Knowledge Transfer with Ipswitch File Transfer

Posts from ‘MOVEit’

Aug
17

Why do I need Managed File Transfer? Isn’t FTP enough?

0 Comments
Posted by Deirdre Christensen in Advanced File Services, Auditing, Enforcement, FTP, Integration, Interactions, Ipswitch, Ipswitch Products and Services, Managed File Transfer, Management, MessageWay, MFT, MOVEit, Person-to-Person, Social Media, Technology and Software, Visibility, WS_FTP Professional, WS_FTP Server

Possibly not. The Internet’s venerable File Transfer Protocol (FTP) is usually supported by Managed File Transfer (MFT) systems, which can typically use FTP as one of the ways in which data is physically moved from place to place. However, MFT essentially wraps a significant management and automation layer around FTP. Consider some of the things an MFT solution might provide above and beyond FTP itself—even if FTP was, in fact, being used for the actual transfer of data:

  • Most MFT solutions will offer a secure, encrypted variant of FTP as well as numerous other more‐secure file transfer options. Remember that FTP by itself doesn’t offer any form of transport level encryption (although you could obviously encrypt the file data itself before sending, and decrypt it upon receipt; doing so involves logistical complications like sharing passwords or certificates).
  • MFT solutions often provide guaranteed delivery, meaning they use file transfer protocols that give the sender a confirmation that the file was, in fact, correctly received by the recipient. This can be important in a number of business situations.
  • MFT solutions can provide automation for transfers, automatically transferring files that are placed into a given folder, transferring files at a certain time of day, and so forth.
  • MFT servers can also provide set‐up and clean‐up automation. For example, successfully‐transferred files might be securely wiped from the MFT server’s storage to help prevent unauthorized disclosure or additional transfers.
  • MFT servers may provide application programming interfaces (APIs) that make file transfer easier to integrate into your internal line‐of‐business applications.
  • MFT solutions commonly provide detailed audit logs of transfer activity, which can be useful for troubleshooting, security, compliance, and many other business purposes.
  • Enterprise‐class MFT solutions may provide options for automated failover and high availability, helping to ensure that your critical file transfers take place even in the event of certain kinds of software or hardware failures.

In short, FTP isn’t a bad file transfer protocol—although it doesn’t offer encryption. MFT isn’t a file transfer protocol at all; it’s a set of management services that wrap around file transfer protocols—like FTP, although that’s not the only choice—to provide better security, manageability, accountability, and automation.

In today’s business, FTP is rarely “enough.” Aside from its general lack of security—which can be partially addressed by using protocols such as SFTP or FTPS instead—FTP simply lacks manageability, integration, and accountability. Many businesses feel that they simply need to “get a file from one place to another,” but in reality they also need to:

  • Make sure the file isn’t disclosed to anyone else
  • Ensure, in a provable way, that the file got to its destination
  • Get the file from, or deliver a file to, other business systems (integration)

In some cases, the business might even need to translate or transform a file before sending it or after receiving it. For example, a file received in XML format may need to be translated to several CSV files before being fed to other business systems or databases—and an MFT solution can provide the functionality needed to make that happen.

Many organizations tend to look at MFT first for its security capabilities, which often revolve around a few basic themes:

  • Protecting data in‐transit (encryption)
  • Ensuring that only authorized individuals can access the MFT system (authorization and authentication)
  • Tracking transfer activity (auditing)
  • Reducing the spread of data (securely wiping temporary files after transfers are complete, and controlling the number of times a file can be transferred)

These are all things that a simple FTP server can’t provide. Having satisfied their security requirements, organizations then begin to take advantage of the manageability capabilities of MFT systems, including centralized control, tracking, automation, and so forth—again, features that an FTP server alone simply can’t give you.

- From The Tips and Tricks Guide to Managed File Transfer by Don Jones

To read more, check out the full eBook or stay tuned for more file transfer tips and tricks!

