Controlling Messaging Services - Delivery and Support
This entry continues the review of management controls for messaging security. We're using COBIT as a best practice guide, and in the case of delivery and support, many of the control objectives that apply to overall IT governance are right on the mark for controlling messaging services.
Defining and managing service levels seems like an obvious step to introducing any new service but it's easy to overlook sometimes. Take for example the way instant messaging works its way into organizations. Staff start using free IM services for obvious reasons, groups of users grow and at some point it gets on the IT radar. Now in the best of all possible worlds, it gets on the radar because management sees IM as a productivity tool they can leverage. Sure that does happen, but so can another scenario.
IM has compliance implications for some organziations. Uncontrolled, unsecure IM servcies can introduce malware, provide unmonitored means to leak information, and lead to all kinds of headaches when the records retention folks come around looking for copies of IM conversations.
Grass roots adoption of technology is great. The trick is watching for that critical mass when that new technology has to be controlled. When that happens don't forget to think about service level agreements, along with all the other issues you'll have to address.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
