Paul Castiglione

Paul Castiglione is a technical marketer and product evangelist with years of experience working with IT professionals implementing software and SaaS integration middleware: web app servers/PaaS, SOA/ESBs, and MFT/MFTaaS. He's worked for a few start-ups (most were subsequently acquired by IBM), open source, and IBM WebSphere.

ftp-broncos
Ipswitch’s FTPS server gave the Broncos the defense they needed for protecting data in motion.

Data Security a Huge Issue for NFL Teams

After a season of highs and lows, the Denver Broncos are headed to Super Bowl 50 to face the Carolina Panthers. But teamwork, dedication and hard work aren’t the only things that contributed to the Broncos’ surge to the NFL’s championship game.

The amount of data generated by an NFL team is staggering. Besides statistics, plays, strategies and a crunch of information that would make some quarterbacks’ heads hurt, the business of running a professional sports team requires videos, photos and graphics to be distributed to special events, marketing and fans relations partners.

Because of email and private network restrictions, all of this data used to be downloaded to discs, thumb drives or hard drives. They would then be delivered by hand to players, coaches and other important members of the Broncos team.

WS_FTP is Broncos’ Choice for an FTPS Server

The franchise’s use of Ipswitch WS_FTP Server, a FTPS (file transfer protocol secure) server,  gave it a great defense for protecting data in motion. This data includes plays, high-definition videos, graphics and more to players, coaches and business partners. You could argue file transfer capabilities didn’t directly get the Broncos to the biggest game in football, but it certainly didn’t hurt.

But this process was time-consuming, inefficient and not to mention a huge data security risk. Ipswitch’s WS_FTP Server  came to the rescue the same way Brock Osweiler saved the day – or at least didn’t blow it – this past season when quarterback Peyton Manning missed some of the action with an injured foot.

Unlike Osweiler, who subbed for Manning only temporarily, WS_FTP Server was a permanent solution to the Broncos’ file transfer woes. WS_FTP Server is secure enough to keep confidential team information out of the wrong hands – some would unfairly imply out of the New England Patriots’ hands. It’s also powerful enough to handle the influx and growth of data, and gives ultimate visibility and control for top achievement.

Another key quality of WS_FTP Server is its uninterrupted service that increases uptime, availability and consistent performance with a failover configuration. Unlike the Microsoft Surface tablets that failed the Patriots during the recent AFC Conference Championship, WS_FTP Server won’t go down, or leave the Broncos’ files in limbo, unprotected and undelivered.

NFL Becoming a Technology-Driven Business

The NFL’s need for quality IT service goes beyond devices displaying plays and diagrams. File transfer played a role in the way football went from throwing a pig skin down a grassy field to being a technology-driven business.

By providing partners with just a username and password, transferring files is completed in just a few clicks. So before the Broncos head to Santa Clara for the big game, the team can rest easy knowing its files are secure and accessible by all players, coaches, team executives and business professionals keeping the team running smoothly.

Read the Ipswitch File Transfer Case Study: Denver Broncos

We’ll find out Sunday if the Broncos and Manning can beat the tough Panthers, if the commercials will make us laugh and if Beyoncé and Coldplay will dazzle with their halftime show. But one thing the Broncos and all Ipswitch customers will always be assured of is the success, security and compliance of WS_FTP Server file transfer solution.

 

personal healthcare information

This Thursday, January 28th is Data Privacy Day (aka Data Protection Day in Europe).  The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices. To honor Data Privacy Day, here are some ways you can protect personal healthcare information (PHI) in-motion, an area of focus for healthcare IT teams handling PHI.

Personal Healthcare Info is a Hacker’s Dream

PHI is considered to be the most sought after data by cyber criminals in 2016. Hackers are moving away from other forms of cyber crime such as that which targets bank accounts. Instead they are focusing more on PHI due to the amount of data contained within it. Valuable data within PHI includes social security numbers, insurance policy info, credit card info, and more.

The lack of a consistent approach to data security throughout the healthcare industry also makes healthcare data easier to obtain. The easier it is to steal, the more lucrative the data becomes to hackers. The healthcare industry has had less time than others to adapt to growing security vulnerabilities, and online criminals don’t take long to take notice.

