Posts from ‘Management’
SC Magazine just published a short article titled “FTP described as unsecure and generally unmonitored”.
In the article, fellow Managed File Transfer (MFT) vendor Axway correctly points out that “usernames, passwords, commands and data can be easily intercepted and read while files transferred via FTP are uploaded or downloaded without any encryption.”
Not to overstate the obvious, but I wholeheartedly agree (and this should come as no surprise to our avid blog readers). The FTP protocol turned 40 years old in 2011 and although still functional, it was not designed to provide any encryption or guaranteed delivery. Unfortunately, many organizations are still relying on outmoded homegrown FTP scripts or have deployed basic FTP servers scattered throughout their organization – all lacking basic security measures, not to mention important visibility, management and enforcement capabilities.
Today, the 40-year old FTP protocol proudly serves as the foundation for the majority of data transfer and application integration technologies that organizations rely on so heavily. But luckily for us all, modern file transfer solutions deliver much more than basic FTP:
- VISIBILITY capabilities such as logging; reporting; alerts; notifications; chain-of-custody and file life cycle tracking
- MANAGEMENT capabilities such as workflows and scheduling of file related processes; person-to-person file transfer; integration with systems/applications; data transformation; high availability; virtualized platform support
- ENFORCEMENT capabilities such as user provisioning; password policies; encryption requirements (for example, requiring 256-bit AES encryption over FTPS or SFTP protocols); file integrity checking; non repudiation
Now is the time to replace old and often insecure point FTP solutions and hard-to-maintain scripts with technology that includes the benefits of a modern MFT solution.
Many thanks to the Verizon RISK Team (along with the U.S. Secret Service and the Dutch High Tech Crime Unit) for publishing their 7th annual analysis of data breaches. Compromised data continues to plague organizations worldwide, and studies like the 2011 Data Breach Investigations Report can help us all avoid becoming a victim – both as individuals and also as corporate citizens.
Here are a few noteworthy data points:
- Nearly 800 data breaches were reported in 2010, a sharp increase from the 900 breaches reported in the previous six years combined
- 4 million records were compromised in 2010 which is significantly less than the 144 million compromised in 2009
- Many breaches involved sending data externally – Take this as a warning to pay more attention to information leaving your organization
- 89% of companies suffering credit card breaches were not PCI compliant at the time of the breach, indicating that organizations with rigorous compliance efforts are less likely to be breached
- Only 17% of breaches implicated insiders (down from 31% last year) and 29% had a physical component
A key takeaway is that while the quantity of data breaches quintupled in 2010, the number of compromised records actually dropped. This data is consistent with the growing belief that attackers are increasingly targeting smaller companies (which tend to have less focus and expertise on IT security) simply because they are easier to exploit.
As the Verizon team points out, in the world of cyber crime, knowledge is power. Not only do companies require visibility into the files and data that are being transferred around an in/out of their organization, but they also need the management and enforcement capabilities to control, govern, and protect the growing number of mission-critical and confidential files that are being accessed every day by internal and external systems, applications and people.
WS_FTP Server can now be configured to support automatic, unattended failover, enabling your organization to easily achieve high availability for your file transfer processes. Not only will you increase system uptime, reliability, and performance, but you will now be able to provide uninterrupted access to file transfer users – all critical for helping your company deliver exceptional business performance and meet service level agreements around availability.
Take a quick minute and watch Ipswitch’s Jonathan Lampe share his thoughts on our new failover capability for WS_FTP Server:
There are many reasons why organizations have shifted their approach to file transfer away from being a purely tactical point-solution (which was likely driven by a new/immediate need of a single business unit) to being viewed as a strategic project that’s now considered an important part of an organization’s overall business operation.
Jonathan Lampe recently published a very insightful article on CIO titled “The Evolution of File Transfer in 2011: From Tactical to Strategic”. Jonathan makes a very insightful case that the increased focus on (and backlash from) data breaches and compliance regulations has played a big role in this evolution.
As Jonathan points out, the grace period for lapses in personal data protection is thankfully over! And Managed File Transfer technology is being leveraged more and more as a strategic tool to not only facilitate the secure transfer of files, but also in a way that allows for much needed visibility, management and enforcement of company data, both within an organization and also between external partners and customers. And all with auditing and reporting capabilities that satisfy even the strictest of governed environments not to mention person-to-person, transformation and application integration too.
Some highlights of what to expect with the MFT evolution in 2011:
“First, there will be the ongoing challenge to present interfaces and metaphors that are relevant to today’s end users – the days of an FTP client on every desktop are long ago.
Second, there will be increased pressure to more closely integrate with enterprise middleware, authentication and monitoring/control technology.
Finally, there will be the ongoing need to present and manage more information about the flows of data, all within the context of tightening regulations around data privacy”.
Take a quick read of the CIO article…. It’s well worth 5 minutes of your time.