Posts from ‘Compliance’
Five Steps to Prevent Privacy Breaches
Neil Chesanow just published a very informative article for Medscape titled “Why Your Patients’ Data May Not Be Safe: 5 Steps to Protect It”
I had the pleasure of talking with Neil as he was writing the article and I must say that I’m impressed with the 5-step approach he outlines to prevent privacy breaches.
1. Develop a strict-but-realistic security policy
2. Control access to patient data
3. Monitor electronic health record (EHR) activity
4. Require more complex passwords
5. Encrypt all outgoing files
Although written from a medical/healthcare point-of-view, the steps can be applied to help any business or organization think through some of the issues surrounding the protection of sensitive and confidential files and data.
One of the more critical points that I believe Neil highlighted is how important it is to control access to confidential information. Access to sensitive files and data should only be granted to people that are required to use it as part of their job. Not every employee or external partner should have access to all company information…. And it’s easy enough to control and enforce access by applying simple rules and policies.
Monitoring, reporting and auditing file and data activity is another critical point raised by Neil. The ability to see who accessed sensitive information, when and how many times they access it, whether they moved or sent it to another location or person, and if/how the transmission and file itself was secured and encrypted are important pieces of information from both an internal security policy as well as compliance perspective. Believe me, you don’t ever want to turn down an eDiscovery judge’s request to provide an audit trail for a particular file or communication and not be able to provide it.
On Wednesday, November 3 and Thursday, November 4, Ipswitch File Transfer will be exhibiting and speaking at SecureWorld Expo, the leading regional security conference that brings together the security leaders, experts, senior executives, and policy makers who are shaping the very face of security.
The “Exhibits and Open Sessions Registration” for SecureWorld Expo is complimentary and it gives you access to the expo floor, the keynote presentations, and open industry expert panels. Plus, you’ll get to hear the luncheon keynote from L. Frank Kenney, “The Data Breaches You Don’t See Hurt You The Most,” and the industry expert panel “Data Protection: Walking the Thin Line Between Employee Productivity and Security.”
Here are the details:
What: SecureWorld Expo – Dallas
Where: Plano Convention Centre, Plano, TX
When: November 3, 2010 and November 4, 2010
Why: Meet the Ipswitch File Transfer team, learn about our solutions (from WS_FTP to MessageWay), listen in on L. Frank Kenney’s luncheon keynote, and keep up to date on the latest in the security world!
Plus, if you visit us and mention this blog post, you’ll receive a Starbucks gift card – on the spot!
See you in Dallas!
SC Magazine just reviewed Ipswitch’s MOVEit DMZ, and awarded it a 5-star rankings for each of their 7 categories – That’s actually 35-stars in total!
As many of you know, MOVEit DMZ is used by thousands of organizations around the globe to manage mission-critical file transfers that meet requirement for security and compliance. Not only is MOVEit DMZ used to transfer data between internal systems and across companies, but there is also a nifty Outlook plug-in that enables simple and secure person-to-person file transfer with governance and visibility.
Here are a few quotes from the SC Magazine review:
“MOVEit DMZ from Ipswitch is a managed file transfer server that helps secure data.
Installation was easy and straightforward…. Getting the initial administrative duties out of the way was easy as well.
The solution allows admins to enforce how file transfers are handled, and it encrypts both the transmission and storage of the files to, from and on the server itself.
We were impressed with all the features. There are plenty of protocol support options…. There are also built-in, browser-based APIs to allow for bulk file transfer via web browsers, and even a module to allow for ad hoc transfers via an email attachment using Microsoft Outlook.
From an administration perspective, there are many enterprise-class features available. Users can limit remote administration and incoming connections to particular network segments, as well as a full range of auditing and reporting for the solution.”
For those of you unfamiliar with MOVEit DMZ, please do take 2-minutes and watch our overview video. And feel free to submit any questions you have about our MOVEit solutions and we’ll be sure to quickly get back to you.
In my last three blog posts on the Ziff Davis MFT survey, we dove into security and compliance, highlighted other notable strengths such as speed, reliability, scalability and up-time, and looked at some perceived deployment challenges.
Today, let’s look at the business benefits of a MFT and how they impact an organization’s bottom line.
The survey did a nice job uncovering some supporting business processes which respondents claim were positively impacted by their MFT solution. These include: communications with remote office and remote workers, collaborating with external business partners, vendors and suppliers, distribution and fulfillment, compliance management and customer service.
Here’s a nice summary: “Note how these improvements address the bottom line for an organization directly by improving efficiency, security, and customer outreach all at the same time.” That’s quite an impressive trifecta!
I’ll conclude this 4-part blog series with a couple of closing thoughts:
- I wholeheartedly agree with MFT solutions wearing the “unsung security and compliance solution” label…. And that growing perception will spread as more and more organizations look at refining, automating, optimizing and securing their file transfer policies, processes and workflows.
- It all comes down to visibility, management and enforcement. Organizations need visibility into data interactions, including files, events, people, policies and processes. They also need to be able to manage and automate internal and external data transfers and interactions. And of course, organizations must be able to easily create and enforce administrator defined policies and rules, including (but certainly not limited to) security.
Want more insight into the evolving MFT space? Watch a webcast “Managed File Transfer: Directions for the Coming Year” in which Ipswitch’s Frank Kenney is joined by Accellion’s Paula Skokowski, Attachmate’s Sam Morris and a contingent of eWeek Editors.
The Ziff Davis survey on Managed File Transfer did a nice job amplifying the aspects of currently deployed file transfer methods people think need the most improvement.
Checking in at #1 and #2 on the “improvements needed to my existing file transfer methods” list are SPEED and SECURITY. This only fuels the age-old debate of productivity versus security… But that’s a topic for another day! Needless to say, it’s not surprising that about half of survey respondents say that they need faster file transfers and roughly the same amount say they require stronger security.
Other items on the “improvements” wish list include: reliability, capacity, scalability, central management, workflow integration, IT infrastructure integration and compliance.
It’s validating to see in the graphic that areas where MFT solutions excel today closely map to those aspects of existing file transfer methods that people say require the most improvement — Reliability, speed, security, up-time and capacity round out the top five. Efficiency is a common theme with all these items, driven largely by time-sensitive business-critical processes and even SLAs depending on fast and highly available file transfer processes and workflows.
The last point I want to make about the “needs improvement” survey results is that no solution (MFT or other) will magically make a company compliant. There is no holy grail to achieving regulatory, regional, industry or corporate compliance. Rather, compliance is the end result of a strategically implemented, documented and monitored initiative that encompasses the entire arsenal of company-sanctioned policies, tools, and of course processes and employee actions.
Coming soon: I’ve got a few more musings about the survey that focus on deployment challenges as well as the business benefits of MFT.
835UVUTMM99Z