GDPR and the End of Safe Harbor

It’s not news that governments around the globe are doing their part to promote data privacy. They are doing this by legislating data protection of personal data, and reinforcing with significant penalties for non-compliance.  Check out the recent agreement on the European Data Protection Regulation as the most recent example.

What is changing, however, is the rapid growth in data integration across the open Internet between hospitals, service providers like payment processors, insurance companies, government agencies, cloud applications and health information exchanges.  The borderless enterprise is a fact of life.

Using Encryption to Meet Data Privacy Regulations

It’s well known that a security strategy focused on perimeter defense is not good enough. For one reason, healthcare data must move outside its trusted network.  Encryption is the best means to limit access to protected data, since only those with the encryption key can read it. But there are other factors to look at when considering technology to protect data in motion, particularly when compliance with HIPAA or other governmental data privacy regulations is an issue.

Briefly when evaluating cyphers for file encryption, described in FIPS 197, its important to consider key size, eg 128, 192 or 256 bit, which affects security.   It’s also worth considering products with FIPS 140-2 certified cyphers accredited for use by the US government as an added measure of confidence.

Here are several other things to consider to protect data in motion and ensure compliance:

  • End-to-end encryption: Encrypting files while in-transit and at rest protects data from access on trusted servers via malware or malicious agents with secure access to trusted network
  • Visibility for audit: Reports and dashboards to provide centralized access to all transfer activity across the organization can reduce audit time and improve compliance
  • Integration with organizational user directories: LDAP or SAML 2 integration to user directories or identity provider solutions not only improves access control and reduces administrative tasks, but can also provide single sign-on capability and multi-factor authentication
  • Integration with other IT controls: While data integration extends beyond perimeter defense systems, consider integrate with data scanning systems. Antivirus protects your network from malware from incoming files and Data Loss Prevention (DLP) stops protected data from leaving.
  • End-point access to data integration services: There are more constituents than ever that participate in data exchange. Each has unique needs and likely require one or more of the following services:
    • Secure file transfer from any device or platform
    • Access status of data movement to manage Service Level Agreements (SLAs)
    • Schedule or monitor pre-defined automated transfer activities
  • Access control: With the growing number of participants including those outside the company it’s more important then ever to carefully manage access with role-based security.  Ensuring each have appropriate access to the required data and services.
  • File transfer automation: Automation can eliminate misdirected transfers by employees and external access to the trusted network.  Using a file transfer automation tool can also can significantly reduce IT administration time and backlog for business integration process enhancement requests.

Become Privacy Safe Starting with This Webinar

Protecting PHI within the healthcare system doesn’t have to be painful for hospital administrators or doctors to appropriately access PHI, but it does mean having the right technology and good training in place. And in honor of Data Privacy Day, don’t you want to tell your customers that their data is safe? You will be one step closer by signing up to tomorrow’s live webinar.

Learn how you can implement health data privacy controls to secure your healthcare data >> Register Here

For more on this topic register to hear David Lacey, former CISO, security expert, and who drafted original text behind ISO 27001, speak about implementing HIPAA and other healthcare security controls with a managed file transfer solution.

closeup of computer keyboard with translate button
Creating software for the global IT community.

Today we released Ipswitch Analytics 1.1, an update to an add-on module for our MOVEit managed file transfer solution that offers flexible reporting and monitoring.  The most significant new capability is adding localized language support for end-users including Spanish, German and French (on top of English, of course).

What does this mean? It means life gets a little easier for end users.  For example, while a sysadmin can configure a localized language for all users, an end user can override and choose a different language for their own use that suits them better.  MOVEit users can now do all file transfer tasks in their native language: sending and receiving files, track the status of a transfer or create reports.

For a complete list of enhancements, check out our Ipswitch Analytics 1.1 Release Notes.

Simplified Managed File Transfer with MOVEit Server 8.2

While I am on the subject of new releases, last month we shipped MOVEit (DMZ) Server version 8.2, a secure managed file transfer server.  While there’s a number of updates in the new release, the most interesting is shared mailboxes.

This is a great feature for any team, where an individual member needs to securely send or receive large documents on behalf of their group.  Employees can now send large files securely to a single customer services mailbox, for example.  Any available customer services team member can access the file from the shared mailbox and securely reply to the employee.  There’s no longer a need to forward files between team members because everyone can access the same shared mailbox.  The feature can also be used to delegate access to co-workers during a temporary absence. The shared mailbox can be accessed from mobile devices, through web browsers, or an Outlook email client.

