Managed File Transfer (MFT) is certainly not being left behind in this cloud revolution.  According to Gartner, adoption of MFT Cloud Services is growing rapidly and now accounts for approximately 10% of the overall MFT market.  While both on-premises and cloud markets will continue to grow about 20% annually, cloud services will become a bigger piece of the MFT pie.

Here’s a nifty graph from the Ponemon Institute’s recently published “The Security of Cloud Infrastructure” report summarizing key cloud drivers from the perspective of both IT/Security and Compliance respondents. Interesting to see that many people believe that cloud services will provide improved security and compliance efforts over doing it themselves on-premises with their resource.

So, how do you feel about cloud security?  Are you comfortable with your organization’s data being moved  into the cloud??  What cloud security measures would make you feel better???

Related posts:

1. Cloud Security, Sex and Kim Kardashian (Or How To Attract Attention To Your Event)
2. Cloud security is the new great debate
3. Ipswitch at SecureWorld Expo in Philly

2011 was also a record-breaking year for data breaches.  Coincidence?   Perhaps.  But there is no denying the fact that the increased use of non-sanctioned technology in the workplace has created a security loophole in many organizations.  It will become increasingly important for organizations to mitigate this risk to avoid a failed security or compliance audit or worse, a data breach.

Ipswitch can help your organization meet the security, usability and visibility requirements for file sharing.  For example, our Ad hoc Transfer module for MOVEit DMZ enables organization to enforce consistent policies and processes around person‐to‐person file transfers ‐ email encryption, attachment offloading, secure messaging, eDiscovery, and more.  It not only gives companies unparalleled governance, but it also allows end users to send information, with anyone, in a fast, easy, secure, visible, and well managed way.

We will be talking a lot more about the topic of people person-to-person file sharing in 2012, so stay tuned….

Related posts:

1. Do People Realize What They Are Sending and the Risks Associated?
2. New solution to common frustration
3. Webcast: It’s 2 a.m. Do you know where your files are? An Intro to Person-to-Person File Transfer

Correlation involves identifying related actions and events as a file moves through a series of business processes (including what happens after a file is moved, renamed, or deleted), and using that information to make business decisions.  Correlation can also associate file transfer metadata with downstream processes such as whether a product was shipped or an invoice was paid after an order was received from a customer.

Ipswitch’s Frank Kenney shares some thoughts in the video below on why correlation is an especially important part of visibility and how it enables you to really understand not only file transfers, but also the applications, processes, purchase orders and other items in your infrastructure that tie back to customers, SLA’s and revenue..

Click here to view the embedded video.

Related posts:

1. The challenge of visibility
2. The importance of visibility
3. Ipswitch’s insight on Cleo & Stonebranch: It all depends on what happens next

If you don’t have visibility into the data and files that are flowing between systems, applications and people — both inside and beyond the company firewall — things can go haywire very quickly.

• Lost files, security breaches and compliance violations
• Broken SLAs and other processes that are dependent on files
• No file lifecycle tracking as data flows between applications, systems and people
• Damaged partner and customer relationships
• Lost opportunities

Relying on the reporting capabilities of each individual system has proven to be risky and inefficient.  Chances are, you’re swimming in a sea of not-very-useful-or-actionable data and static reports that are already a week behind with what’s actually happening in your company this very instant.

In today’s blog video, Frank Kenney shares his thoughts why having one consolidated view is critical and why organizations are having such a hard time achieving visibility.

Click here to view the embedded video.

When it comes to your file transfers, many questions exist.  Do you have the total visibility your business requires?   How do your customers gain visibility into their file transfers??   Do you have all the information you need to meet your service level agreements (SLAs) as well as enabling transparency about integration and file transfers???  Let Ipswitch help you answer these questions and overcome your visibility challenges.

Related posts:

1. The importance of visibility
2. Keeping Your Data Secure and Your Employees Productive
3. Ipswitch’s insight on Cleo & Stonebranch: It all depends on what happens next

Visibility:  “Unobstructed vision into all data interactions, including files, events, people, policies and processes”

Fast, easy access to critical file and data transfer information is a must-have – it’s critical to the success of your business.  Whether it’s tracking and reporting on SLAs, analyzing file transfer metrics to identify bottlenecks and improve efficiency, or providing customers and partners with easy self-service access to the file transfer information they require – as well as countless other business objectives – unobstructed visibility is imperative.

