It's an ironic twist of fate that just as instant messaging (IM) has taken off as a critical business tool in the workplace, regulators and legislators have imposed strict new rules about the responsibility of firms to monitor and store electronic communication of all kinds. Once considered an informal communication-like yelling over the cubicle wall- IM is now being taken as seriously as e-mail. Logistical and cost issues abound. Who should be allowed access to IM? What filtering technologies jibe with existing systems? How should scarce IT dollars be spent? Lee Blackmore, director of information technology at St. Louis-based broker-dealer Stifel Nicolaus, recently sat down with Securities Industry News Technology Correspondent Maria Trombly to discuss how his firm is tackling these thorny issues.

Securities Industry News: What are the identity management implications of using instant messaging?

Lee Blackmore: As a company, we have not opened up instant messaging to everyone in the company. When all those new [Securities and Exchange Commission] rulings came out last year, we started looking for solutions and our first inclination was not to open it up at all. Then we found out that a lot of our institutional traders use it, a lot, and they generate a lot of revenue. IMLogic was probably the easiest fit for us. It's a SQL back end; we're a SQL shop. It was easy to install. We didn't have to do anything on the end-user side of the fence, just find out what their screen name was if they were using Yahoo!.

Securities Industry News: Do you have a policy about what kind of screen names your employees can choose?

Blackmore: We have no policy in place about screen names. When we were getting ready to roll it out, we just asked what their screen names were and linked it up to their e-mail address names. And that links right to their employee names and number.

Securities Industry News: How do people know who's sending the instant message?

Blackmore: We have a disclaimer on our outgoing messages that says it's coming from Stifel. As soon as I start to chat, there's a disclaimer. The disclaimer says we retain copies, that the content will be reviewed by a compliance person. No matter what their name is, they know whomever they're chatting with...is at Stifel Nicolaus.

Securities Industry News: How about the other side? Can you tell who sent the incoming message?

Blackmore: I brought up some of these issues myself when talking with our compliance people. I think they're still trying to interpret the rules correctly. I don't know who these people are on the other end. We can pull up the review piece, and see the record of the conversation, but I don't know who these people are. Meanwhile, we take certain precautions. We limit the use in of IM in IMLogic. We don't allow users to FTP files, to attach files. Just chat. I talked this over with compliance. At first, the people in compliance didn't know what we were talking about; we had to show them what instant messaging was, what Web-based e-mail was. We were educating compliance. But they really didn't have any problem with whomever these traders were chatting with. I try to give the brokers and our traders as many tools as they need without being restrictive.

Securities Industry News: How do your brokers get on IM?

Blackmore: We have a Web-based system; when people want to be put on the IM list, they have to go through an approval process before they're allowed to use it.

Securities Industry News: Do you see Web services, XML or other standards making integration efforts easier?

Blackmore: It is becoming easier, especially in the financial industry. With Web services, better controls, better security, it will improve the productivity of our brokers. We try to give all the tools we can to our brokers. That's how we've grown in the last five years-five branches to 82. We've given the traders the technology at their fingertips, which is our recruiting motto. We always have to look toward our future.

Securities Industry News: Do Web services make it easier to roll out new applications?

Blackmore: We've already done that for some of the vendors that we have on the insurance side. We're using more XML; we're doing this also with our clients being able to download information. We have brought in consultants on some of this, and a lot of my Web programmers have come up to speed on XML on getting things converted and transferring information back and forth. The insurance and annuity side has been more on the forefront. We send that data to three or four different vendors via XML. Many times, the vendors have a lot of things preset and we've had to do some minor programming but not a lot to get it work.

Securities Industry News: Would you like to see more open standards being used, as opposed to proprietary ones?

Blackmore: Yes, I would, just from administrative and management side.

Securities Industry News: You talked about your archiving of instant messaging. Can you talk about what you do for your e-mail?

Blackmore: We do the same thing for all e-mail. We use a product called MAILsweeper [a mail filtering product from Clearswift Ltd.]; it scans all of our brokers' e-mails coming in internal and external. It looks for about 1,000 terms and the e-mails that get flagged go off to a compliance review where a person looks at them before sending them on. We started archiving our brokers' e-mails four years ago. Then last year we put in a more robust system. Now we also use an OTG [Software, recently acquired by Legato Systems] module and an OnBase [a document management product from Hyland Software] subscription server, where it's archived to an HP optical disk. It was put in place a year-and-a-half ago.

Now that we're archiving everybody's e-mail, we have a big storage problem. For example, the average person gets at least 20 pieces of spam a day that we don't catch at the exchange server. I'd estimate that about 10 percent of the optical disk is filled with spam that gets through our filters and we can't catch. On a Monday morning, when we come in from a weekend, there might be 30,000 junk e-mails that are sitting there, spam that we have caught. And daily, we catch between 5,000 and 8,000. The stuff that gets through, we don't go in and try to strip it out. It's just easier to let it go in and not worry about it. I could hire several people just to have them go through and strip out junk e-mail that we don't want to archive but it's not worth the effort....People waste a lot of time in e-mails. We just pulled up a sample of two employees talking about going to lunch and they sent 20 e-mails to each other instead of just picking up the phone.

Securities Industry News: What about other storage needs; for example, for business continuity planning?

Blackmore: Each day we have tapes taken offsite. At the end of every week, we do a backup of all of our files and take it offsite. This was put in two years ago; we upgraded our entire backup system.

Securities Industry News: Do you use networked storage technology for continuous backups?

Blackmore: No, but next year we're going to be spending a lot of money. We're redoing our entire disaster recovery site, moving it from one location to another location further away-to our Denver office, where we have more space. We're going to be changing everything to make it more robust than it is right now. St. Louis is our HQ, we have another office across the river, which would pick up a lot of our critical applications-quotes, e-mail, HR, accounting. But there are a lot of these third-party apps that are not really critical that we would have to rebuild.

Securities Industry News: Do you have other plans for major upgrades?

Blackmore: A lot of things are just more of how we control the desktop better. We're moving toward active directory; we're planning a big rollout next year. Our PCs in branches are five years old. We're going to put more servers in our offices. We also have to make sure we're securing the network because a lot of issues just came up last year with compliance and the privacy act. If a broker's got a laptop and he goes home and plugs it into the Internet, he could expose it to a potential hacker. So we have to make sure they have proper firewalls-even on their personal PCs.

Securities Industry News: Are you worried about viruses?

Blackmore: I have one guy who manages our servers and he stays on top of it. We haven't been hit at all, knock on wood. He keeps all the definitions up to date. Once a month, we have [the brokers] leave [their computers] on so we can make sure they're all up to date. And we had some minor issues with someone who wasn't in the office and got a small infection. But we're pretty diligent about making sure we have our network protected.

Securities Industry News: Have you looked at alternative operating systems to reduce risks?

Blackmore: In our lab we're testing Linux servers, and we have an IBM 800 I-series and you can go in and partition the I-series so you can run SQL or other Windows applications and have another level of protection. We're not only looking at Linux, but at the Apple side from the server standpoint, their new operating system, OS X. The graphic people use it and we're testing some of those servers. We have one guy who's a real Apple freak and he's always trying to push it. And my background is Apple; I have a G4 laptop. The rest of them have their Dells, and I have my G4. The viruses go after the Windows applications.