Read the MOVEit File Transfer (DMZ) Server 8.2 Release Notes for the complete list of updates.

FT-eval-300x250

 

In a recent webinar, “What’s the Future of Your FTP?”, I looked at the key regulatory compliance features within file transfer solutions. Requirements for protecting data being transferred internally or externally vary, but there are commonalities across industry regulations, national and state laws, and security specs.

I identified the ISO 27001 Control groups relevant to file transfer and mapped them to the following regulations: PCI DSS, HIPAA (section 164), SOX, Basel II/III, and FFEIC (Exam Handbook Page).  The right file transfer technology can help organizations satisfy requirements across a range of controls including policy, access control, encryption, and business continuity.

Risk Assessment Justifies Expenditures

A risk assessment will help prioritize organizational weaknesses and justify technology expenditures to best meet critical needs.  Your risk assessment will likely identify:

  • Types of data that require protection such as personally identifiable information or corporate financial data
  • Common vulnerabilities like a lack of encryption or a confirmation of the receipt of a file transfer
  • Typical risks associated with file transfers such as transfer failures, data loss, or data breach

Your next step might be to identify the biggest risks for your infrastructure. Then assess and rank identified risks. Finally, define mitigating controls for the highest priority risks.

The Most Useful Managed File Transfer Technology Features

Consider what managed file transfer can do (below) to identify cost effective mitigation controls to prioritized risks.  When evaluating relative importance of each feature, consider ease of use (for both administrators and end-users), and ability to integrate with other systems.

  • Authorization, authentication and access control: Consider the need for non-repudiation, single sign-on, and integration to user management services like Active Directory/LDAP or SAML (two identity provider solutions).
  • Logging and reporting: Implement a centralized scalable repository for automated report generation and distribution, and protect end user access to logs and reports.
  • Encryption: For encryption in transit and encryption at rest, consider using AES 256-bit and SHA 512 file integrity. Use TLS instead of SSL protocols since PCI DSS no longer recognizes SSL or early TLS versions as strong cryptography due to identified vulnerabilities like Heartbleed
  • File management and disposition: Use automated disposition rules like file compression and encryption before a transfer and file deletion after a specified time limit after a transfer
  • Data scanning: Add integration to anti-virus (AV) or data loss prevention (DLP) solutions
  • Policy enforcement: Dictate and enforce password policies, lockout rules, and alerts/notifications
  • Failover and disaster recovery: Use single server failover and automated failover to remote locations in order to meet SLAs of zero downtime and to prevent data loss
  • Client flexibility: Set up FTP client support, email client, and web browsers

Watch the full webinar for more details like:

  • Full list of managed file transfer technology features as options for risk mitigation controls
  • Overview of recent regulatory changes
  • ISO 27001 IT controls mapped to key regulations and specifications

social-banner-FT-future-2od

secure-file-transferNathan Hays works for one of the largest insurance companies in the healthcare industry. The company electronically communicates with a huge number of customers, vendors and other partners. Along with having to meet stringent audit and compliance standards for those file transfers, the insurer must also have a streamlined processes to avoid wasting time.

As a Senior Microservices Analyst for the insurer, Nathan recognized that transferring files was slowing down operations. Different departments were each using their own solutions to send files – both internally and externally. Their methods were not secure or reliable, and caused problems that slowed business. Nathan needed to act.

Satisfying Different Secure Data Transfer Protocols

With more than 3,000 employees, the insurance company has complex needs for flexibility and scalability. Many employees transfer different types of files internally and externally, creating a need for a centralized system capable of satisfying the different transfer protocols, encryption levels and file formats used throughout the organization. To make things even more complex, their vendors demand they used different processes and security policies for sending and receiving files, creating new problems at every turn. Email and traditional FTP servers were not getting the job done. The insurer also needed to support multiple encryption and security protocols.

Secure Data Exchange Challenges

Tasked with creating simplified, managed and secure workflows for the transferring and monitoring of both internal and external files, Nathan started a search for a new solution by identifying the specific challenges in existing processes.

“Users really like email. They want to send files via email, they think it’s easy. They don’t realize that it’s not the most secure way to do things and not really the most desired way to do things either,” Nathan explained.

