Posts from ‘RSA’
We’ve got some fresh stats and trends to share from data that we collected at the recent RSA Security Conference. Many thanks to the “statistically significant” number of people that took the time to fill out our survey questionnaire.
Our survey results highlight some major security and compliance concerns for businesses – information security, visibility and policy enforcement remain a major problem in 2011. Here are a few key data points:
65% have no visibility into files and data leaving their organization- >80% use easily lost or stolen portable devices like USB drives and smartphones to move and backup confidential work files
- >75% send classified documents as email attachments – including payroll, customer data and financial information
- >25% percent have purposely used a personal email account (like yahoo or hotmail or gmail) instead of their work accounts as a way to hide their file transfer activity
- 55 percent said their companies provide – but do not enforce – policies and tools around sharing sensitive information
The fact that so many companies admittedly lack visibility into the files and documents that are moving around and leaving their organization is pretty scary. How can an organization protect information that they don’t know even exists? Clearly, increased focus is needed to first identifying sensitive data and then protecting it – These critical information security components should be carefully baked into an organizations security, governance and compliance initiatives.
Lastly, I’d like to vent on the last data point for a minute. Policy creation simply isn’t enough…. the enforcement of that policy is the critical step. Writing down a policy but not enforcing it is just as risky as not having documented the policy in the first place. Creating the policy is a good start, but please please please don’t stop there.
Why does your business (or organization) need a consolidated managed file transfer application? When working within an organization and with its partners, organizations find that
- Paper-based processes are inadequate, they are labor-intensive and these paper-based processes slow down the ability to conduct business
- Doing away with shipping physical media lowers their risk of losing sensitive data to theft and accidental loss
- Streamlining operations so that there are fewer systems to manage and leverage the lower costs of doing business on the internet, the intranet and in the cloud
From outside an organization, regulatory mandates from agencies and governments are increasing (like PCI, HIPPA and GLBA). Moreover, markets and business are moving faster. Companies that can process transactions quickly (e.g., less than a second) can compete on speed and effeciency.
One MFT Application can replace the disparate file transfer tools and the rogue FTP servers scattered throughout your organization.
As a result, many businesses find they need one file transfer solution that addresses the needs of the entire organization. These businesses need one application and not numerous point applications and tools from several vendors scattered throughout the organization surreptitiously poking holes in their firewalls. They need a one-stop shop for their end users (a single, easy to learn and easy to use UI), their applications (a straightforward API) and their administrators and managers (an application that helps to increase revenue, lower their TCO and maintain their high security standards).
Remember, Managed File Transfer (MFT) is software application (or an appliance) that provides organizations of any size with a holistic solution for all their file transfer needs. Unlike point solutions for file transfer, rogue FTP servers or physical media, a consolidated MFT application means that your organization has one product and one vendor to meet all your file transfer needs. A consolidated MFT application translates into increasing the accessibility and the trackability of your customer, partner and employee information (only for authorized users and uses). At the same time, it increases security, reduces the risk of exposing critical data and lowers your total cost of ownership.
In addition, a consolidated MFT application means increased revenue because your sales electronically instead of by paper, fax or telephone. Remember, a consolidated MFT application helps to integrate your applications (and your partner applications) by making it easy to exchange data programmatically.
In short, a consolidated application increases your visibility to all file transfers within your organization, it increases the speed at which you can do business (thereby increasing the revenues) by seamlessly integrating the data from all your applications and it reduces your total cost of ownership for all file transfer (data movement) applications within your organization by providing a one-stop shop for the application (from one vendor), for its web services APIs and for your teams to work with.
“A top Pentagon official has confirmed a previously classified incident that he describes as ‘the most significant breach of U.S. military computers ever,’ a 2008 episode in which a foreign intelligence agent used a flash drive to infect computers, including those used by the Central Command in overseeing combat zones in Iraq and Afghanistan.”
Brian Knowlton, in a NYTimes.com article gives us the rundown on what happened, and what this all means to the military and to the future of cyberdefense and the U.S. Cyber Command.
Deputy Secretary of Defense, William J. Lynn III, referred to the breach as “…a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,” and he also describes it as “a digital beachhead, from which data could be transferred to servers under foreign control.”
The nightmare of this happening to the military is enough to keep you awake at night, and thinking of this closer to home doesn’t make sleep come that much sooner.
Think of your own office where USB flash drives, removable disk drives and cell phones are making it easier than ever for employees who need to transfer large files. It’s harder than ever for companies to monitor and protect sensitive information.
“Portable devices are far too easily lost or stolen, and while most employees have good intentions, USBs are one of the easiest ways for insiders to compromise business-critical information. IT managers need to make it easier for people in their organization to move information securely. By decreasing reliance on transferring physical media and focusing more on easy-to-use browser-based or email plug-in solutions, information will be better governed.”
Frank Kenney, VP of Global Strategy at Ipswitch File Transfer.
Last year (2009) there was a study by the Ponemon Institute of nearly 1,000 recently terminated individuals. The study revealed that 42% of them used USB memory sticks to take business data and that 38% sent documents as attachments to personal email accounts.
“Digital beachhead” is such a great way to put this, especially coming from Deputy Secretary of Defense, William J. Lynn III. The images one can conjure up of storming the “digital beach” and imagining the data security version of those first 15 minutes of “Saving Private Ryan” is truly powerful stuff and should keep us up a little later at night.
Give Knowlton’s article a read and if you’re interested in hearing more from Frank Kenney on this topic, check out his surprised reaction at a recent RSA event.
