Zak Pines

As Director of Marketing for Ipswitch File Transfer, Zak is an information advocate for Managed File Transfer. Zak’s team strives to provide valuable and helpful information to IT and business professionals looking to better understand managed file transfer, how it can help their organization and what steps are required to maximize the business impact of a managed file transfer system. This “All Things Managed File Transfer” blog is one element of that program. Zak is a graduate of Yale University.

innovate-FB-1200x628
The Ipswitch Innovate Virtual Summit for IT pros, by IT pros. Click to register!

Calling all IT pros looking to learn innovative best practices from each other and our own technology experts. Attend the Ipswitch Innovate 2015 Summit (October 21-22), a two-day virtual event where you can leave your car at home and wear anything you like, because you can only attend this summit online. It may be virtual, but Ipswitch Innovate 2015 will deliver a high dose of tech advice from IT innovators – live streamed directly to you.

Registration is FREE for anyone who wants to attend. Whether you’re an Ipswitch user or seeking tips, tricks & best practices for your IT team, you’ll receive 3 hours of LIVE content each day on ways to improve your IT operations across network, server & application monitoring, file transfer and more.

Summit highlights include case studies and live chats with product experts who will answer your questions including best practices for getting the most out of your monitoring & file transfer software. But the benefits of participating don’t stop there. Here are five reasons why this summit is a must-see:

  1. Advance your techniques, for free

Register now to get real-world technical advice from leading experts on the best ways to simplify IT initiatives with Ipswitch software. Did I already mention our online event is free?

  1. Get recognized for your success

Are you already innovating with Ipswitch software? If so, nominate your company for an Ipswitch Innovate 2015 Customer Award.

  1. Prepare for the future

Be among the first to learn about new, innovative Ipswitch products that are coming your way. Learn what’s trending in compliance and the Internet of Things (IoT) that’s changing everything you thought about securing data and monitoring Things.

  1. Get inspired by others

Hear battle stories from your fellow savvy IT pros in the trenches and learn how they are using Ipswitch technology to solve their IT challenges.

  1. Earn Ipswitch $

Participate and earn Ipswitch $ value rewards you can use to buy Ipswitch products like WhatsUp Gold network performance monitoring, MOVEit managed file transfer and WS_FTP.

Register now to reserve your seat. Want to learn more? Check out our summit agenda.

QuestionMarkNo matter what line of work you’re in, there’s bound to be a frustrating incident that makes you slam your fists on the desk, look to the ceiling and exclaim, “WTF?!?!” For IT pros, this often stands for “Where’s the File?”

We hear it all the time: File transfer is becoming increasingly difficult. And considering that roughly two-thirds of enterprise file transfers – for content like purchase orders, invoices, travel documents, tax information, etc. – are sent between applications and not people, it’s no wonder that tracking and locating files can be a constant burden –especially when critical business processes go down.

We’ve heard many “Where’s The File?” stories from customers, but we want to hear yours! Consider these examples:

•”My automated file movement triggers order fulfillment for my products, but if the files don’t make it from location A to B, we lose orders, we lose customers, and we lose money…”

” process large video files from around the world and need to get them turned around in a matter of hours for clients. More often than I’d like, the videos either take too long or don’t complete the transfer at all. My video content gets stale, it loses value, and my clients aren’t happy.”

Sound familiar? Have another WTF story? Let us know here: https://www.surveymonkey.com/s/XJ29727

Not only will you get it off your chest, you’ll be entered into our Xbox One contest giveaway! We’ll draw our winner on March 19th – so tell us your “WTF” story today!

healthcare file transferIf you’re a healthcare IT professional, you’re likely losing sleep when it comes to ensuring regulatory compliance. Having the right processes and tools in place to manage the transfer of information in and out of your organization, both via people and systems, is at the heart of this issue.

To understand the latest issues and trends affecting healthcare IT professionals, we sat down with Tim Dotson, a healthcare IT consultant from Durham, NC who is well versed in the issues facing healthcare IT groups. Tim’s wide-ranging healthcare job experiences include terms as an IT director for large health systems, an informatics pharmacist, and a healthcare IT newsletter editor. He shared his insights and advice around data security and file transfers.

Zak: What are some of the overall issues you are seeing affecting healthcare IT teams? 