Aug
16

When transferring files, isn’t all encryption the same?

0 Comments
Posted by Deirdre Christensen in Auditing, Compliance, Cybercrime, Data Breach, Enforcement, FTP, Integration, Interactions, Ipswitch, Ipswitch Products and Services, Managed File Transfer, Management, MessageWay, MFT, MOVEit, Person-to-Person, Security, Technology and Software, Visibility, WS_FTP Professional, WS_FTP Server

Definitely not. To begin with, there are numerous kinds of encryption—some of which can actually be broken quite easily. One of the earlier common forms of encryption (around 1996) relied on encryption keys that were 40 bits in length; surprisingly, many technologies and products continue to use this older, weaker form of encryption. Although there are nearly a trillion possible encryption keys using this form of encryption, relatively little computing power is needed to break the encryption—a modern home computer can do so in just a few days, and a powerful supercomputer can do so in a few minutes.

So all encryption is definitely not the same. That said, the field of cryptography has become incredibly complex and technical in the past few years, and it has become very difficult for business people and even information technology professionals to fully understand the various differences. There are different encryption algorithms—DES, AES, and so forth—as well as encryption keys of differing lengths. Rather than try to become a cryptographic expert, your business would do well to look at higher‐level performance standards.

One such standard comes under the US Federal Information Processing Standards. FIPS specifications are managed by the National Institute of Standards and Technology (NIST); FIPS 140‐2 is the standard that specifically applies to data encryption, and it is managed by NIST’s Computer Security Division. In fact, FIPS 140‐2 is accepted by both the US and Canadian governments, and is used by almost all US government agencies, including the National Security Agency (NSA), and by many foreign ones. Although not mandated for private commercial use, the general feeling in the industry is that “if it’s good enough for the paranoid folks at the NSA, it’s good enough for us too.”

FIPS 140‐2 specifies the encryption algorithms and key strengths that a cryptography package must support in order to become certified. The standard also specifies testing criteria, and FIPS 140‐2 certified products are those products that have passed the specified tests. Vendors of cryptography products can submit their products to the FIPS Cryptographic Module Validation Program (CMVP), which validates that the product meets the FIPS specification. The validation program is administered by NIST‐certified independent labs, which not only examine the source code of the product but also its design documents and related materials—before subjecting the product to a battery of confirmation tests.

In fact, there’s another facet—in addition to encryption algorithm and key strength—that further demonstrates how all encryption isn’t the same: back doors. Encryption is implemented by computer programs, and those programs are written by human beings— who sometimes can’t resist including an “Easter egg,” back door, or other surprise in the code. These additions can weaken the strength of security‐related code by making it easier to recover encryption keys, crack encryption, and so forth. Part of the CMVP process is an examination of the program source code to ensure that no such back doors exist in the code—further validating the strength and security of the encryption technology.

So the practical upshot is this: All encryption is not the same, and rather than become an expert on encryption, you should simply look for products that have earned FIPS 140‐2 certification. Doing so ensures that you’re getting the “best of breed” for modern cryptography practices, and that you’re avoiding back doors, Easter eggs, and other unwanted inclusions in the code.

You can go a bit further. Cryptographic modules are certified by FIPS 140‐2, but the encryption algorithms themselves can be certified by FIPS 197 (Advanced Encryption Standard), FIPS 180 (SHA‐1 and HMAC‐SHA‐1 algorithms). By selecting a product that utilizes certified cryptography, you’re assured of getting the most powerful, most secure encryption currently available.

- From The Tips and Tricks Guide to Managed File Transfer by Don Jones

To read more, check out the full eBook or stay tuned for more file transfer tips and tricks!