With employees transferring files in ways that Nathan and his colleagues couldn’t monitor or manage, he stepped back and jotted down the core challenges his company faced:

  • It was increasingly difficult to manage various FTP programs that were used to transfer different types of files.
  • Multiple workflows had to be created in order to address the different needs of vendors and partners.
  • All insecure methods of transferring files had to be eliminated.
  • Standard FTP solutions and third-party cloud services have restrictions on bandwidth and file size, along with added security concerns, creating unnecessary problems.

Once Nathan identified these challenges, he set out for a solution.

MOVEit Automated File Transfer System

Searching for a viable solution to any business problem can be a massive undertaking. The solution must be customizable to adequately address every pain point, not just some of them.

Nathan began by talking to his IT peers at his company’s customers to see how they were addressing their file transfer concerns, since they shared many of the same requirements. Lucky for him, one of the first suggestions he received directed him towards Ipswitch’s MOVEit. After learning more about MOVEit – an automated file transfer system – Nathan believed he had found the solution that allowed for centralized, secure and monitored file sharing.

With MOVEit in place, the insurance company was set up for success. Over time, each of the core challenges were resolved:

  • All file transfers now pass through one central location, MFT, which systematically blocks and eliminates insecure methods of transferring files.
  • Activity reports provided by MOVEit allow for a complete scope of files going in and out of the company. This benefits efficiency and network management and also simplifies preparations for audits and compliance reports.
  • Guaranteed 99.9% uptime allows the insurer to continually meet its service level agreements with vendors and partners and avoid detrimental issues.

MOVEit enabled the insurer to create more than 3,000 automated workflows to provide enhanced service to all departments. MOVEit exceeds all of the healthcare industry’s standards for compliance and reporting, directly helping the insurer to meet regulatory compliance and the never-ending technological demands of business.

“Something that may take several days or hours using a combination of [other] software, [MOVEit] allows us to turn around…in as little as 30-45 minutes. Users appreciate it and notice that you’re providing an excellent service,” Nathan said.

“…we’ve done so well that we’ve added a few employees [as we’ve expanded use, and] I’ve also gotten promoted,“ he added. “It really has brought some good praise and good attention to my area.”

Nathan provides examples of streamlined workflows and discusses how using MOVEit Central and MOVEit DMZ have enhanced company growth in his recorded talk at Ipswitch Innovate Summit 2015.

safeharbor-ruling

CJEU Rejects Safe Harbor Rules for User Data Transfer

If you’ve been listening, the CJEU has just rejected the safe harbor rules put into place 15 years ago. The implications of this ruling could render many global companies in a tough spot, specifically companies that rely on the free transfer of data between the EU and US. Companies likely to be affected not only include US social media sites, but US cloud file share sites like Dropbox (and their customers who use their services to store EU citizens’ personal data), global retailers with buyers in the EU, and any US business that manage personal data of EU citizens.

User Privacy Impacts ‘Business As Usual’

Although the changes are not immediately in effect, the demands of user privacy will likely impact ‘business as usual’. It is an obvious backlash to NSA surveillance of citizens online activities without their knowledge or consent. But the cost to global businesses is that it’s going to be harder to provide services and data between the US and Europe.

“If the Safe Harbor rules in place since 2000 are done away with, each country in the European Union could potentially set is own privacy rules and regulations, creating enormous barriers to U.S. firms doing business there.” – USA Today, Europe’s top court rejects ‘Safe Harbor’ ruling

Now the scramble for CISOs in global companies is to find ways to comply with the new ruling. It goes without saying that user privacy is extremely important and should be a fundamental right, but this ruling affects more than Facebook and Google, who may have anticipated and already addressed this issue within their organizations. It most likely will change how companies need to handle data flows between the two continents. About half the world’s data is exchanged between Europe and the US, and rejecting safe harbor means drastic changes for small and medium business alike.

In talking to my colleague, Alessandro Porro, in London this morning about this news, he had the following to say:

“The strike down of the Safe Harbor agreement by the Court of Justice of the European Union (CJEU) adds a large amount of uncertainty and risk to any enterprise whose business involves data movement between the EU and US.  Safe Harbor was found to not meet the requirements of the Data Protection Directive.Whilst the EU’s general approach to data protection has been agreed, the actual regulation is still in consultation and so there could be the flexibility to include clear guidance to these firms.  However, it would be fair to assume that this could impact that target adoption date which is currently the end of the year. Businesses should to start working immediately to audit their data sharing practices, including use of US cloud sharing services like Dropbox, so that they understand exactly where they stand and are ready to act when further guidance is issued. “

Tough for Tech But Win for User Rights

On the other side of this, advocates of user privacy as a fundamental right are cheering a huge win. Edward Snowden was quick to tweet out form his new Twitter handle about the ruling.

