Data Security and Managed File Transfer

Why FTP/SFTP is Insufficient
While the technology is dated, many companies continue to use FTP to transfer files internally and externally. As a free solution, many companies do not realize the risks associated with this type of file transfer. So the question to ask is, “Is FTP really free?”

FTP is not a secure method for transferring your data, whether internally or externally. What is the cost of losing your clients’ or partners’ data to your business? What is the cost of paying penalties for not meeting compliance requirements? Besides the financial implications, companies should also consider the effect of lost or delayed data on its reputation. As the public and businesses become savvier to the potential threat, FTP is quickly becoming an obsolete method of data transfer.

Many vendors promote SFTP (secure file transfer protocol) solutions. The data is transferred through SSH, a network protocol that allows data to be exchanged using a secure channel. While SFTP offers a minimal amount of security, it still compromises both your data’s confidentiality and integrity. SFTP has inherent design flaws that are making this seemingly secure method of transfer as obsolete as FTP.

The solution to protecting and transferring sensitive or mission-critical data securely is Managed File Transfer (MFT). Managed File Transfer solutions provide a greater level of security, meet strict regulatory compliance standards and give you the reliability you need in a data transfer solution. The key to minimizing risk to your corporation is to deploy a secure and compliant MFT solution that enables you to track all data movement across the organization from a single point.

Security and Compliance
Many federal regulations are making MFT not only a better option, but the only option. Data transfers are often performed by a myriad of file transfer products that vary widely in terms of robustness, security and audit capabilities. All efforts to provide an end-to-end view fail as long as file transfers are processed separately using different technology.

As the enterprise-wide deployment of legacy file transfer products is cost prohibitive, most organizations are riddled with file transfer products, tools and utilities that cannot interoperate. With the amount of data transferred by organizations increasing everyday, it is imperative to standardize on a modern, cost-effective solution that adheres to current security and audit requirements including:

• Sarbanes-Oxley Act (SOX)
• Gramm-Leach-Bliley Act (GLBA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Health Information Technology for Economic and Clinical Health Act (HITECH)
• Payment Card Industry (PCI) Compliance

MFT solutions address all of these regulations and provide greater functionality, not only for security and compliance, but also by providing file transfer transparency throughout your entire organization.

Another issue driving the market to evaluate a MFT solution is data breaches. Data security breaches occurring at reputable corporations with large IT budgets have become an increasingly common occurrence. Too many organizations underestimate the issues with data transfer, lacking a full understanding of how data moves internally throughout their enterprise and how data is exchanged with their business partners.

With an increasing number of data breaches worldwide, many companies are asking themselves if FTP/SFTP solutions are worth the risk despite the no-to-low cost. According to the ITRC’s (Identity Theft Resource Center) 2009 Breach List Report, “only 2.4% of all breaches had encryption or other strong protection methods in use. Only 8.5% of reported breaches had password protection. It is obvious that the bulk of breached data was unprotected by either encryption or even passwords.”

For any organization that transfers sensitive data, this is a business-critical issue. Whether you are in the healthcare, financial or government sector, using unsecure methods of file transfer puts your business, partners and clients at risk.

Managed File Transfer – What Can It Provide Your Business?

Any credible MFT vendor provides the following functionality:

• Security
• Visibility
• Manageability
• Reliability
• Compliance

A true MFT solution supports the most modern security standards and methodology including SSL encryption, X.509 certificates and proxy certificates. The solution should streamline the audit process while also being able to access that audit information from a central point, saving you time and money.

Additionally, MFT solutions should integrate with all components enterprise-wide to increase automation and reduce the need for specialized staff. This allows your staff to follow all elements of a business process and determine the impact of problems or issues on your business from a central control point. Establishing the technical issue before it becomes a business/operational problem is key MFT functionality.

Your MFT solution should include functionality that allows data to be pre-and post-processed. You should be able to initiate action on any platform in your environment. Platform independent MFT solutions lower your overall costs by reducing overhead.

What happens if there is a network failure? MFT solutions ensure that all interrupted file transfers resume where they left off after a connection failure without manual intervention. Your MFT solution should tightly integrate with your existing job scheduling solution to issue alerts if connections are not re-established after an acceptable time interval.

Benefits of Managed File Transfer
A MFT solution provides the aforementioned benefits and addresses the holes in a FTP/SFTP solution. Your compliance needs are met, avoiding costly mistakes from non-compliant and insecure solutions that will cost your company more in time, money and resources. A MFT solution implemented enterprise-wide makes the most business sense as it provides secure internal, external and ad-hoc data transfers.

What To Look For
So now that you know what a MFT solution should provide, what do you look for when selecting a vendor? Besides the functionality listed above, make sure the following points are answered before implementing a MFT solution:

• What is the vendor’s experience?
• Do they have client references that you can call?
• Is the vendor flexible and cost-effective?
• Does the vendor’s MFT solution integrate with other workload processes?
• Does the vendor enable consolidation and automation of all file transfers?



Original Post