Tim: Healthcare IT is in the midst of change, some related to government and regulatory requirements, and some just due to the constantly changing nature of healthcare. For example, both healthcare providers and vendors are struggling to get ready for upcoming changes to the ICD-10 Procedure Coding System. At the same time, they’re dealing with ongoing requirements associated with Meaningful Use programs. These programs incent doctors to use technology to assist patients, and to make that happen, changes are needed to IT systems within healthcare organizations as well as how they’re used within organizations. These initiatives are associated with immovable deadlines. And on top of these, those in healthcare IT need to address their hospitals’ own strategic agendas.

To further complicate matters, many healthcare organizations are undergoing consolidation, whether because of mergers or because they are trying to minimize the number of IT systems and vendors they deal with.

Zak: Yet at the same time, HIPAA standards are only getting stricter, and they are not optional.

Tim: Exactly. Hospitals continue to struggle with meeting HIPAA requirements, such as the new HIPAA Omnibus Rule, which among other things makes business associates of covered entities responsible for complying with some aspects of HIPAA, and increases the associated penalties for security breaches.

“Managed File Transfer takes compliance risk off the table, and just as importantly, saves valuable resources from having to manually manage the healthcare file transfer processes.”

Compliance is complicated in an era where everybody is used to storing data on personal devices and cloud-based services such as Google, posting personal and work-related information on Facebook, and sharing information with other organizations. Penalties for being involved in a patient information breach have increased, even if the exposure was unintentional and with no evidence that anyone used the patient information.

Hospitals have to evaluate their exposure, train thousands of employees regularly, and understand how the practices of their business partners could put them at risk. New government concerns have been raised about saving and monitoring computer audit logs, not just for possible privacy violations, but to detect behavior that might indicate healthcare fraud. Breaches, investigations, and audits are almost inevitable, so hospital executives have to prepare their large, complex organizations to avoid exposure and how to respond if one occurs. It’s yet another problem that often lands in the lap of the hospital CIO.

Any ways healthcare professionals can find to deliver compliance with less effort will have a significant payoff to the IT teams. And that’s where Managed File Transfer can come into play – it’s taking compliance risk off the table, and just as importantly, saving valuable resources from having to manually manage the healthcare file transfer process or spending countless hours troubleshooting file transfer related issues.

Zak: Can you share more about what specific pressures healthcare organizations are facing when it comes to HIPAA compliance? Clearly there are some external technology trends outside of the hospitals’ control making compliance more and more of a challenge.

Tim: Many hospitals are dealing with the proliferation of devices and people demanding the ability to use them. The question isn’t whether or not devices like tablets will be used, but how hospitals will support the Bring Your Own Device (BYOD) movement.

Hospitals can’t afford to give everyone a device. But hospitals like to standardize their technology. And they certainly need to make sure data is kept private and secure. Plus healthcare IT groups need to support remote physician offices as more mergers and acquisitions occur.

There’s also a movement toward Big Data. Now hospitals can tie patient encounter data in with information about patients’ activities and characteristics outside of their environment, such as prescriptions taken, exercise and eating habits, etc. By mining this data, they can identify opportunities for improvement and develop new risk models. As healthcare organizations look to analyze all this information, files must be exchanged on a more regular basis, not just at the end of each day.

Of course, this means data security is more of an issue than ever before. Some healthcare organizations are still using unsecured email to send files. And the penalty for data breaches can be huge. Plus, the organization can lose credibility.

Zak: So with that said, how challenging is it to monitor and respond to changing data protection requirements without compromising patient confidentiality?

Tim: This is always a challenge. Security crosses several domains – infrastructure, people, and processes. Hospitals do their best to be mindful of security. But they often don’t realize how vulnerable they are until something unfortunate happens. There are so many opportunities for data to fall into the wrong hands. Every data exchange presents a risk and because there are more demands to move information around, the risk just keeps increasing. And sometimes the data protection requirements are too complicated to keep track of, especially for smaller hospitals. While these organizations have good intentions, they are often at risk because they’re not sure what to prioritize.

Zak: What are considerations or issues around balancing security and efficient file transfer?

Tim: Most times, the challenge is around the reach of communications. Many hospitals employ a large number of staff and it’s tough to get the message out about secure file transfer when you need to communicate with everyone from brain surgeons to housekeeping employees.

