In 2007, both IBM and Microsoft introduced new products, enhancements and integrations that will have a significant and lasting effect on communications in and across

Now imagine that the CFO, legal department, and compliance officers ask the IT department to (1) monitor inbound and outbound message content to prevent data leakage, (2) monitor for inappropriate use, (3) archive electronic messages that are business records, (4) scan messages and files for viruses and phishing attempts, (5) ensure only authorized access to messaging systems, and (6) report on all of this activity both regularly and ad hoc (and oh, by the way, if you’re in securities, energy, or organizations. Named “unified communications,” or “UC”, these technologies typically include previously separate applications like email, instant messaging, online conferencing, collaborative portals, and even such familiar products as fax and telephone. The “unification” is made possible by the ubiquity of Internet Protocol (IP) communications, the Internet itself, and the emerging concept of presence-enabled applications. The promise held out by these companies, along with other entrants such as Cisco, Avaya, and Siemens, is that UC will allow people to collaborate more efficiently over great distances through the advantages of real-time communications (e.g. instant messaging, chat, online conferencing) and presence (i.e. the ability to see a potential recipient’s availability to receive a message or phone call through their “online now”, “busy”, or “offline” indicators) once they are integrated with more familiar communications modes like telephone, fax, and email. Productivity, creativity, and innovation are projected to soar by the UC providers once co-workers and business associates become accustomed to these powerful new capabilities.

Of course, no great technological action can take place without an equal and opposite reaction. UC is no different, as it introduces new and greater risks and liabilities into the organizations hoping to harness its productivity-improving power. The need for security, logging/archiving, and monitoring usage of communications applications is not a new one. Even before unified communications emerged to take center stage in the trade press, companies began to face the inevitable adoption of more modes of communication, many of which were consumer applications like instant messaging, blogs, and wikis. Companies using IM, email, and unified communications are grappling with how to make use of these communications media securely and compliantly while minimizing effort and cost of managing policy across all applications.

Obviously, each new communications application can be implemented, administered, secured, and managed on its own. But why incur the added costs of trying to set and enforce security and compliance policies in two, three, four, or even five separate systems? Small and medium businesses are realizing that unified communications and the Internet will allow them to compete on equal footing with the big guys. But how many SMBs can afford to have five different system administrators just to manage and report on the use of email, IM, conferencing, VoIP, and collaborative apps? Five different backups to do every night? Five different – and unintegrated – reports to run? Five different search-and-restores to run for an audit of electronic message retention? The cost becomes prohibitive.

This is why the concept of Unified Policy Management holds great promise.

Business leaders and CIO’s have figured out that better communications and collaboration provides competitive advantages, so the forward-thinking organizations are demanding their IT departments must implement (1) email, (2) enterprise instant messaging, (3) online conferencing, (4) server-based faxing, (5) presence-enabled VoIP, (6) collaborative apps, (7) mobile messaging, and (8) secure file transfers. This is a pretty solid to-do list for any CIO commodities trading, add (7) enforce Chinese Walls between prohibited roles, e.g. traders can’t communicate with research analysts). All of these are reasonable expectations in today’s litigious world.

The problem, of course, is that CIOs now have the unenviable task of managing six different “policy actions” across eight different modes of communication. The obvious way to accomplish this is to simply have an email administrator, an IM administrator, a conferencing administrator, etc., and hope that policies can be consistently set and enforced across all of the platforms. The problem with this approach is that in some industries, policy enforcement must be consistent by content type (regardless of how that content is transmitted or stored) and by role type (regardless of which communications media those roles are utilizing). The law compels us to set and enforce policy absolutely consistently across the multiple communications media, and companies may be expected to prove that they do so.

It also doesn’t take an Ivy League MBA to see that juggling 48 different policy/application combinations is cumbersome and costly. Organizations have to figure out how to archive all of these communications streams and keep one corporate directory of record, while making sure that all access, usage, and policies are directory-integrated. Policy settings need to be duplicated on each of the messaging platforms, and administration, operations, and management tasks performed on all of the different systems.

The concept of Unified Policy Management needs to be advocated. The “unification” takes place in two different ways. First, policy is unified across multiple communications media. Set and enforce directory-based policy from a single place, apply to relevant communications apps, and measure and enforce from there. Second, the management of multiple types of policy is also unified. Security (e.g. scan all inbound instant messages from unknown senders for poison URL’s), compliance (e.g. archive all electronic communications within the company by the finance department, but do not archive any communications entering the company from unknown senders), appropriate use (monitor all employee-to-employee communications for harassing or threatening language), and entitlement policies (who is allowed to use what communications apps) may all be set from a central place.

When IT has the capability to set and enforce policy from one central place, two significant values are realized:

1. Cost of compliance is reduced. TCO for managing policy is lowered as administration, operations, and system management tasks are consolidated to one platform. Unified policy management also eliminates silos of record retention, provides capability for unified search and restore of archived electronic communications, and provides comprehensive reporting and proof of non-spoliation for electronic records retention.
2. Policy and compliance liabilities are reduced. When policy management is unified, consistency of policy enforcement is assured. Monitoring employee use of corporate communications applications in real time ensures that violations are flagged and action can be taken. The organization is protected consistently from security and compliance violations, inappropriate use, or attempts to send confidential information out of the company.

The concept of Unified Policy Management for corporate communications is a new one. With email well entrenched in corporations and instant messaging now in use in over 90% of companies, the time has come to address the challenge of managing policy, security, and compliance across all of the incredible new ways to collaborate that our friends at Microsoft, IBM, and others are bringing to market.

---

One Response to “The need for unified policy management”

1. Don Montgomery Says:
   

   I am the author of this post, but I was not the poster. The content should be posted as © Copyright 2007, Akonix Systems, Inc., All Rights Reserved.

   Permission is granted to Intel and the administrators of the Intel Business Exchange blog website(s) to reproduce this article for this blog or any Intel publication, provided that the material is properly attributed to:

   Don Montgomery
   Akonix Systems, Inc.
   © Copyright 2007, Akonix Systems, Inc., All Rights Reserved.

   For more information on Unified Policy for Unified Communications, visit Akonix at http://www.akonix.com, or learn more at my blog at http://unifiedpolicymanagement.blogspot.com

   Akonix is an Intel Software Partner. Akonix’s A1000 and A6000 Unified Policy Management appliances run on Intel processors.

   (signed) Don Montgomery
   Vice President of Marketing
   Akonix Systems, Inc.
   San Diego, CA
   http://www.akonix.com
   619.814.2300

   
   July 31st, 2008 at 9:15 am
   
   

Leave a Reply

Name

Mail (will not be published)

Website

Please enter the above security code