The entire purpose of the IT department is to enable business, and that should be the main goal of any IT solution. In this constantly changing world, IT solutions must be agile and able to change with the business.  Some businesses irrationally choose to build their own bespoke solutions as they feel this is the only way to get exactly what is needed. They shy away from commercial off the shelf software solutions that must be modified and extended to fit ever-changing needs, so they elect to do it internally. This is irrational because it is only the original project costs that are attractive, while the expensive hidden costs are in the operating, extending and modifying these custom software solutions.  Maintaining custom software long after the original developers are gone can be a nightmare. The unforeseen overhead quickly becomes untenable when compared with the original benefit.

The majority of small and medium sized businesses opt for out of the box one size fits all solutions, since they are typically cheaper and can do most of what they want. Large businesses and enterprises, however, need more specialized solutions. The difference in one feature could mean millions of dollars of loss in efficiency.  The evolution of what we now term “cloud solution” has gone from hosted one-size-fits-all to complete tool kits that can be tinker toyed together and scaled to address most any need.

What large businesses and the enterprise need are vendors that are very specialized as best-of-breed in a narrow problem set, but are willing to customize and bend their solution to fit their particular business need.   Thru was the first cloud base managed file transfer solution provider to publish an API and to offer essentially our entire feature set programmatically.  The out of the box set of MFT features Thru provides can address 90% of what most users need while Thru’s extensive tool kit allow solutions to be tailored.

While we at Thru are constantly modifying and extending our solution to meet the ever-changing needs of our customers we realize the many business need our innovative ready to use MFT with no changes thus Thru is backward compatible with every software  version released to date.  This approach does not work as well for premised based deployments but given the agility of the cloud features and updates just appear on a regular basis.

Thru’s Managed File Transfer Platform was designed for the enterprise 10 years ago with the principles of flexibility and scalability at heart. This cloud-based platform, in addition to our responsive and agile engineering team, has enabled us to retain some of the largest companies in Healthcare, Software, Advertising, and AEC since our inception. These enterprises continue to get the file transfer functionality that they need to enable them to focus on being leaders in their industry, and any business looking for a file transfer solution would be sensible to do the same.

Past research has identified the AEC industry (Architecture, Engineering, and Construction) as being extremely resistant to new IT adoption. Why is that? Culture. As organizations do business, they quickly learn what works and what does not. This learning is assimilated into the company’s culture. The big mistakes of the past are remembered anytime an employee has an idea that sounds similar to the old one, and the idea is immediately squashed. A few bad experiences can quickly lead to a lot of assumptions that are not necessarily true, eliminating profitable strategies and greatly hurting the company’s ability to earn above normal profits. While this means that most AEC companies will be late adopters, it also provides a great opportunity for those who are willing to challenge incorrect assumptions that have prevented the industry from embracing new technologies.

Here are three assumptions that I believe are preventing AEC companies from adopting new IT solutions such as Managed File Transfer, and more importantly, why these assumptions are no longer absolute.

1.� Employees do not have the necessary technical expertise

A quick look around you will immediately prove that technology is not as difficult to use as it was just a few years ago; even many very complicated applications have now been made so simple that your grandmother could use them. Anytime an MFT vendor is being considered, however, this aspect should be carefully considered. Tight integration with the most common business applications should be a very high priority. For most companies, this means that the MFT solution should seamlessly integrate with Microsoft Outlook, Lotus Notes, and SharePoint. The right MFT solution will be no more difficult to use than sending a regular email.

2.� It will be difficult to get company employees motivated to use the technology

One of the great obstacles in implementing an IT solution is to get employees to embrace the new technology and desire to use it, rather than out of obligation. Historically, there have been many large failures in this aspect of implementation across all industries. This often occurs because the everyday users are forced to adopt the solution without ever having been considered during the decision making process. The CIO or Director of IT decides what to use in conjunction with other executives and the others must follow suit. Problems like this can be avoided through trials which allow the users to see what the technology is like and test how they will likely respond to the technology, before it is rolled out to the entire company. This assumption is also tied to the first one. If the technology is too difficult to learn and use quickly, it will be rejected. When the technology is easy to use and fulfills a needed gap in functionality, however, it will be rapidly embraced. Since MFT fulfills a great number of gaps in needed functionality — such as secure file transfers of any size and file type, access control of files and folders, the ability to share files with external partners, auditing, and much more — this technology tends to be very well received.

