left their old carriers paid an average of $167 to break their old contract. Perhaps some of those Sprint customers who were fired by their mobile carrier for complaining too much were actually happy to be dumped.  

But what about the business uses of iPhone. Will it find a home in your company? Will your road warriors burn their BlackBerrys and demand iPhones? Most of the CIOs I talked to in January were cool to the idea. I’m starting to get pitches for stories from ISVs that have developed business applications for the iPhone. I’ll be talking to vendors over the next few weeks to see what they have in store.  

For what it’s worth, the U.S. came out on top in a recent ranking of the 64 “most positive environments for IT firms in the world” by the Economist Intelligence Unit (EIU), scoring a 77.4 on a 100-point scale.  

Asia was well-represented by Japan and South Korea, which finished second with 72.7 points and third with 67.2 points, respectively. Iran brought up the rear with just 15.7 points. 

The EIU based its findings on six key indexes:  

1. A stable, competitive business environment.

2. An advanced IT and communications infrastructure.

3. A forward-thinking IT training and education environment.

4. Protection of intellectual property rights.

5. Strong support for innovation and R&D.

6. A supportive government.

The U.S. placed in the top five in all six of the categories. “Uniquely among countries, [the U.S .] IT environment combines scale and quality in the key areas that promote competitiveness, including education, infrastructure and encouragement of innovation, as well as solid legal protection,” the EIU concluded.   

The news wasn’t all bad for the countries that finished in the lower half of the rankings. The report predicted that:

“ … a number of emerging economies will compete more effectively with China [ranked 49] and India [ranked 46] on the availability of relatively low-cost IT skills. These will probably include Malaysia, Brazil and Vietnam, as well as east European countries such as Russia, Hungary and Poland.” 

Who knows, maybe your next major IT purchase or offshore agreement will be with a vendor from the former Eastern Block. How do you say “advanced routing protocol” in Hungarian, anyway?

The IT industry is well-known for its myriad acronyms and euphemisms, all virtually unintelligible to nontechies. CRM. SaaS. TCP/IP. The list goes on and on. And when a new word catches on, it seems to pop up all over.

One of the latest IT buzzwords (and a frequent topic of this blog), of course, is Web 2.0. It is the accepted name of the developing collaborative technology movement, as I’m sure you know. 

Now, I have no problem with the term Web 2.0 itself. I even rather like the term Enterprise 2.0, coined by Harvard Business School’s Andrew McAfee to describe the use of Web 2.0 tools and techniques in the enterprise. 

But I have to draw the line somewhere. Scanning the wires today, I came across a press release announcing the first annual Sales 2.0 Conference in San Francisco later this year. What is Sales 2.0, you ask? 

“Sales 2.0 simply means integrating the power of Web 2.0 technologies with proven sales techniques to increase sales velocity and volume,” we’re told. At the Sales 2.0 Conference, attendees will learn “how combining next-generation Web technologies such as Web conferencing, social networking, prospect databases and Web site-tracking services with innovative sales processes can dramatically accelerate the sales cycle.” 

OK, I get it. Salesmen just realized that blogs and wikis can help them sell more stuff, especially to the so-called “MySpace Generation.” Good for them. It’s the American Way after all. 

But you can’t just slap a 2.0 at the end of every occupation and discipline out there and think you’ve invented a new term! Sales 2.0? What’s next, Farming 2.0? Candy-Making 2.0? How about Web 2.0 2.0, applying Web 2.0 techniques to the discussion and promotion of Web 2.0? 

Please, let’s stop the madness now before it gets totally out of hand. No more fill-in-the-blank 2.0. If you can’t come up with a more creative, graphic term to describe whatever technological movement it is you’re trying to name, it probably isn’t a movement worth naming. Or even a movement at all. 

Who’s with me?

First, the good news: Data lost or stolen thanks to a security breach is rarely used to commit identity theft, according to a recent Government Accountability Office (GAO) report. Of the 24 largest security breaches examined by the GAO between 2000 and 2005, only three incidents resulted in known identity theft. 

Second, the not-so-good news: The report qualifies its findings with the acknowledgement that, well, there really isn’t enough “available data” to make such a claim definitive.

As stated in the report: 

“The extent to which data breaches result in identity theft is not well known, in large part because it can be difficult to determine the source of the data used to commit identity theft…” 

and: 

“Determining the link between data breaches and identity theft is challenging, primarily because identity theft victims often do not know how their personal information was obtained, and it may be up to a year or more before stolen data are used to commit a crime.”

You’ve got to love the government. In the same document in which it claims identity theft via lost or stolen data isn’t nearly as rampant a problem as those of us in the media would have you believe, it backtracks and admits there’s really no basis for that claim. 

Just what, then, is the point of this study? Perhaps, despite its wishy-washy “finding” (and I use that term ‘finding’ loosely), the government has some recommendations for SMBs and others regarding protecting sensitive data? Back to the report:

“This report contains no recommendations.”

So much for that. 

Long story short: Identity theft may or may not be a problem. Glad to see our hard-earned tax dollars are being put to good use. 

In any event, If I were you I wouldn’t abandon my data security plans just yet. That’s because businesses that collect and store sensitive data from their customers and/or employees should be obligated to protect that information, whether or not its loss regularly results in identity theft.  

My findings: A company that doesn’t take comprehensive steps to guard personal data doesn’t have the right to ask for it in the first place.

Jeff, I think you are partly right when you say that SMBs need IT products that are built from the ground up for SMBs, not enterprise products that have been scaled down (or dumbed down, some cynics would say). Hey, I touched on this very subject last month while writing about the SMB storage technology.

But I wouldn’t say that big iron vendors find the SMB market to be a mystery. In conversations with vendors and analysts (and end users), I’ve sensed that many companies are aware that their so-called SMB strategies are aimed more at the midmarket than anything else. This seems to be the first stage of the SMB market push for these IT vendors, and these companies often have the complex needs and resources to make use of enterprise products that have been retooled and priced down for them.

Small companies are diverse in their needs and seemingly infinite in their number. Knowing this, vendors like IBM, Oracle, etc., are probably aware that any legitimate small business product they put out will please some, but not all. I think conquering the small business market will take baby steps. It will take time for any vendor to get there. In the meantime, vendors that have always sold to smaller businesses can rest assured that the big players are still finding their way in this market.