File Transfer Technologies Offer Security and Audit Trails

Related Articles

• Being Part of the Underclass…and What You Should Do about It
• Who Will Be Next Victim in Breach and Hacks? Nintendo Joins List Including Google, RSA Security, PBS, Lockheed Martin, Sony
• In Today’s API World, IT Needs to Assume A Breach and Marketers Need to Be Security Conscious

Subscription Options

Subscribe Newswire

Widgets & RSS Feeds

With the passage of time, many aspects of the digital age seem to keep improving, while other areas, like securing data in motion, become more complex. Especially as the potential ways to move data continues to increase. In May, another data loss incident occurred to remind us to secure valuable data while it is in motion. This time it is in a supermarket parking lot in the U.K. where unencrypted sensitive information and health records of mental health patients were found on a USB stick by a 12-year-old boy.

“The national health authority in England was quoted as saying they have safeguards and policies in regard to portable devices and it is like,” comments Paula Skokowski, chief marketing officer for Accellion on the parking lot discovery. “Yes, you have a policy, but it was obviously not clear to this person and it wasn’t enforced. They somehow thought transferring data on a USB stick was a good idea. I mean who knows it could have just fallen out of this guy’s pocket—I just want to tell everybody, don’t do that!

What if it had been encrypted? Would that make it better? Not necessarily, especially when working with very large files contends Paul French vice president product and solutions marketing for Axway. “We hear the grand panacea is to just encrypt everything. That is the governmental response these days—just encrypt and that makes sense until you get to files that are gigabytes, and gigabytes, and gigabytes. Then you are talking about needing new computers to handle the processing of that.”

Vendors that offer managed file transfer (MFT) believe their solutions are the best way to go for sending not only files securely, but also keeping tabs on them. “The ‘managed’ file transfer industry grew out of three common business needs,” explains Jonathan Lampe, CISSP, VP product management for Ipswitch File Transfer. “First, businesses found themselves needing to set up, track and reconfigure hundreds of scheduled FTP jobs. Second, businesses needed to permit but monitor end-users performing Web-based or other ad hoc transfers. Third, businesses wanted their key internal systems to interact with partners or far flung installations using the efficiencies of bulk data sets.” Lampe notes that all of the vendors who provide managed file transfer solutions today provide answers to all three of these needs, in addition to their own specialties.

The business case for MFT is only strengthened when you hear stories of how inventive employees can be when delivering files to their destination. Skokowski points out that digital copiers are another source of potential data breaches as the common practice of taking a scan of a document and creating a PDF to email, also leaves a copy of the document on the digital copier’s hard drive. “A couple years ago, Accellion added an extension to our solution because a major customer in the pharmaceuticals industry needed to secure digital files coming off those types of equipment,” she explains. “It suddenly opens peoples eyes and they realize they were thinking very narrowly.”

Getting one’s job done often comes before securing a file. According to Lampe, “In many companies, neither end-users nor IT take sufficient care of company intellectual property. In a recent survey conducted at the RSA security conference in San Francisco, Ipswitch discovered that more that 70 percent of attendees said they had ‘absolutely no visibility’ into files moving out of their organizations. And before you think that’s only an end-user problem, of the IT security personnel we surveyed at RSA, 40 percent admitted to taking company information ‘for their next job’.”

Another possible loophole in safeguarding data is Google’s recently announced added file transfer to IM. “That’s another one,” says Skokowski. “When you transfer a file via IM there is no tracking or reporting. You have just created a loophole for your security and compliance program. We help organizations close off those loopholes, close off those avenues that people have been using and help an organization deploy to all staff an easy to use, easily accessible application, so you don’t send files in IM, you don’t send them on a USB stick and can’t walk up to a digital scanner.”

Benefits of MFT

Having an audit trail is one of the key benefits of MFT. Knowing where a file went to, having a receipt for the file and being able to encrypt it makes the technology very appealing, especially as compliance regulations require sensitive information to be better managed. “Compliance has certainly increased the adoption of MFT technology in specific industries, especially government, defense contractors, banking, healthcare and pharmaceuticals. The level of governance that MFT solutions provide is attractive to those heavily regulated industries,” acknowledges Lampe. “However, any medium or large company will find itself facing several regulations across industries, states or countries. In reaction, these companies have each drafted their own security policy. So, while a policy might be driven or revised by multiple regulations, each company’s comprehensive security policy dictates the level of governance an MFT solution must provide.”

Interestingly, the files that are sent using MFT are not clearly in need of archiving. According to French, the market is trying to decide if MFT files fall under archiving rules. “We give customers the choice,” says French “We have as many customers say, ‘I am going to treat this like MFT, which does not have a document retention and archiving policy’ and other customers that say, ‘I am going to consider this email, until somebody tells me different.’ So, customers are approaching it in mixed ways. Those that have invested in large scale on-premises document retention systems ask us to help make it all work together and some people just need to make sure the right person gets the file.”

More and more, organizations are embracing MFT. “Gartner recently noted that 80 percent of all data transfers are performed using file transfer technologies, and companies are realizing that governance of those data transfers is within their grasp using MFT solutions,” observes Lampe. ]

But there still are a lot of stories out there of data going missing or falling into the wrong hands using insecure methods to move large files. “People just need to wake up to the need to control the flow of information,” declares Skokowski. “It doesn’t take any more effort to send a file securely, so really rather than debate, does it need to be secured or not—you might as well just send it securely. It doesn’t take any more energy to do that.” Skokowski isn’t entirely discouraged, noting, “I think that there are signs that organizations are starting to take this seriously.”

The trick is to make MFT as effortless as possible. “If we do not empower people in the way that they want to work, they will find another way. It’s like water going around a dam. You can try to stop it, but it is going to go around, it is going to go above, and it’s going to go underneath. Data flow works that way too.” French notes that when it comes to sensitive information, securing data in the end comes down to humans. “Things worked fine until the humans got involved. And that is where things are getting dropped and lost.” Like in a U.K. parking lot.