3. Untested technology will often lead to big failures

This assumption is still true, however, Managed File Transfer is no longer an untested and unproven technology. Having been embraced by many of the most successful and larges AEC companies, MFT solutions have proven to have a great ROI by those who have taken the step to embrace it. This is proven by the fact that year after year, they continue to renew contracts and integrate MFT solutions into more and more applications. AEC companies that choose the best solutions and implement them now still have an opportunity to gain some competitive advantage over the traditionally late adopting AEC industry. However, before long, the majority will adopt and MFT will be a technology that is required to remain competitive, rather than one that can help to gain a competitive advantage.

So what is the conclusion?

Any AEC company that wishes to earn above average financial returns will have to break out of its own culture and challenge these incorrect assumptions, adopting the technology that can enable it to do business more efficiently than competitors. This means throwing out the old assumptions that employees are not capable or willing to use technology, and recognizing that other industries and even leaders within the AEC industry have embraced MFT with much success. Those companies that ignore this will be left behind in this fast moving age of technology.

Last week Symantec posted the results of their 2011 SMB File Sharing Survey, revealing that online file sharing poses the greatest security risk to SMBs. These results do not come as a surprise, as unsecure and unregulated freemium file sharing services (with millions of simultaneous users on a shared platform) have crept onto corporate networks at an unprecedented pace—74 percent of survey respondents said “they adopted online file sharing to bolster their own productivity”.

The problem is that the employees concern for boosting their productivity takes precedent over corporate security. In fact 61 percent, of the 1,325 organizations surveyed, said that employees are the ones making the decision about which file sharing services are being used. The problem is that if IT is not actively managing these services, it is impossible to monitor and track the confidential corporate data being exchanged, which increases security threats including introducing malware into the corporate infrastructure and loss or compromise of confidential and valuable data.

I liken this to a teenager buying her first car—she wants something cheap that she can drive immediately—she’s completely unconcerned about the safety of the vehicle and how its vulnerabilities might ultimately affect those around her. Employees bringing in free file sharing solutions, that can be downloaded and in use within minutes are unconcerned how using it at work might affect the corporate infrastructure. According to Rowan Trollope, group president of SMB and Cloud at Symantec, “A staggering 71 percent of small businesses that suffer from a cyber-attack never recover–it’s fatal.” So how can the IT department help employees understand how their actions might put their organization at risk?

Every organization, regardless of size, should have security policies in place that restrict how employees can access and share files. However, more importantly, IT departments must provide the tools that their business users need by providing enterprise class secure file sharing solutions that will increase employees’ productivity without jeopardizing the organization’s network and information security.

According to the InformationWeek 2012 Strategic Security Survey, the biggest challenge for security teams is not about meeting compliance demands, and preventing breaches, but it’s managing complexity, risk management and handling security challenges.  This comes after an era in which a large percentage of organizations looked at security purely from a compliance-based approach–enacting minimal-requirements to comply with government and industry regulations.

A good proportion of companies have met the established security guidelines/specifications, but by failing to implement a risk-management approach they are still plagued with huge technical and/or administrative threats.  And now with mobile devices entering the workforce security threats have increased even further.  Not only may IT administrators be unaware that these devices are connected to their corporate network, but their misplacement or theft can lead to loss or compromise of proprietary corporate data.

With the increase in security threats and the trend towards managing complexity and risk management, the bar has been set high for cloud service providers.  But, as articulated in the CloudTimes article, “Social Media, Cloud, Smartphones Pose Threat to Security”–measures like data verification functionality, information management in the cloud, de-duplication and compression and secures backup can make a safe bet for cloud service providers to look to the companies built for the cloud for help.

Thru, Inc. was built for the cloud. With over ten years’ experience of securely managing data for corporate enterprises and public entities, Thru provides the most secure platform for organizations to share, exchange, and track critical data.  If you are ready to move beyond compliance, and take a risk management approach to file sharing and collaboration, find out how Thru secures your sensitive documents/folders.

In recent posts, I have talked at length about “Big” files and the issues around the transport and management of such data sizes, but now is the time to talk about “Big” data.   The market is well aware of the pros and cons of traditional methods to address the file transfer challenges and the resulting Managed File Transfer (MFT) solutions.  However, along with the many benefits of implementing a MFT solution come side effects in the form of additional data silos.  These silos while created to protect sensitive data with such tools as encryption, multi-factor authentication, and data abstraction invariably obscure a significant and sizable amount of data from the landscape of Big Data tool sets and ancillary solutions.