Many organizations are turning to automation to get around this problem. For example, they’ll set a rule to secure data in an email if it seems the information could be of a confidential nature.

Like so many things in healthcare IT, there’s not usually an obvious upside to taking these measures. It’s more about avoiding the downside, such as a penalty or negative publicity. But with increased HIPAA requirements and penalties, healthcare IT groups are paying attention to secure file transfer. It’s moved from “nice-to-have” to “must-have”.

Zak: Tim, thank you. This has been extremely insightful. One thing that’s clear from your comments is that healthcare IT professionals have a lot on their plates. For those that haven’t yet explored Managed File Transfer, it’s a way to reduce the time spent achieving HIPAA compliance, while gaining more control and visibility into the file transfer process across systems, processes and people.

To learn more about Managed File Transfer in Healthcare, visit the Healthcare section of our web site discussing Managed File Transfer Solutions for HIPAA Compliance or view one of our case studies for healthcare customers such as Rochester Hospital, VIVA Health or NHS Wales.

file transfer options‘Tis the season for Holiday decorating—from wreaths to reindeers to those pesky strings of Christmas lights. You know the ones I’m talking about—multiple strings connected to each other and wrapped across each other in a hodge-podge way. Difficult to untangle, to say the least. Imagine being asked to troubleshoot that tangled mess, if a single light goes out amongst the hundreds of lights.

Now picture the ways files transfer in, out and within your organization. What would it take to pinpoint why a single critical file didn’t arrive at its intended destination, when it was supposed to, amongst the tens or hundreds of thousands of transfers?

We can’t help bring order to your holiday decorations, but in the file transfer world we can offer this timely webinar: “Move Away from the Tangled, Digital “Do-It-Yourself” Approach to File Transfer.”

Tune in to hear three IT professionals from the Florida Department of Health and NHS Wales, along with Derek Brink – Vice President, Research Fellow, IT Security at Aberdeen Group – discuss the steps IT departments are taking to prevent their file transfer processes from turning into unmanageable messes. Our panel will also discuss how the world of file transfer is changing based on heightened audit, compliance and business process requirements across industries.

Click below for a preview of the topic:

Viva Health: Healthcare Managed File Transfer
“We needed a managed file transfer solution that would put us in compliance with all the various regulations.”

Depending on the industry, the Managed File Transfer (MFT) experience may vary in terms of the initial decision, the implementation and even the key benefits. I recently sat down with Ragan McBride – a Business Process Automation professional with 13 years of experience – to get some exclusive insights into the MFT process within the healthcare industry. 

********

Zak: What was your situation like before VIVA Health adopted MFT? What problems was the organization facing?

Ragan: Overall, there was no consistency in terms of the way file transfers were managed – everyone seemed to be doing them in their own way. Even people within the same IT group would schedule things differently and would put files on different servers. It got to be very problematic. We didn’t have control of our files, with so much duplicate data floating out there. And there was no way for us to manage file transfers from a single location.

Q: Your organization opted for an MFT solution as a remedy. How did that decision come about?

Ragan: It was a collaborative effort. We talked to people in numerous departments to find out if there were any major needs that we hadn’t considered. We also spent time reviewing our options with these departments, and talking with the CIO to determine our most pressing needs. But at the end of the day, in a healthcare organization, the IT department is really the one that must identify the needs and make the decision.

Q: And what were those pressing needs?

Ragan: Essentially, it all came down to auditability. We needed a more efficient way to do archiving and be better prepared to answer questions that could come up in audits, without killing ourselves later on. We also needed the ability to transfer files using a tool that centralized the process.

Q: You talked about the needs of other departments, as well as your own. We’re curious to know how many of those needs revolved around legal requirements as opposed to features/capabilities you simply wanted.

Ragan: Satisfying legal requirements was one of the primary reasons for switching to an MFT solution. In the healthcare industry, everything needs to be encrypted for HIPAA. For archival purposes, we have to keep certain claims data for a specified amount of time before cleaning it up. Basically, we can’t have files sitting out there indefinitely – the regulators always take notice. So we needed a healthcare managed file transfer solution that would put us in compliance with all the various regulations.