Having one consolidated view into all of the systems and processes involved in your organizations file and data transfers will deliver tremendous business value and a competitive edge.  Please do take a couple of minutes to watch Ipswitch’s Frank Kenney share his perspective on why visibility is important.

Click here to view the embedded video.

Related posts:

1. The challenge of visibility
2. Keeping Your Data Secure and Your Employees Productive
3. Takeaways from Verizon’s 2011 Data Breach Investigations Report

My answer:  “Use both of them, together!”

For starters, here’s a real quick summary of both encryption types:

• Transport encryption (“data-in-transit”) protects the file as it travels over protocols such as FTPS (SSL), SFTP (SSH) and HTTPS.  Leading solutions use encryption strengths up to 256-bit.
• File encryption (“data-at-rest”) encrypts an individual file so that if it ever ended up in someone else’s possession, they couldn’t open it or see the contents.  PGP is commonly used to encrypt files.

I believe that using both together provides a double-layer of protection.  The transport protects the files as they are moving…. And the PGP protects the file itself, especially important after it’s been moved and is sitting on a server, laptop, USB drive, smartphone or anywhere else.

Here’s an analogy:  Think of transport encryption as an armored truck that’s transporting money from say a retail store to a bank.  99.999% of the time that armored Brinks truck will securely transport your delivery without any incident.  But adding a second layer of protection – say you put the money in a safe before putting it in the truck – reduces the chance of compromise exponentially, both during and after transport.

One last piece of advice:  Ensure that your organization has stopped using the FTP protocol for transferring any type of confidential, private or sensitive information.  Although it’s an amazing accomplishment that FTP is still functional after 40 years, please please please realize that FTP is does not provide any encryption or guaranteed delivery – not to mention that tactically deployed FTP servers scattered throughout your organization lack the visibility, management and enforcement capabilities that modern Managed File Transfer solutions deploy.

Related posts:

1. MFT Is the Unsung Security and Compliance Solution
2. 800,000 Reasons Why MFT is Important
3. Takeaways from Verizon’s 2011 Data Breach Investigations Report

Sound familiar?

The easy answer is that you should migrate away from antiquated FTP software because it could be putting your company’s data at risk – Unsecured data is obviously an enormous liability.  Not only does FTP pose a real security threat, but it also lacks many of the management and enforcement capabilities that modern Managed File Transfer solutions offer.

No, it won’t be as daunting of a task as you think.  Here’s a few steps to help you get started:

• Identify the various tools that are being used to transfer information in, out, and around your organization.  This would include not only all the one-off FTP instances, but also email attachments, file sharing websites, smartphones, EDI, etc.  Chances are, you’ll be surprised to learn some of the methods employees are using to share and move files and data.
• Map out existing processes for file and data interactions.  Include person-to-person, person-to-server, business-to-business and system-to-system scenarios.  Make sure you really understand the business processes that consume and rely on data.
• Take inventory of the places where files live.  Servers, employee computers, network directories, SharePoint, ordering systems, CRM software, etc.  After all, it’s harder to protect information that you don’t even know exists.
• Think about how much your company depends on the secure and reliable transfer of files and data.  What would the effects be of a data breach?  How much does revenue or profitability depend on the underlying business process and the data that feeds them?
• Determine who has access to sensitive company information.  Then think about who really needs access (and who doesn’t) to the various types of information.  If you’re not already controlling access to company information, it should be part of your near-term plan.   Not everybody in your company should have access to everything.

Modern managed file transfer solutions deliver not only the security you know your business requires, but also the ability to better govern and control you data…. As well as provide you with visibility and auditing capabilities into all of your organizations data interactions, including files, events, people, policies and processes.

So what are you waiting for?

