business model innovation design we're on a road to nowhere // on a quest to analyze and explore the design of business model innovations, i.e. 'hideous and hidden things' like organizational structures and capabilities, corporate strategies and all things related // on a yellow brick road with a girl, a lion and a straw-man wasting our time // …

As landscape shrinks around Lotus, Microsoft and service management providers, risks and benefits of IM are still a blind spot in enterprises

Enterprise instant messaging was one of those topics we thought was a no-brainer. Not only had we seen and embraced the productivity benefits of IM for editorial and management functions in our own (mostly) virtual enterprise. We also came across a few remarkable instances of organizational use of IM. Most notable was a fleet-wide deployment by the U.S. Navy that built operational communities of interest that performed beyond the call of duty.

That was more than two years ago. Gartner Inc. analyst Lawrence Orans recently keynoted a messaging conference of 200 attendees where a show of hands indicated one-third of enterprises had a formal enterprise IM solution, another third blocked all IM, and the rest turned their head and hoped for the best.

Other surveys show similar truths, but this status quo can’t hold forever. “Younger employees have had this all throughout their college career and they enter the workforce it doesn’t fly to tell them they can’t have this,” Orans says. “If you don’t give the best candidates the tools, they’ll get them somewhere else.”

Even though public IM networks proliferate in many enterprises, IT still has large and legitimate concerns about security. On the business side, it has been hard to justify the value (or distraction) of IM, and there’s no easy way to attach ROI to such deployments.

But IM and other communication modes haven’t sat still in the interim. The functionality of phone, email IM and other channels are converging and overlapping. And presence features are now being embedded to allow collaboration to be executed in the context of documents and many kinds of applications. It’s time to take another look at IM and how it will be of value to enterprises in the future.

The Fallout
Both AOL and Yahoo laid plans for the enterprise IM market with business units that offered gateway products for security and management. But only in the last 10 days, both providers left the market. Why?

“Enterprise IM is a pretty tough game to play,” says Carl Kriger, senior product manager for Lotus instant messaging. “What ports will you allocate, how much information do you allow, what about the holes where viruses come in and intellectual property goes out? Managing all this from an IT perspective is a difficult task that raises risks.”

That’s an IT view of IM in a nutshell. With the departure of Yahoo and AOL from the enterprise IM scene, enterprise IM is now largely in the hands of more experienced makers of client/server business products — notably Lotus and Microsoft — and IM security/management service providers like FaceTime, Akonix and IMlogic. (The latter category of vendors is assuming IM gateway duties for Yahoo and AOL enterprise clients, and also service networks like Jabber.)

Voice/Data Convergence
We’ll get back to security, but let’s consider IM from the business user point of view. Probably the biggest change to come down in the last two years is the crossing of functionality within communication modes. Even simple IM products allow Voice Over Internet Protocol (VOIP) communication, (IM as a telephone) and file transfers (like email). It’s an important scenario for business to consider as collaboration strategies move forward — not unlike the way Internet protocol changed the way we did business with the fax and phone — and the ways email revolutionized file transfers.

“These events significantly changed our lives,” says Brian Holdsworth, senior product manager, Microsoft Live communication Server (LCS). “We’re moving in the same direction with VOIP. It won’t replace the phone, but we’ll have tighter integration between phone, voice, instant communication, text, video, all of that.”

“I think messaging is already displacing email and phone usage,” says Jonathan Christensen, CTO of FaceTime. “I don’t know if many IT managers would try to argue that ROI is achieved through deployment of email, but IM is going to be a firmly-rooted parallel channel with its own use cases.”

No one has completely settled on what communication should be conducted where. Logically, synchronous communications are suited to the phone and IM, where they tend to set off deeper collaborations, meetings or conference calls. Asynchronous email appears more appropriate for one to many distributions, and synchronous IM is surely cutting into tedious click-and-open email as a means of near real-time communication.

Clearly there is a place for both. “I believe people get into the asynchronous communication mode for a reason,” Christensen says. “They want an undiluted train of thought and a ‘store forward’ manner of thinking.”

Convergence occurs across devices as well as channels. IBM/Lotus employs the J2EE-based Lotus platform and Java-based SIP (session-initiated protocol), which allows for the creation of multimedia communications sessions between devices. SIP is meant to help enable voice and data convergence and so plays into the multi-channel, where different devices can use content in a call in any way desired. “There are other protocols that are very IM focused, but SIP allows you to hook into rich media and services like spam filtering and virus protection,” Kriger says.