In either case, it will be interesting to see how the tech industry reacts to this. Companies will need to start getting a little more creative about how they share data between the US and EU.

What is your company doing to adjust to the new rules?

Related Articles

Practical Guide to Control and Compliance

How ready is your organization to comply with evolving regulatory landscape and security risks?

>> Engage with us next month during the Ipswitch Innovate 2015 User Summit, a two-day (October 21-22) online event for IT pros to learn from each other and our product experts.

innovate-FB-1200x628

Today, we announced the release of Ipswitch Failover, a new MOVEit Managed File Transfer module that delivers zero data loss, no single point of failure and maximized availability through fast failover. Ipswitch Failover enables IT teams to provide highly available continuous file transfer operations and safeguard against data loss for regulatory and policy compliance with a simplified, easy to implement solution.

With Ipswitch Failover, businesses can:

Ipswitch Failover Architecture: Ipswitch Failover heartbeat communication between primary and secondary servers continuously replicates data at the windows kernel level ensuring zero data loss in the event of a failure.
Ipswitch Failover Architecture: Ipswitch Failover heartbeat communication between primary and secondary servers continuously replicates data at the windows kernel level ensuring zero data loss in the event of a failure.
  • Ensure high availability, continuous file transfers for 24×7 operations: Maximize file transfer success of business critical and sensitive data. Failover within a single datacenter, or to remote disaster recovery sites within seconds or minutes. Predictive and automated rule-based failover ensures continuous operations.
  • Safeguard against data loss for regulatory and policy compliance: Heartbeat communication between primary and failover servers allows for zero data loss in the event of failure. No single point of failure delivers 24×7 operations for MOVEit File Transfer (DMZ) and MOVEit Central servers.
  • Quickly implement automated failover: Implement failover in as little as an hour for local failover. No additional hardware and software for load balancing is required. Predictive and automated rules-based failover ensures continuous operations.
Monitor all file transfer activities from a single pane of glass.
Monitor all file transfer activities from a single pane of glass.

Key features of Ipswitch Failover include:

  • Real-time replication of data to a ‘hot-standby’ failover server to ensure file transfer services are always available.
  • Failover rules monitor performance metrics on production servers and can perform switchover to a ‘hot-standby’ before downtime.
  • Automated failover with Recovery Time Objectives (RTO) of less than a minute and Recovery Point Objectives (RPO) of seconds.
  • No single point of failure nor load balancing hardware of software required.
  • Automatically monitor MOVEit File Transfer Server (DMZ) and MOVEit Central application health in real-time to identify and fix problems before they result in downtime.
  • Site-to-site (or on-site) failover to keep businesses running 24×7.

>> For more information about Ipswitch Failover please visit: http://www.ipswitchft.com/moveit-managed-file-transfer/file-transfer-failover.

>> And be sure to engage with us next month during the Ipswitch Innovate 2015 User Summit, a two-day (October 21-22) online event for IT pros to learn from each other and our product experts.

Ipswitch Innovate is a two-day online only event for IT professionals to learn from each other, and our product experts. Click to learn more.
Ipswitch Innovate is a two-day online only event for IT professionals to learn from each other, and our product experts. Click to learn more.

Earlier this year we warned of fake Dropbox emails that urge users to click on emails labeled as “urgent and highly confidential” documents. Those that followed these instructions were quickly added to the list of victims of a highly-effective phishing scheme as the redirect was to a false log-in page designed to capture user credentials. As our own Alessandro Pooro said at the time, “Dropbox is vulnerable to these common attacks as it was not originally designed with enterprise security in mind.” Dropbox-Security

It’s no secret that phishing campaigns against Dropbox users have spiked recently as cyber-criminals have identified this as a weak link in the security chain. Sensitive corporate and personal data is often contained throughout these accounts but are not subject to the same protections and level of vigilance as data on the corporate network.