Related posts:

1. Keeping Your Data Secure and Your Employees Productive
2. When hard work backfires
3. Webcast: It’s 2 a.m. Do you know where your files are? An Intro to Person-to-Person File Transfer

1. What’s a “breach”? Does it mean the bad guys came in and took the data? Or maybe the data was left unencrypted? Or perhaps an executive lost his or her BlackBerry?  Wikipedia talks about breaches of confidence, breaches of contract and breaches of faith. Is it all or none of the above?
2. What does “notify” mean? Email? Snail mail? SMS? Press release? Facebook status update? Tweet? We just don’t know. And when do they need to send that out? When it happens (or it happened?) When it was discovered? When it was fixed? This is key and I say this because the breaches that happened were reported months after they actually happened. So when?
3. And by “customers”, do you mean people who pay for my services? What if my services are free like social networks? Does free = exempt? What if I give you my email and contact info, does that make me a customer?
4. What in the world is “risk of breach” and why shouldn’t I just fix it instead of telling my customers?

If you don’t mind I’d like to give the public in general my 2 cents…

The real story is this: we should all take these breaches seriously because at some point they will impact us individually. We must make it crystal clear to our service providers, our Internet providers and in some cases our employers that there needs to be policies and enforcement around the proper use and retention of our private information. We must also make clear that these same providers must put processes in place to better communicate and resolve any future data breaches. In much the same way we now see consumers making purchase decisions based on the carbon footprint of their suppliers/providers, the same approach will be taken when it comes to private confidential information. We at Ipswitch believe putting a secure managed file transfer solution in place will allow these suppliers to stem breaches by giving them visibility into how data is being accessed and for what purpose BEFORE these breaches happen.

Related posts:

1. Do People Realize What They Are Sending and the Risks Associated?
2. Lindsay Lohan’s AT&T iPad Enabled Ankle Monitor Gets Hacked
3. 800,000 Reasons Why MFT is Important

Are your file transfers as safe as they can be?  Specifically, when you receive inbound files, are you doing all you can to protect your IT infrastructure from the risk of viruses and malware??  Are your outbound data and file transfers “clean,” so you don’t expose your trading partners to any viruses that might be undetected in your systems???

Ipswitch MOVEit and MessageWay solutions offer the ability to integrate with specific antivirus solutions.  Here’s a link to learn more about MOVEit DMZ’s new ability to integrate with Sophos and Symantec ICAP enabled antivirus solutions to ensure that only clean files enter your infrastructure.

For example, all files uploaded to MOVEit DMZ (including those sent using the person-to-person Ad Hoc Transfer module) are first scanned and validated to ensure that they are free of viruses, trojans, malware and other malicious threats.  If an infected file is detected the following actions will immediately and automatically be taken:

•    Rejects the transfer of the infected file
•    Alerts end user that upload failed due to virus detection
•    Logs the virus, timestamp, the scan engine, version and definition tag
•    Reports the list of infected files that have been detected during a specified time period

By integrating your antivirus solution with your managed file transfer solution, you ensure that all the files you receive are scanned before they enter your network.  Not only does this protect your applications, data and valuable IT assets, but it prevents you from accidentally passing on any viruses that may exist in your systems.

Related posts:

1. New solution to common frustration
2. Say Hello to Sendable…
3. When transferring files, isn’t all encryption the same?

All reports indicate that this vulnerability affects the SSL protocol itself and is not specific to any operating system, browser or software/hardware product.  This is an information disclosure vulnerability that allows the decryption of encrypted SSL 3.0 and TLS 1.0 traffic.  It primarily impacts HTTPS web traffic, since the browser is the primary attack method.

SSL and TLS are two of the industry standard technologies that Ipswitch File Transfer solutions use to encrypt data while in-transit.  Additional technologies such as AES transport encryption, PGP file encryption, and the encrypted FTPS and SFTP protocols are also used to secure data.  As always, we recommend a defense-in-depth approach for protecting sensitive data.

At this point the vulnerability is not considered a high risk.  Ipswitch is closely monitoring the situation closely and will implement recommendations and provide updates if this turns into a serious threat.  We agree with Microsoft’s recommendation to prioritize  the RC4 cipher suite and to enable TLS 1.1 in client and server.  And given the choice, use the unaffected FTPS and SFTP protocols (and not HTTPS) until this vulnerability investigation is complete.  Microsoft has also issued a fix fix that enables support for TLS 1.1 in Internet Explorer on Windows 7 and Windows 2008.

No related posts.