Let’s put this into perspective.  According to IBM, we create 2.5 Quintillion bytes (SI equivalent Exabytes) of data on a daily basis.  Assuming the current capacity of the average hard drive nowadays is typically 1 Terabyte (TB) or more, this equates to approximately 2.5 million drives worth of data generated every day.  Ninety percent of the data currently has been created in the past two years with totals expecting to grow exponentially.  When we start to aggregate these figures, the result becomes a staggering sum.

From the file transfer vantage point, MFT vendors are also seeing a correlation in individual file sizes with an estimated 40% increase during a five year period (2006-2011).  This can be attributed to a variety of reasons such as backwards compatibility support and rich object embedding along with an overlay of cheaper storage and faster networks.

Although the issues around how to store,  structure, and extract data is a focus for enterprises nowadays, one must recognize that IT organizations will be looking for applications that can easily integrate into their Big Data Tool sets.  MFT data silos certainly fall into this category as they contain data from a multitude of agnostic sources – generated by people, process, or product.  The data resident in these silos oftentimes lacks visibility by even the originating application itself much less the Big Data offerings which is critical to address. As exciting as Big Data is, there are still a number of areas to consider especially when it comes to the known and unknown data stores across the enterprise.  To marginalize the technology efforts, MFT vendors need to evaluate their own solutions and provide the necessary logging, reporting, and APIs to bring visibility to the Big Data trend.

I know that consumerization is spreading though out the enterprise, but none the less I was shocked to see in the Cisco IBSG Horizons Study that a staggering 95% of respondents (600 U.S. IT and business leaders), said their organizations permit employee-owned devices in some way, shape or form in the workplace. With company security breaches at unprecedented highs, I find it amazing that IT and business leaders are accepting, and in some cases embracing, the idea of “bring your own device” (BYOD) to work. Further the survey revealed that not only do enterprises allow employee-owned devices, but according to 84% of respondents, they provide some level of support for these gadgets– 36% of those surveyed provide full support.

Thanks to social networks, cloud-based email, instant messaging, and consumer file sharing solutions that are easily accessed on employee owned devices— the responsibility for protecting a company’s digital assets is an increasing burden for IT. In order to prevent productivity losses and data breaches, IT managers must deploy and maintain technologies that help enforce corporate policies while ensuring that employees can get their work done efficiently.

The Thru Enterprise Dropbox File Transfer solution provides IT with a secure unified platform for all corporate file management, file delivery and file sharing for internal users and external customers and partners. By providing users with dropbox-functionality that seamlessly integrates with their everyday business systems (e.g. Salesforce, Outlook, Notes, and SharePoint), employees will not need to find unauthorized and risky means to distribute and share large, often confidential, business files and folders.

With our lives increasingly revolving around social media and instant communications, employees will continue to bring their own devices into the workplace; however, if IT managers provide sanctioned tools for everyday tasks such as file transfer, the risks and security issues posed by use of employee devices in the office will diminish along with the headaches that they create for IT.

I’m continuously amazed with the number of tweets I see from business professionals devouring way too many cups of coffee as they impatiently wait hours, and sometimes days, for large files to transfer to their recipient(s) across/outside the country.  Angry tweets begin to emerge when it looks like the file is transferring fine but then the transfer stalls and eventually aborts.

With the global distribution of personnel commonly found in enterprises today, it’s no wonder that organizations are increasingly faced with more technological challenges.  And the requirement to quickly and securely share important business files containing ever-larger volumes of data with global associates, customers, and business partners continues to grow.  Email, FTP, VPN and freemium file sharing methods were not designed to handle the demands of enterprise file sharing on a global scale–organizations are looking for solutions that can deliver files at very high transfer speeds, are not limited by file size, will protect their sensitive data, and do not slow down or simply fail when sent over long distances.

Ten years ago Thru, Inc. introduced its Content Delivery Network, a complete secure file transfer platform, which solved the security and distance issues associated with large global file transfers and eliminated the delays caused by high latency and bad connections.  Using Thru’s patent pending TCP acceleration technology, global sync times are 2.5 times faster than its closest competitor, and crush the transfer times of FTP and similar file sharing methods.   And the Thru solution can be directly integrated with your existing business applications to protect and enhance existing investments.

For a global organization whose business model depends on quickly sharing and accessing large corporate files and folders anywhere, how many cups of coffee can you drink, and how long can you afford to wait for your documents to be delivered?