Jul
20

Webcast: It’s 2 a.m. Do you know where your files are? An Intro to Person-to-Person File Transfer

0 Comments
Posted by Deirdre Christensen in Auditing, Compliance, Enforcement, FTP, Interactions, Ipswitch, Ipswitch Products and Services, Managed File Transfer, Management, MFT, MOVEit, Online Collaboration, Person-to-Person, Security, Technology and Software, Visibility, WS_FTP Server

Join our webcast to learn how a Managed File Transfer (MFT) solution can drastically reduce the risks associated with sensitive company files being shared between people. Ipswitch’s Tony Perri will explain and demonstrate how to extend the visibility, management and enforcement of MFT to include person-to-person file transfer, both within and outside your organization. In this webcast, we will discuss:

  • 40% of organizations don’t give their employees a secure way to share large or confidential files
  • Why tools such as personal webmail, USB drives, smartphones and file sharing websites are dangerous for sending company information
  • 75% of surveyed employees send classified documents as email attachments – including payroll, customer data and financial information
  • How to improve employee productivity and simplify collaboration while at the same time mitigate security and compliance concerns
  • Why you need visibility into what is being sent, by whom and with whom
  • How to give employees a secure way to quickly send files to other people using their browser or Outlook
After Tony’s presentation and demo, we’ll be holding a live Q&A session to answer your questions!
We’ve scheduled two convenient times for this webcast, so please register for the one that works best for you – and we hope to see you there!

What: Webcast – It’s 2 a.m. Do you know where your files are? An Introduction to Person-to-Person File Transfer

Who: Tony Perri, Solutions Architect, Ipswitch File Transfer

When:
Jan
18

MOVEit solutions now sold through channel partners too.

0 Comments
Posted by Hugh Garber in Channel Partners, Industry News, MOVEit, Partner Program

During the past year, we shared news of our expanded partner program and new partner web portal, reinforcing our commitment to the channel.

Today, we’re very excited to share news that our suite of MOVEit solutions will now be made available for sale through North American distributor Tech Data.

“Adding MOVEit to their portfolio ensures that our partners will have a strategic offering to meet the evolving needs of their customers.” said Gary Shottes, president, Ipswitch File Transfer.

“Businesses of all sizes are looking to VARs to support their security and compliance needs, and Tech Data and Ipswitch are working together to ensure that VARs have access to the support they need to add the MOVEit solutions to their offerings.” said Stacy Nethercoat, vice president at Tech Data.

Our channel partners will continue to be a critical component of the Ipswitch File Transfer worldwide sales team, providing customers with advisory and consultative solutions.  Please do visit our partner webpage to find a local Distributor or Reseller.

Nov
01

In the Dallas area? Check us out at SecureWorld Expo!

0 Comments
Posted by Deirdre Christensen in Compliance, Conferences and Events, Customers, Cybercrime, Data Breach, Industry News, Ipswitch, Ipswitch Products and Services, Managed File Transfer, MessageWay, MOVEit, Press, SecureWorld, Security, Social Media, Technology and Software, WS_FTP Server

On Wednesday, November 3 and Thursday, November 4, Ipswitch File Transfer will be exhibiting and speaking at SecureWorld Expo, the leading regional security conference that brings together the security leaders, experts, senior executives, and policy makers who are shaping the very face of security.

The “Exhibits and Open Sessions Registration” for SecureWorld Expo is complimentary and it gives you access to the expo floor, the keynote presentations, and open industry expert panels. Plus, you’ll get to hear the luncheon keynote from L. Frank Kenney, The Data Breaches You Don’t See Hurt You The Most,” and the industry expert panel Data Protection: Walking the Thin Line Between Employee Productivity and Security.”

Here are the details:

What: SecureWorld Expo – Dallas

Where: Plano Convention Centre, Plano, TX

When: November 3, 2010 and November 4, 2010

Why: Meet the Ipswitch File Transfer team, learn about our solutions (from WS_FTP to MessageWay), listen in on L. Frank Kenney’s luncheon keynote, and keep up to date on the latest in the security world!

Plus, if you visit us and mention this blog post, you’ll receive a Starbucks gift card – on the spot!

See you in Dallas!

Newer Entries
Older Entries