Archive for March, 2012
Ericka Chickowski did a nice job in her Dark Reading article on how old-fashioned FTP introduces unnecessarily levels of compliance and security risks to organizations. And here’s an alarming data point from Harris Interactive – approximately 50% of organizations are currently using the FTP protocol to send and exchange files and data.
Talk of security concerns with FTP is certainly not new. FTP was never designed to provide any type of encryption, making it possible for data to be compromised while in-transit. A common answer for this is to use encrypted standards-based protocols such as SSL/FTPS and SSH/SFTP.
Luckily, modern managed file transfer solutions deliver not only the security you know your business requires, but also the visibility and control that IT needs to properly govern company information.
Ipswitch’s Greg Faubert offers his thoughts in the Dark Reading article:
“While FTP is a ubiquitous protocol, depending on it as a standard architecture for file exchange is a bad strategy…. The PCI standards look specifically at the security surrounding your FTP environment. It is a significant area of focus for auditors, and they will fail companies in their PCI audits for a lack of adequate controls.”
And yet, somehow, many organizations continue to rely on unencrypted FTP to transport mission-critical or sensitive information. For those guilty, here are a few steps to help you get started in migrating away from antiquated FTP. And don’t worry, it won’t be painful.
Here’s a great write-up of how Rochester General Hospital is using Ipswitch’s MOVEit solution to manage over 400,000 electronic billing transfers per year to dozens of payer systems.
Quick background on the business need: Rochester General Hospital needs to exchange patient records, insurance claims, and billing information from their electronic medical record (EMR) and accounting systems with many health providers and insurance companies.
Security and compliance are critically important: Not only do the transfers need to be reliable to facilitate timely payments, but they also needed to be highly secure and auditable to protect patient privacy and ensure compliance with HIPAA and HITECH.
Ipswitch eliminated complexity and created efficiencies:
“We needed to consolidate on a standard way to transfer files to many different payer systems…. MOVEit consolidated a number of batch files and legacy tools into a single, secure and easy to use file transfer solution,” says Dylan Taft, Systems Engineer at RGH.
“In the event of an audit, MOVEit allows us to provide chain-of-custody and non-repudiation with just a few clicks. Without MOVEit, we wouldn’t have this visibility.”
If we didn’t have MOVEit, we would have to hire one or two additional people just to review the log files every day – not to mention lost files, information arriving late, and frustrated doctors and payers.”
Do you have a great Ipswitch story of your own to tell? Email us at mystories@ipswitch.com…. We can’t wait to hear all about it!
