Posts from ‘Managed File Transfer’
In his white paper, “Business-Class File Sharing Best Practices”, Michael Osterman of Osterman Research assesses the current state of
personal file sharing within business, with recommendations about how information technology, risk management and compliance teams can best address the common issues and risks.
Below is an excerpt from the paper, where Michael summarizes some of the key issues with the status quo with personal file sharing within business. We also invite you to access the full white paper including Michael’s case for why IT needs to provide and manage file sharing solutions.
Excerpted from “Business-Class File Sharing Best Practices”
The Status Quo Doesn’t Work
- Users are stymied because company email systems often do not permit file attachments of more than 10 to 20 megabytes to be sent, and it is not efficient at sending more than a few files at a time. Moreover, email doesn’t typically include a return receipt so the sender can know if the recipient ever received the email. Also, when email is used for file transfer, it imposes increased storage and bandwidth costs, slow message delivery, long backups, long restores, high IT management costs.
- Many users will turn to their personal Webmail account because of their ability to send very large files through these systems. However, when users do so there is no IT visibility into the sent or received content, no tracking, no auditability, and no archiving. Moreover, corporate content can reside in personal Webmail repositories for many years, long after an employee may have left the company. While this makes life easier for users, it increases the risk to the organization.
- USB sticks, tablets and smartphones create the same problems: lack of security, higher costs, their likelihood of being lost or stolen, and the potential for content on them to be accessed by unauthorized parties.
- Dropbox-like file sharing tools and cloud services can be effective, but they do not permit IT management or governance of content. And, they often are individual accounts and not under the sanction of IT which means that IT doesn’t have the visibility or insight into what is being transferred, nor does IT maintain any type of audit trail for this content.
- SharePoint and similar tools are useful for sharing information if both senders and recipients are using it. However, SharePoint require the deployment of a dedicated infrastructure and training for end users, and it is not always easily accessible by remote workers or people external to an organization.
- Basic FTP client-server systems, while useful, require both the sender and recipient to have access to the FTP server to share information, which can be an ongoing provisioning burden for IT.
- Physical delivery of information – such as CD-ROMs or DVD-ROMs that are burned and sent through overnight services – is expensive and the speed of delivery is slow
Again, at this link you can access the full white paper including Michael’s case for why IT needs to provide and manage file sharing solutions.
In our recent webinar “File sharing: Have employee habits put your company at risk?”, Michael Osterman of Osterman Research and David Boone of Ipswitch File Transfer spoke about the issues associated with trends in individual file sharing and the impact they have on businesses.
There is continued increased usage of rogue tools to share files and information when employees don’t have an adequate solution provided to them by their business. These tools include everything from personal email accounts (Gmail, Hotmail, Yahoo!) to cloud-based personal file sharing tools (YouSendIt, DropBox) all the way through to USB drives or what David refers to as “SneakerNet” — walking private data around the office on USB drives which can be easily misplaced or lost.
Michael and David also take a look at what information technology teams can do to deliver solutions to businesses that will address these risks, and tips on how to balance the need for end-user simplicity with the control, security and visibility required by the organization.
Lastly they cover five key criteria to consider when selecting a business-class file sharing solution for your organization:
- Make sure it can handle unlimited file sizes.
- Confirm that minimal training is required to deploy it.
- Ensure it is secure. This includes utilizing encryption both in motion and at rest, and that the message itself is encrypted too.
- For successful user adoption, make sure it’s easy to use.
- Finally, make sure it’s easy to integrate into your existing environment.
For the full discussion between Michael and David as well as the question-and-answer session with the audience, we invite you to view the webinar recording. We also invite you to share this with any colleagues who you think may find it useful.
Ericka Chickowski did a nice job in her Dark Reading article on how old-fashioned FTP introduces unnecessarily levels of compliance and security risks to organizations. And here’s an alarming data point from Harris Interactive – approximately 50% of organizations are currently using the FTP protocol to send and exchange files and data.
Talk of security concerns with FTP is certainly not new. FTP was never designed to provide any type of encryption, making it possible for data to be compromised while in-transit. A common answer for this is to use encrypted standards-based protocols such as SSL/FTPS and SSH/SFTP.
Luckily, modern managed file transfer solutions deliver not only the security you know your business requires, but also the visibility and control that IT needs to properly govern company information.
Ipswitch’s Greg Faubert offers his thoughts in the Dark Reading article:
“While FTP is a ubiquitous protocol, depending on it as a standard architecture for file exchange is a bad strategy…. The PCI standards look specifically at the security surrounding your FTP environment. It is a significant area of focus for auditors, and they will fail companies in their PCI audits for a lack of adequate controls.”
And yet, somehow, many organizations continue to rely on unencrypted FTP to transport mission-critical or sensitive information. For those guilty, here are a few steps to help you get started in migrating away from antiquated FTP. And don’t worry, it won’t be painful.
Here’s a great write-up of how Rochester General Hospital is using Ipswitch’s MOVEit solution to manage over 400,000 electronic billing transfers per year to dozens of payer systems.
Quick background on the business need: Rochester General Hospital needs to exchange patient records, insurance claims, and billing information from their electronic medical record (EMR) and accounting systems with many health providers and insurance companies.
Security and compliance are critically important: Not only do the transfers need to be reliable to facilitate timely payments, but they also needed to be highly secure and auditable to protect patient privacy and ensure compliance with HIPAA and HITECH.
Ipswitch eliminated complexity and created efficiencies:
“We needed to consolidate on a standard way to transfer files to many different payer systems…. MOVEit consolidated a number of batch files and legacy tools into a single, secure and easy to use file transfer solution,” says Dylan Taft, Systems Engineer at RGH.
“In the event of an audit, MOVEit allows us to provide chain-of-custody and non-repudiation with just a few clicks. Without MOVEit, we wouldn’t have this visibility.”
If we didn’t have MOVEit, we would have to hire one or two additional people just to review the log files every day – not to mention lost files, information arriving late, and frustrated doctors and payers.”
Do you have a great Ipswitch story of your own to tell? Email us at firstname.lastname@example.org…. We can’t wait to hear all about it!