Archive for February, 2010
Next week (March 1-4, 2010) I’ll be at the RSA Conference in San Fransciso. Please come down and see Ipswitch on the floor or drop me a note to set up a private time to talk.
Since we were there last year a lot has happened to Ipswitch File Transfer products.
- Ad Hoc Transfer Modules – Both MOVEit DMZ 7.0 and WS_FTP Server 7.5 will provide the ability for registered senders to send files to anyone with an email address from a web browser or Outlook email client. (The MOVEit DMZ version provides reply capabilities, encryption at rest, more online logs and the ability to send messages without files.)
- MOVEit Central Advanced Tasks – Complex, conditional workflows were made possible with the release of MOVEit Central 7.0.
- MOVEit DMZ Web Farms – Our most secure server gained the ability to scale horizontally on top of common database and file server tiers with the release of MOVEit DMZ 6.5.
- New Security Model in WS_FTP Server – WS_FTP Server 7.1 quietly rolled out a new “perimeter” security model to protect its web-based admin interface, based on suggestions from security personnel.
- MOVEit DMZ SaaS – Project leaders, small businesses and departments may now subscribe to a hosted service that provides secure storage, secure transport, delegation of authority and superb logging. This service is based on the latest version of MOVEit DMZ, deployed on a web farm in a datacenter that has achieved SAS 70 certification.
- MOVEit Central Corporate – A version of our workflow engine scaled to meet the needs of people with 10 or fewer remote servers to communicate with or project leaders
- Virtualization, 64-bit and Windows 7 Support – WS_FTP Professional 12.2 became the first major FTP client to be recognized by Microsoft as Windows 7 compatible (both 32-bit and 64-bit). Meanwhile, our server products expanded their support of 64-bit Microsoft Server platforms and their support of virtual platforms based on EMC’s VMWare and Microsoft’s Hyper-V.
- Microsoft Certified Partner – Ipswitch became a Microsoft Certified Partner last year, gaining access to software, including Windows 7, before it is released to the public.
- Gartner “Leader” Designation – Ipswitch was named as a “Leader” in Gartner’s Magic Quadrent, based largely on the ability of our MOVEit products to meet the needs of business customers, our forward-looking vision and our willingness to build or buy our way toward solutions that meet even more needs.
Using free online storage and collaboration systems dramatically increases a company’s risk of a data breach. Many of these tools automatically synchronize desktop folders with folders in the cloud. Compromised credentials can give hackers easy access to all of a company’s sensitive information.
Companies need to monitor traffic over known P2P ports and over commonly used ones, like 80 and 21. It’s not just data loss prevention, it’s ensuring that policies that address “what data can be sent to whom” are enforced – regardless of port and security mechanisms.
Most of today’s threats with P2P file sharing come from applications that work in conjunction with cloud services, leaving room for hackers to create desktop onramps for their own use.”
In a recent case, the FTC found the breach. The truth is – the companies breached should have found it first.
Many enterprise collaboration tools have browser-based portals set to automatically download documents from specific locations. Simply changing the default settings away from “My Documents” can prevent employees from unknowingly downloading and installing applications that could increase a company’s risk of a breach.
To many companies, “ad hoc transfer” is all about getting people to quit sending large and/or sensitive data through their email clients. With than in mind, Ipswitch File Transfer developed a web-based module for its WS_FTP Server and a similar module for its MOVEit DMZ Server to do just that.
However, “ad hoc” isn’t just about email. Back in the day, when someone wanted to get a file to someone else and there was no explicit file transfer process in place, a sender would likely put a file on the company FTP site, a hidden directory on the company web site (guilty!) or cut the file to CD or thumb drive. One of the reasons not everyone has gone to email is that those other methods either involve a log that the sender can check or a physical hand-off. In other words, ad hoc senders want to be able to monitor the process.
Taking a step back as an administrator, think of your own user base. Even if you have implemented Ipswitch File Transfer’s Ad Hoc Transfer server modules (thank you!) and have weaned your users off sending important files through email, are you sure they are using their other file transfer access (FTP, SSH, ?) to interact with other people the way you expected them to? How would you know? That, in a nutshell, is why the monitoring and logging capabilities around “ad hoc” person-to-person transfers on ALL your file transfer products are so critical.
One of the most frequently asked questions that I have fielded throughout my career as both a sales person and as an executive has been “What makes your product different from everyone else’s?” or “How is your company different?” I generally see the response go one of two ways. Either the respondent looks like a deer in the head lights stunned by the simple question or they start to talk. And talk, and talk … to the point where you have no idea what they said.
At Ipswitch it is a real simple answer – it is “time to value”. We enable users (people and/or companies) to start using and receiving the benefit of our software as soon as they download it! It is a very basic concept that goes back to the beginning of our company almost 20 years ago – build software that is easy to install and use that solves everyday problems. Build software that does what it says it will do – simply, reliably and intuitively. Provide support, when needed, the same way.
Today, companies are under tremendous pressure to cut costs, to do more with less and to leverage the limited resources available to them to accelerate their return on investment. Truly delivering on time to value enables our customers to not only survive, but to thrive under these conditions. It is why we have grown substantially over the past two years of economic turmoil. Time to value is a timeless value, one that we embrace as much today as we did when we started the company. And, time to value is a value that millions of our customers share.
I just received my books for a refresher course in the Systems and Network Auditor training from the SANS organization. It’s an organizational non-event, but the fact that regular security training is now common in the organization is worth reflecting on.
Since we started investing in and training personnel nine years ago, Ipswitch File Transfer now has people on staff with the following security certifications, as well as the attendant experience that goes along with designing, developing and supporting solutions that securely manage interactions.
- CISSP – Certified Information Systems Security Professional by (ISC)2 – An ANSI ISO/IEC Standard 17024:2003 accredited certification approved by the U.S. Department of Defense in both their Managerial (IAM) and Information Assurance Technical (IAT) categories. The U.S. National Security Agency has also adopted this certification as the baseline for its Information Systems Security Engineering Professional (ISSEP) program.
- GSNA – GIAC Systems and Network Auditor by SANS – A certification that identifies an expert in laying out and completing network and security audits using the language of risk and control. (GIAC stands for “Global Information Assurance Certification”.)
- GCIA – GIAC Certified Intrusion Analyst by SANS – A certification that identifies an expert in detecting attacks and probes.
- GCWN – GIAC Certified Windows Security Administrator by SANS – A certification that identifies a Microsoft Windows security expert.
- GCIH – GIAC Certified Incident Handler – A certification that identifies an expert in preparing for and handling a security breach.
- GSEC – GIAC Security Essentials Certification – A certification that identifies an individual who has received general computer security training appropriate for a typical system administrator.
…and the list will continue to grow as companies of all sizes continue to depend on us to take the same or greater care of their data as they would themselves.
So, it’s back to the books for me, but I don’t mind it one bit. Regular refreshment of my auditor credentials helps me to understand the needs of the security and risk management teams and to develop product solutions (both software and services) that meet emerging corporate policies and industry regulations.