Grace Financial Group, a securities broker-dealer in Southampton, New York, discovered a few years ago that it had a big problem communicating both internally and with its clients. The challenge surrounded the exploding use of Instant Messaging (IM) which, at the time, was a useful tool that presented a myriad of under-addressed security, regulatory, and confidentiality problems.
Enterprises realized that “employees weren’t using IM just to talk to their friends and families,” says Gartner analyst Lou Latham. “In fact, there really was some business benefit in the technology.” But it inaugurated what he calls “an era of benign neglect,” exemplified by unmonitored communications, numerous unsecured network portals through which viruses and malware could enter and spread, and the deeper questions of oversight and archival of these messages to conform with emerging security and investment laws.
Simply put, “we had to be compliant,” notes Jonathan Shepland, Grace Financial’s Managing Director of Operations and Chief Compliance Officer. “We have to archive all IM going back and forth.”
In its initial guidelines, the National Association of Securities Dealers (NASD) allowed broker-dealers to block IM instead of monitoring and archiving it. But that was unacceptable to Shepland since Grace’s 25 employees are located in four different offices. “And we relied too much on IM for inter-office communications as well as staying current with customers in the United States and Europe.
In order to fully harness business-class IM safely, Shepland quickly realized his small firm had neither the human nor financial resources to accomplish this objective. So Grace decided to outsource the task that would replace chaos with order, compliance, and security.
Shepland began to research business-grade IM options in 2001, when the NASD first published its guidance policies on IM. The brokerage evaluated several hosted IM options and settled on Professional Online Desktop (POD) from New York City-based Omnipod, because it offered a total solution that included secure offsite hosting, monitoring and archiving, he recalls.
New Government Regulations Power the Outsourcing Trend
Faced with the stringent regulatory compliance guidelines imposed by NASD and the Securities and Exchange Commission (SEC), a growing number of financial services firms now use hosted IM services. Such hosted solutions not only meet mandated regulatory requirements but also allow the brokerage firms to benefit from real-time communication through a secure, fully hosted private enterprise IM network, according to Gideon Stein, CEO of Omnipod.
Omnipod’s solution is compliant with, HIPAA and Sarbanes-Oxley regulations.
Kimberly Smith, Vice President of IT at the investment banking firm of Ferris Baker Watts, notes, “With the accelerating pace of security issues, it simply makes sense to outsource IM to a company that specializes in secure enterprise IM services.”
Omnipod’s private IM network prevents the security problems of public IM and file sharing offerings by combining administrative controls with the latest Secured Socket Layered (SSL) encryption. Stein says this protects Omnipod users from hackers, common viruses, and worms that routinely infect consumer IM systems.
Since rolling out Omnipod, Shepland says there have been no problems. “It’s easy to work with, set up, and configure.”
He notes the Omnipod hosted IM service ensures his firm is fully compliant with SEC and NASD security regulations, while allowing the firm’s managers to dedicate their energies to managing securities.
But he also appreciates the additional benefit of meeting NASD’s communication back-up requirements. “We have to store the data at an offsite location anyway. And hosting accomplishes that. It’s one less headache.” He adds that the solution also saves hiring more full-time IT staff to maintain the related servers, which could cost around $100,000 annually.
“From a compliance standpoint,” Shepland says “the administrative tools are great because I can use keywords to monitor IM communications. If red flags go up in the search return, I can go into each individual user’s log file, pull up history by date and by user chat and review it.” And though fortunately there have been few such concerns, Shepland says, “the greatest benefit of that functionality is to review IM conversations if there’s a problem with a client or order.”
Another advantage of a hosted-IM service is improved security. According to Omnipod’s Stein, no IM sent over his network is transmitted in the clear, unless it’s to a public IM client. Also, hosted networks can sidestep incoming IM viruses that typically spread by engaging the application program interfaces (API) built into public IM networks that access buddy lists (a virus can copy itself to everyone on the buddy list).
Stein says there’s never been a virus outbreak on his closed IM network because there’s no API to be called. “It’s very hard for a virus to propagate within a closed network,” he notes. But even if one does make it into the network, “it’s going to stop at the first infected user,” he adds.
Omnipod has positioned itself as a very visible provider of hosted enterprise IM and is a very aggressive supplier in reaching out and educating the market about the benefits of a hosted approach, according to Genelle Hung, an analyst at The Radicati Group. “At the same time, they’re particularly good about listening to customers’ needs and staying current with IM industry advances,” she adds.
Today, 50 percent of people use IM at work, according to The Radicati Group’s recent Instant Messaging Corporate Survey. However, only 24 percent of organizations have deployed a formal IM structure, according to the report. Security and a drop in productivity are two main reasons why corporations have not deployed IM solutions, according to The Radicati Group.
“It makes a pretty strong case for outsourcing the practice,” Grace’s Shepland concludes.
Lessons from The Outsourcing Journal:
- Half of the working public uses Instant Messaging at work but only 24 percent of firms have deployed a secure IM structure. This creates great opportunity for businesses that have no such structure to utilize an outsourcing provider that specializes in providing secure, business-class IM connectivity.
- By outsourcing IM hosting and management to a provider, companies not only save money, but realize better security, enhanced monitoring capabilities, and offsite message archiving.
- Financial service firms find that outsourcing their IM communications management and hosting also makes it easier to conform to new SEC, NASD, and Sarbanes-Oxley regulations governing the monitoring and archiving of Instant Messages.