In an effort to combat this, Dropbox has announced that they are turning to USB-based security keys to improve log-in security and better protect users from phishing attempts. Physical security keys are viewed as stronger than smartphone-based two-factor authentication solutions as the latter still exposes the user to the risk of being directed toward a fake Dropbox site designed to phish their password and verification code. However, using this type of file sharing service to share sensitive information is still wrought with risk and uncertainty.

Because information on Dropbox is stored rather than moved, it represents a “soft” target for hackers long after the information has been shared and forgotten about. Instead, users should consider a managed file transfer (MFT) solution that protects sensitive files before, during, and after transfer with guaranteed delivery. With the highest levels of encryption and a range of customization options, MFT is the safest and easiest way to exchange sensitive information.

>> For more information about managed file transfer solutions from Ipswitch, please visit: http://www.ipswitchft.com/moveit-managed-file-transfer. 

Be sure to engage with us next month during the Ipswitch Innovate 2015 User Summit, a two-day (October 21-22) online only event for IT professionals to learn from each other, and our product experts.

Ipswitch Innovate is a two-day online only event for IT professionals to learn from each other, and our product experts. Click to learn more.
Ipswitch Innovate is a two-day online only event for IT professionals to learn from each other, and our product experts. Click to learn more.

 

 

The responsibility for safeguarding sensitive company information and securely transferring it falls on the already stretched thin IT departments. Luckily, there are many options available for IT when it comes to file transfer. Email, FTP, USB drives and EFSS services like Dropbox to name more than a few. Yet none are as secure or cost-effective as managed file transfer (MFT).

Simple & Secure File Transfer: 5 Ways to Make it Work for You
Simple & Secure File Transfer: 5 Ways to Make it Work for You

MFT gives IT teams the agility they need to respond faster to business needs. All this while reducing time and resources required for file transfer operations. Here are five ways MFT makes IT better at their job:

  1. Secure and reliable transfers lift the burden from IT professionals. MFT provides a single-source solution with built-in security and encryption capabilities. This means all file transfers – whether they are process-to-process, person-to-process or process-to-person – are guaranteed to be protected.
  2. Out-of-the-box solutions free up valuable time and space. A MFT system offers out-of-the-box solutions that can easily be integrated into an existing IT infrastructure. Implementing a turn-key solution means that file transfer can be managed by less experienced IT administrators.
  3. Streamlined automation improves IT productivity. Many file transfers are initiated on a recurring basis. IT teams can get bogged down confirming transfers to meet SLAs.  The automation that comes with MFT promptly pushes data to the right person at the right time. This means that the IT team doesn’t have to think twice and can remain focused on other tasks.
  4. It’s IT friendly and eliminates errors. MFT incorporates admin, end-user access, analytics and reporting, and automation and workflow. This helps IT teams avoid tedious manual tasks that can lead to errors. Not to mention protection against a security breach via integration with important things like encryption and data loss prevention.
  5. Predictable reporting improves visibility and offers support for IT professionals. For regulated businesses (banks, hospitals, etc.), in-depth reporting is a critical need for file transfer systems. A MFT system incorporates reporting capabilities that ensure firms adhere to strict compliance regulations and are able to provide accurate data in the case of an audit – and fast.

Since businesses run on data, the transfer of data is the heart of today’s organizations – and with a solid MFT system, IT teams know that all data is protected while in transit and at rest.

>> Check out “Simple & Secure File Transfer: 5 Ways to Make it Work for You” to learn more about how we help IT teams with managed file transfer.

 

ThinkstockPhotos-477492571
Managed file transfer automation tools, like MOVEit Central, can make automating common tasks related to file transfers in much less time.

In a recent Ipswitch IT Priorities survey of over 371 IT professionals involved in file transfer and sharing administration, about 75% said they already used or had need for file transfer automation.  Their most common scenarios were:

  • Automate batch scheduling
  • Workload automation
  • Integration to backend systems. They include financial, CRM, ERP, cloud storage, ECM, EMR or marketing automation systems.

About half said they use Powershell to upload/download data from applications and databases today. So what should you keep in mind when using Powershell to automate common file transfer activities?

  • Use Windows Managament Instrumentation (WMI) to monitor a folder for newly arriving files.
  • Use Get/Add-Content calls when making changes to a file
  • Automation of file encryption is tricky, but consider using GnuPG.  Ensure you don’t use cleartext passwords.
  • You can use WinSCP client or WS_FTP Professional to transfer the files using secure protocols like SFTP, FTPS or HTTPS.