As pointed out before, in this blog and when covering this space at Gartner, most consumer file sharing solutions (several well-known vendors) allow files to be uploaded to their platform without antivirus (AV) and malware scans!  You might think that this is not an issue, because your company scans for malware at the gateway and at the desktop, so what is the risk here?

The problem is not when employees are working in your corporate environment, it is when they sync corporate data to other devices (bring your own device to work) when outside the network.  Employees work from platforms which are not supported by corporate IT policies or protected by corporate security defenses; however they are commonly used to  share and send files to customers, partners and other business associates.

Companies are simply not able to force employees to have antivirus at home, however home computers and other personal devices are increasingly being used for work related activity.  This problem typically flies under the radar because corporate IT does not have the resources and funding to deal with it, as they are forced to focus on more visible projects and issues that are obvious to their managers. What is seen as an efficient tool by employees, is a headache from a compliance perspective. Even if there is a policy in place, workers will ignore it simply because they need these unsanctioned tools to get their job done. And that is probably why you are reading this post in the first place.

So ask yourself, how many of your employees use a Mac to work at home and use consumer file sharing services that sync to Macs? Because that might expose you directly to this problem http://www.bgr.com/2012/04/24/though-risks-are-minimal-one-in-five-mac-computers-found-to-contain-windows-malware/

At first glance, consumer Dropbox tools are convenient and easy-to-use, allowing users to share video, music, and private content with family and friends within minutes. It’s no wonder individuals bring these seemingly harmless tools into the workplace. However, consequences arise when these tools are inadvertently used to circumvent corporate security and policies.

Security and Compliance

Companies are exposing themselves to unnecessary financial and legal threats by unknowingly allowing consumer Dropbox type tools onto the corporate network.

Many customers do not understand that software  itself does not undergo testing for regulations such as HIPPA, PCI, and SOX, but that the company must be tested for compliance. While the software alone cannot ensure a company will meet internal controls and stipulations required by law, storing data using these consumer applications can often ensure that the company will not pass its test.

Stringent policies have been mandated for protecting sensitive information regarding as evident with a Bank of America online statement in their FAQ:

“If you do not comply with PCI [Data Security Standard], your business may face significant financial and reputational risks.”  “If your cardholder data is compromised, you could be required to reimburse us for card brand fines ranging up to $500,000 per incident, as well as subsequent fraud losses incurred by card issuers resulting from the compromised card data, which may exceed fine amounts.”

Antivirus

When uploading a file to a consumer Dropbox, surprisingly there is an absence of virus and malware protection. Skeptical of such statements posted by the user community, we attempted to dispute these claims but discovered that they were indeed correct. Although not official by any means, we were able to upload various viruses to some of the leading consumer file sharing services. (Feel free to test using the same test file, found here). Thus potentially creating a perfect forum in which a Worm/Trojan could be specifically written to take advantage of these tools, quickly spreading malware to and from millions of computers and consequently onto enterprise networks.

Data Segregation

One of the more obvious difficulties with a consumer Dropbox is the separation between sensitive corporate information and private data. From its inception, the focus has been on the consumer market, making it widely installed on private devices (computers, laptops, mobile phones). Private devices are often inherently less secure, as do not focus on security, but ease of use. This was really never an issue before “bring your own device to work” emerged, users had few ways to share large quantities of data between home and work. Dropbox is now used to share both sensitive corporate information and private data. However users often do not realize accessing data on unsecure devices can put sensitive information at risk. Dropbox solutions needs to offer robust monitoring, policies and plugin to the existing governance framework, not just focus on the individual user, to mitigate data leakage.

Taking about data leakage, there is also a risk users choose a poor Dropbox password, which may enable unauthorized access to their consumer Dropbox and steal confidential data. My personal favourite though, is when data is stored on personal devices over which an organization no longer has control. Furthermore bypassing any automated document retention mechanisms in place, increasing administration for any document retention policies in place.

Join Our Webinar

These are just a few concerns that companies are facing today because of the onslaught of consumer Dropbox solutions that have crept into the enterprise. Join us on April 19th for a live Webinar, The Hidden Cost behind Dropbox Software in the Enterprise. Michael Osterman, President of Osterman Research, will discuss the concerns behind “consumer” file transfer solutions in the enterprise, and provide insight on how to give employees dropbox-type functionality with enterprise level security.
Also, if you are interested in protecting your organization from dropbox threats, check out Thru Dropbox Enterprise File Transfer solution.