The Ziff Davis survey on Managed File Transfer did a nice job amplifying the aspects of currently deployed file transfer methods people think need the most improvement.

Checking in at #1 and #2 on the “improvements needed to my existing file transfer methods” list are SPEED and SECURITY.  This only fuels the age-old debate of productivity versus security… But that’s a topic for another day!  Needless to say, it’s not surprising that about half of survey respondents say that they need faster file transfers and roughly the same amount say they require stronger security.

Other items on the “improvements” wish list include:  reliability, capacity, scalability, central management, workflow integration, IT infrastructure integration and compliance.

It’s validating to see in the graphic that areas where MFT solutions excel today closely map to those aspects of existing file transfer methods that people say require the most improvement — Reliability, speed, security, up-time and capacity round out the top five.  Efficiency is a common theme with all these items, driven largely by time-sensitive business-critical processes and even SLAs depending on fast and highly available file transfer processes and workflows.

The last point I want to make about the “needs improvement” survey results is that no solution (MFT or other) will magically make a company compliant.  There is no holy grail to achieving regulatory, regional, industry or corporate compliance.  Rather, compliance is the end result of a strategically implemented, documented and monitored initiative that encompasses the entire arsenal of company-sanctioned policies, tools, and of course processes and employee actions.

Coming soon:  I’ve got a few more musings about the survey that focus on deployment challenges as well as the business benefits of MFT.

835UVUTMM99Z

Manually documenting connectivity between devices or systems can be a pain. No one looks forward to pouring over router configurations, device logs, and Access Points; verifying connectivity visually port-by-port; and mapping topology information. As your network grows, changes location, or gets virtualized, mapping and discovery becomes even more of a hassle.

WhatsUp Gold WhatsConnected can take care of this process for you. With its Layer 2 and Layer 3 discovery and mapping you can inventory and document you network at anytime, anywhere – with just one click.

Join us tomorrow, Tuesday, October 5th at 12:00 PM EST for a run-through of WhatsConnected’s capabilities. AND, a Kindle will be raffled off to one lucky attendee!

>>Register here

Enhanced by Zemanta

Ziff Davis recently published a study on Managed File Transfer that heralds MFT solutions as “the unsung security and compliance solution”.  Eric Lundquist sets the stage nicely:

“Everyone is talking about the need to collaborate more effectively and put employees closer to customers in a real time business environment.

But until you can assure the security, privacy, and compliance requirements of data transfer, the collaborative enterprise is just a good idea.  MFT is one of those enabling technologies designed to make it a reality.”

The study found that security concerns about current file transfer methods include the usual suspects, such as:  encryption; viruses, user authentication, backup, hacking, enforcing security policies, managing external users, auditing, reporting and defining security policies.

Not surprisingly, data from the study shows that many of those very security concerns that people had with their organizations current file transfer methods are actually strengths of today’s MFT solutions.

Keep in mind that many organizations still rely on homegrown scripts and point-to-point solutions, oftentimes using unencrypted FTP protocol for transport… And with very little visibility, management or policy enforcement.  In addition to being time consuming and expensive to manage and maintain (and commonly built by developers that left the company years ago), many existing file transfer methods are insecure and introduce risk and inefficiency into an organization.

Plus, many companies haven’t even begun to crack the person-to-person nut of file transfer beyond relying on corporate email, unsanctioned personal email or file sharing websites, and even sneakernet!

In my next post, we’ll take a closer look at some of the areas where the study identified MFT solutions as being superior to many commonly used methods for file transfer.

I just returned from the PCI Security Standards Council .  It was great to spend a couple of days talking tech and trends with other security experts.

The hottest trend this year in the payment security industry is “tokenization”.   This technology lifts credit card numbers from sets of data and replaces them with unique one-way tokens (e.g., “234cew23”) in the data instead.  The original credit card numbers are stored in a “secure token vault” and may only be retrieved by authorized people and processes who present another set of credentials (preferably two-factor credentials).

The reason businesses find tokenization compelling is because PCI requirements state that data sets with credit card numbers must be treated with more care than data sets without that information (e.g., just your name, expiration date, etc.).  The higher degree of care often translates into full encryption, good key management, regular key rotation and a host of other security controls.  All these extra controls cost money, so if businesses can ratchet down the sensitivity of their data with tokenization, they can enjoy cost savings by not having to implement (or audit) other security controls.

Anyone buying in at this stage would be an early adopter: the Council has not yet endorsed the use of this technology.  However, the Council has formed a working group to come up with specific guidance (e.g., are hashes OK, if so, which ones, are unique IDs OK, etc.), so some level of future acceptance seems likely.  So far the working group has only provided a definition of the technology (essentially, the one I provided above).   However, a draft recommendation from the Council with specifics is expected around the new year.

The real highlights for me at last week’s SecureWorld Expo were the attendees who visited Ipswitch’s tradeshow booth.  From global enterprises to small business owners, public utilities to brand name consumer products companies, the people I met described challenging business problems and showed genuine interest in managing and protecting their data.

A couple of visitors jump to mind:

  • The ex-Secret Service agent (Electronic Crimes Task Force), now an independent consultant, who came straight to SecureWorld after flying cross-country to attend another security conference in Atlanta.  Her curiosity about managed file transfer solutions, and her breadth of knowledge about encryption methods and sources of risk I had never even considered, gave us lots to talk about.
  • The Chief ISO from the CA Dept of Water Resources, one of at least 10 people I met from local environmental agencies or private utilities.   I had no idea that the business of managing natural resources was so data intensive!  They have a huge amount of traffic between and among state and county agencies, and send hundreds if not thousands of files per week to private businesses, citizen groups, and individual consumers.  Many of these files contain sensitive information, making it an ideal scenario for Ipswitch’s managed file transfer solutions that can handle high volume data files sent programmatically to a wide number of recipients.

These two booth visitors highlight 2-days worth of insightful conversations I had with customers, prospects and fellow vendors.  Needless to say, I’m very excited to dive into the MFT space and look forward to sharing more insights.