LCS also supports a version of SIP on the Microsoft platform to add presence and other real-time capabilities, like voice and video, to asynchronous applications and collaboration tools.

Service/management providers like Akonix, FaceTime and IMlogic provide solutions that cross multiple networks. IMlogic, for example, offers IM Linkage and IM Manager, that develop and deploy applications across multiple protocols.

Presence, or “Being There”
The greatest value of enterprise IM may just be arriving in the form of real-time collaboration in context. The vehicle is “presence,” or the embedding of IM links with active user status within documents and applications. Using presence, a user perusing a document sees not only the author’s name, but online status and a link that allows instant Q&A on points of interest. In a customer application, account manager status could allow instant queries for exceptions to standard customer service.

It’s the context of use that determines the value of presence. Online status is not so interesting in email as it is in an active sales setting. (See The Power of Presence from Portals Magazine -ed) “It best for reducing the time it takes to make decisions and increase productivity, and it’s not only chat,” Holdsworth says. “Whether you want a 10-word chat, an email, a phone call or a meeting, it’s all done with presence.”

Clearly there is much value to be added by incorporating presence into high-use productivity tools. Microsoft and IBM have been quick to seize on this by including presence in their own productivity platforms. For Sametime IM (now called Lotus Instant Messaging), it’s Lotus Workplace. For Microsoft, Office integration has been a focus of Live Communication Server (LCS) 2005.

LCS acts as a “presence engine” behind Office with full integration to Office apps, servers and services. Presence can be applied in Word, Excel and Outlook files and team sites and SharePoint Services portals. LCS also has hooks to line-of-business applications that indicate whether users are online and active.

Similarly, IBM bundles its WebSphere Portal with Lotus Workplace in which the portal is a general delivery mechanism into which IM and other collaborative tools like Quickplace are inserted to spur productivity and usage.

Stumbling on Security
Business still needs to be aware of IT’s concerns over enterprise IM, and according to Gartner’s Orans, they are. “You can’t just continue to block IM, there’s too much momentum for adoption,” he says. “But you can’t look the other way because it’s too risky.”

Rogue IM exists in enterprises for now, but this is at the enterprise’s peril, according to Victor Wheatman, another Gartner analyst. “If I was a bad person in an organization and wanted to FTP outside the organization a customer list for example, it would be noticed in an official FTP but not in a public IM system.” Other risks cited by Gartner include the introduction of worms and viruses into closed networks, and false or misleading IM user names that could trick employees into revealing proprietary information.

Security issues and the effect of SEC and many other mandates for logging IM just like any other communication has been a boon to the security/management service providers like FaceTime. These providers work in concert with platforms like LCS, Lotus and others to raise the bar for security as well as accountability. Microsoft’s Holdsworth says regulations have already made people much more aware of what they are discussing over enterprise IM and even more so across public IM services (where logging could occur unilaterally).

Surely the best way to ensure secure messaging is to simply bar the door to outside users, in the closed loop client/server model LCS and Sametime are best known for. That was the case in our Navy example. “There will be situations where people want closed loop communications,” says Holdsworth. “That’s really what they deem as secure, nothing in, nothing out. It’s encrypted and logged and forevermore what you said is stored behind the walls.”

Extranet advocates and others are looking for interoperability outside the firewall though. “We need to govern that and track those conversations in a secure fashion so the intellectual property doesn’t flow freely inside and outside the firewall,” says Kriger. A SIP-based proxy allows Sametime to Sametime operation in a secure fashion.

Holdsworth agrees that modern business requirements include the need for secure communications between partners and customers also. As it is with Lotus, a feature of LCS 2005 will be a federation proxy that allows Microsoft IM networks to be connected without the use of a VPN.

This also holds value for the gateway products offered by the security management providers. Christensen says if one considers email as a proxy, the spread of IM could reach similar density by 2006-2007. “I buy into that,” he says. “Look at the number of companies that are actively engaged in the various parts of the email ecosystem in terms of filtering, spam, content monitoring, hygiene, day zero virus detection, all those things, it’s a very robust ecosystem.” The real-time space, he believes, will present even more difficult problems, especially as networks consolidate toward standards and interconnects, and mobility increases between networks for users.

If enterprise IM is the certainty these observers predict, then Business and IT will simply go back to work they way they have in the past. The more one looks at these issues, the more they resemble traditional risks for enterprises that have been addressed in traditional ways — through policies, governance and vigilance. “Enterprises were concerned in the past about floppy disks and now are concerned about the ability of you or I to burn a CD-ROM or DVD with corporate data on it,” Wheatman says. “It’s really a recurring cycle of concerns.”