Managed file transfer automation tools, like MOVEit Central, can make automating common tasks related to file transfers in much less time. They are built to handle commonly overlooked scripting issues. These include error handling, logging, environment changes, and security related issues like encryption key management and password protection.

Adam Bertram, Microsft MVP, shared some “how-to’s” and sample code to automate a common file transfer scenario at last week’s Spiceworks webinar “Automating File Transfers Securely”

  • Monitor a folder for arriving files
  • Make changes to a file
  • Encrypt the file
  • Transfer the file

You can access the sample code at Adam’s blog here.

 

Over the past few years, security threats have increased in frequency and costliness, making adhering to the proper compliance standards a top concern for many IT leaders. And while a compliance audit may cost an organization a considerable amount of money, the cost often runs deeper than dollars and cents.

ThinkstockPhotos-462805245In our most recent survey, we polled 313 IT professionals in the U.S. to gain a better understanding of their level of preparedness and confidence around the compliance audit process. The findings show that only 17 percent of IT professionals find actual dollars spent to be the costliest part of a compliance audit. More than half (52 percent) noted that the allocation of IT resources is considered the most costly and another 13 percent admitted that the emotional strain and stress alone is the costliest part of an audit.

So how can IT professionals cut down the financial costs – as well as the emotional strain – of an audit while still adhering to the proper compliance requirements? Following these three tips can help:

  1. Identify and take control of your sensitive data – moving data securely and reliably to support critical business processes has never been more important — and challenging. Sensitive data must be protected in transit and at rest with the proper controls to meet business needs and government and industry regulations.
  2. Synchronize with other divisions – When it comes down to the bare bones of exactly who is responsible for managing and enforcing these compliance and security requirements there is often a detrimental miscommunication over ownership. IT’s ability to manage compliance could be enhanced through better coordination with line-of-business (LoB) functions, whether it’s a case of ownership, increased communication with business lines or policy enforcement.
  3. Leverage automated tools to escalate productivity – The true value in automation is reduced errors and labor costs. Costs include troubleshooting errors and lost files; time required to manually transfer files; and the significant skills and costs trying to craft a do‐it‐yourself automated process with scripts and custom programming. And of course this frees people to work on more critical tasks.

These three steps can be easily followed using a robust, automated managed file transfer (MFT) solution. MFT provides transparent movement of files and strengthens related IT processes through scalability, reliability, failover, and disaster recovery. By utilizing the right MFT solution, IT pros will have the proper tools to do their job effectively and efficiently, alleviating stress and increasing the organization’s overall productivity.

With an alarming number of security breaches and data loss this past year, maintaining compliance with industry regulations is a top concern for IT pros and senior leadership. So why are IT departments leaving compliance and security processes to chance? (Particularly those in highly sensitive industries like finance, healthcare and insurance.)

CapturefffWe recently polled 313 IT professionals in the U.S. to understand how prepared organizations are to undergo compliance audits. We found that over half (59 percent) of all respondents feel unprepared. Some even feel they are facing an impending disaster. While IT is charged with keeping business processes smooth and secure, they have little control over all file movements across an organization and insight into operations. To help regain control over compliance requirements, IT should consider these five steps:

  1. Prepare for audits with centralized audit logs and reports for file transmission.
  2. Ensure the file you sent is the same as the one that is received.
  3. Integrate all of your IT and security systems.
  4. Never grant external users access to your trusted network.
  5. Think through the entire file lifecycle and ensure personal data is protected.

These five steps are easily completed with a robust, automated managed file transfer (MFT) solution. MFT provides transparent movement of files and strengthens related IT processes through scalability, reliability, failover, and disaster recovery. With the right MFT solution in place IT pros can rest easy knowing they can enforce governance when it comes to the transfer of sensitive information.

This will come as a relief for half of IT pros (46 percent) who would choose to have a root canal procedure, work over Christmas, live without electricity for a week, or eat a live jellyfish if it meant avoiding an audit. Without an MFT solution, companies run the risk of violating a growing number of statutes and regulations designed to protect sensitive data from being breached. Don’t let compliance haunt your dreams and find out how to successfully survive an audit here.