Take a message, Mr Thompson
Yesterday, a friend of mine sent me an email from his Flickr account, asking me to hook up with him. The surprise to me was that I even had a Flickr account - I created it back in May 2005, probably in a frenzy of pre-2.0 excitement, and hadn't touched it since; indeed, I hadn't even clicked on the "confirm" link in the registration email. But there it is: perhaps I'll get round to using it some time. I sent him a message back, and now we're connected.
But did I send him a message? I know that a communication passed between us, that I would term a "message". It left my outbox and went into his inbox, looking to all intents and purposes like an email. But was it? I have no idea what the underlying technology looks like - whether I created a text stream, an entry in a database, or whether a race of highly intelligent mice tapped the thing out in morse code.
To the point. A couple of weeks ago, Symantec was explaining at its European analyst event, that it was merging its understanding of "secure messaging" to cover both email and instant messaging. This is laudable perhaps - it is absolutely true that more and more business conversations take place via IM, and it is good that the associated risks are being appreciated.
However rapidly email and IM are growing, a cursory glance around the Web is that they are only the tip of the messaging iceberg. I have a "messaging" account with Groove; others with WebEx, with LiveMeeting; I can send a message in eBay, in Amazon and others sites used in companies large and small for procurement and sales; I can converse with colleagues, customers and business partners in Internet Relay Chat, any number of Jabber or Java-based chat facilities, or even Second Life and other immersive enviroments.
If there is a messaging market, it is fragmenting at a tremendous degree. The fact that I have such a wealth of options means I am more likely to choose the most appropriate mechanism to enable a conversation. And I haven't even mentioned blogs , wikis, discussion boards or other social spaces yet - what are these other than collaborative messaging tools?
The rationale behind integrating the security of email and messaging may be valid, but it forgets that information security is more about porosity than it is about closing stable doors - from a risk management perspective it can pointless to close one, if others are left open. Perhaps John Thompson has created a petard for Symantec by agreeing to coin the phrase "
Security 2.0" to define the company's strategy. Symantec has no tools or capabilities to secure online communications outside its quite limited remit: when asked, for example, the company said that it would not have a blogging solution in place any time soon.
This is no idle point. The reasons behind some of the delays in Windows Vista were reported, direct from inside Microsoft, on a blog; as were the details of some up-and-coming products from
Apple, who would be delighted to locate the sources of the information. Whether it's a gimmick or a leadership position, companies are setting up shop in Second Life - if nothing else it may become, for some, a virtual golf course, where business conversations can take place away from prying eyes. The blogging world is under constant, unremitting attack from comment spam; meanwhile, blogs themselves are being used ('splogs') to raise the profile of blogs and other sites on search engines. In other words, there are plenty of threats in the 2.0 world, that are currently under-addressed.
If Symantec wants to secure messaging effectively, it needs to start by radically changing what it means by messaging, to cover the exploding variety of communications that are very quickly becoming part of the mainstream. Then, maybe, it needs to plan how it addresses the issues and challenges that these raise, and soon. Otherwise, it may find itself forever fashioning locks too late, for doors that perhaps should never have been left open.
