Posts from ‘Management’
Moving beyond FTP: Where to begin?
“My company still relies heavily on FTP. I know we should be using something more secure, but I don’t know where to begin.”
Sound familiar?
The easy answer is that you should migrate away from antiquated FTP software because it could be putting your company’s data at risk – Unsecured data is obviously an enormous liability. Not only does FTP pose a real security threat, but it also lacks many of the management and enforcement capabilities that modern Managed File Transfer solutions offer.
No, it won’t be as daunting of a task as you think. Here’s a few steps to help you get started:
Identify the various tools that are being used to transfer information in, out, and around your organization. This would include not only all the one-off FTP instances, but also email attachments, file sharing websites, smartphones, EDI, etc. Chances are, you’ll be surprised to learn some of the methods employees are using to share and move files and data.- Map out existing processes for file and data interactions. Include person-to-person, person-to-server, business-to-business and system-to-system scenarios. Make sure you really understand the business processes that consume and rely on data.
- Take inventory of the places where files live. Servers, employee computers, network directories, SharePoint, ordering systems, CRM software, etc. After all, it’s harder to protect information that you don’t even know exists.
- Think about how much your company depends on the secure and reliable transfer of files and data. What would the effects be of a data breach? How much does revenue or profitability depend on the underlying business process and the data that feeds them?
- Determine who has access to sensitive company information. Then think about who really needs access (and who doesn’t) to the various types of information. If you’re not already controlling access to company information, it should be part of your near-term plan. Not everybody in your company should have access to everything.
Modern managed file transfer solutions deliver not only the security you know your business requires, but also the ability to better govern and control you data…. As well as provide you with visibility and auditing capabilities into all of your organizations data interactions, including files, events, people, policies and processes.
Every day, files are exchanged between your systems, employees, and business partners on a global scale. It’s no secret that with each file transfer, your organization faces potential exposure to viruses, worms, Trojan horses and other malware – and the damaged files, corrupted applications, reduced performance and other adverse business effects that come with them.
Are your file transfers as safe as they can be? Specifically, when you receive inbound files, are you doing all you can to protect your IT infrastructure from the risk of viruses and malware?? Are your outbound data and file transfers “clean,” so you don’t expose your trading partners to any viruses that might be undetected in your systems???
Ipswitch MOVEit and MessageWay solutions offer the ability to integrate with specific antivirus solutions. Here’s a link to learn more about MOVEit DMZ’s new ability to integrate with Sophos and Symantec ICAP enabled antivirus solutions to ensure that only clean files enter your infrastructure.
For example, all files uploaded to MOVEit DMZ (including those sent using the person-to-person Ad Hoc Transfer module) are first scanned and validated to ensure that they are free of viruses, trojans, malware and other malicious threats. If an infected file is detected the following actions will immediately and automatically be taken:
• Rejects the transfer of the infected file
• Alerts end user that upload failed due to virus detection
• Logs the virus, timestamp, the scan engine, version and definition tag
• Reports the list of infected files that have been detected during a specified time period
By integrating your antivirus solution with your managed file transfer solution, you ensure that all the files you receive are scanned before they enter your network. Not only does this protect your applications, data and valuable IT assets, but it prevents you from accidentally passing on any viruses that may exist in your systems.
As George Hulme recently wrote, the vision of Senator Richard Blumenthal’s data breach legislation is simple enough: Protect individuals’ personally identifiable information from data theft, and penalize firms that don’t adequately secure their customers’ information.
Clearly, there’s a need for organizations to better secure confidential and private customer information. It seems that a week rarely passes without a new high-profile data breach in the news. In fact, 2011 is trending to be the worst-ever year for data breaches. And that is despite many U.S. states introducing legislation that expands the scope of state laws, sets stricter requirements related to notification of data breaches involving personal information, and increases penalties for those responsible for breaches.
The need to protect customer data is unanimously shared by honest people worldwide…. The issue is HOW to effectively govern and enforce the various data protection requirements and laws?
I agree with Senator Blumenthal’s concept of establishing “appropriate minimum security plans”…. But color me skeptical on the government’s ability to appropriately monitor and enforce those plans, especially after witnessing the mighty struggles at effectively governing the dozens of state laws already on the books.
My skepticism is shared by many, including Mark Rasch, director of cybersecurity and privacy consulting at Computer Sciences Corporation: “The devil is in the details with these laws. We’ve had regulations, from Gramm-Leach-Bliley to HIPAA, that purport to help protect consumer data. Companies are already victims in these attacks, so why are we penalizing them after a breach? I think that’s because it’s easier to issue fines than it is to track down the criminals and go after them.”
In my opinion, business leaders need to prioritize their own internal efforts to properly protect sensitive information rather than wait on the government to catch up. First order of business is to identify where confidential files and data live in your organization and ensure visibility of that info (after all, how can you protect what you don’t know about?). Fortunately, there are technology solutions available to help organizations better manage and govern their critical files and data as they are being moved and consumed both internally and with business partners and across people, systems and various business applications.
Join us on September 29 at 1:00 p.m. ET for our latest webcast, Top Tips for Managing File Transfer & Application Integration.
More and more, organizations are beginning to realize that their old batch-file-and-script methods of file transfer and application integration don’t work. They’re unwieldy, primitive, difficult to manage, and often not 100% reliable – not to mention less scalable than the organization might wish. Don Jones, Principal Technologist at Concentrated Technology, and Andre Bakken, Director of Product Management at Ipswitch, will provide the top tips for managing file transfer and application integration in a more modern way. You’ll learn about the key failings in most organizations’ existing techniques, and look at the core capabilities you should be looking for as you move to improve your organization’s treatment of these critical tasks.
Register Now for the webcast!
What: Webcast – Top Tips for Managing File Transfer & Application Integration
When: September 29 at 1:00 p.m. ET
Who: Don Jones, Principal Technologist at Concentrated Technology and Andre Bakken, Director of Product Management at Ipswitch