Q: Aside from addressing legal issues, what were some of the immediate benefits your organization saw by moving an MFT solution?

Ragan: We saw an immediate improvement in terms of workflow and have saved an incredible amount of time by eliminating a lot of repetitive, manual processes for tasks like pulling down files and loading them into SQL. We’ve saved somewhere close to two-and-a-half man years just on file transfers alone, so the ROI has been quantifiable.

Q: Were there any big roadblocks in the way of adopting MFT?

Ragan: Nothing major, but I would caution others to be mindful of how MFT will work with other internal systems. They all need to work together seamlessly, so there will be a period where you have to identify the best ways to ensure this happens. In many cases, different systems produce different outputs. So you need to rename certain files, which can get somewhat complex if you need to start writing custom scripts. The important thing to keep in mind is that the solution to your integration problems is probably embedded in your MFT solution – you just need to spend some time upfront figuring it out. But it’s worth it because MFT helps improve your workflows, saves you time and removes hassle in so many ways.

********

How has MFT adoption evolved within your industry? Share your thoughts and feedback in the comments section below. Thanks!

 

managed file transfer best practices
Ipswitch File Transfer’s advocate team educates customers and prospects on Managed File Transfer best practices.

Earlier this year, we launched a Managed File Transfer Advocate team to help our customers and prospects navigate through an increasingly complex landscape where:

The absence of Managed File Transfer systems causes heightened pain for IT teams where file transfer processes are too manual and require too much setup. Increasingly there are many disparate systems performing various file transfer functions, which becomes very difficult to manage and a distraction from other work.

Current transfer systems are not easy to use for end users or partners. Moreover, employees are increasingly circumventing those systems with personal file sharing ones, subjecting businesses to increased risk. But IT is still held accountable by management for having the controls in place around file-based processes.

Many IT teams lack resources to keep up with these growing file transfer needs. They can’t scale or respond quickly to growth, changes or demands from users. Which creates more day-to-day pressure on IT.

With this as the backdrop, the Managed File Transfer Advocate team helps our customers and prospects access useful informational resources to support their managed file transfer journey. The team advocates for the advancement of managed file transfer, supporting greater visibility, security and control around file transfer for IT professionals. And helping IT shift their file transfer duties from managing users and antiquated systems to becoming a strategic IT resource in control of every file transfer in, out and within the business.

How does the team do this? By accumulating third-party and internal technical know-how and staying up to speed on best practices for planning, evaluating, selecting and implementing an MFT solution.

This team reaches out to those who engage with Ipswitch File Transfer’s educational content and webinars (hopefully you!) to check with them on their needs and interests, with the goals of:

  • Understanding where you are in the consideration and evaluation of managed file transfer solutions
  • Providing you with useful information resources – videos, webinars, white papers, briefs, and even posts from this blog

Some examples of this content are:

  • Four Reasons Every Business Needs a Managed File Transfer Solution” – This webinar features file transfer analyst Michael Osterman and shares perspectives from IT professionals at Oppenheimer Funds & VIVA Health. It’s helpful for those who are looking to size up the costs of not implementing a managed file transfer system.
  • Evaluating Managed File Transfer in the Cloud– This guide outlines key considerations in looking at cloud-based managed file transfer solutions, and provides guidance on how to balance requirements for on-premise and cloud. It’s a perfect resource for those being asked to evaluate the advantages or disadvantages of a cloud-based MFT system, or develop a combined Cloud and On-Premise file transfer strategy.

Our team of advocates is helping IT professionals navigate their managed file transfer journey every day. For example, recently we’ve helped:

  • An IT professional define the requirements for an MFT system to satisfy his manager’s request for improved file automation
  • A systems administrator build the case for a managed file transfer system where he needed to get support from senior management
  • An information security professional communicate with colleagues around the implied costs and risks or NOT having a managed file transfer system
  • A CIO learn how similar businesses in the same industry (in his case, a credit union) have solved managed file transfer challenges

For these or any other cases where our team can support your managed file transfer education or decision-making process, contact our Managed File Transfer Advocate team to schedule an informational session.

MFT Webinar Recap
Ipswitch’s recent round-table included Michael Osterman, Principal at Osterman Research, and MFT experts from the healthcare and financial services industries.

There was a time when managed file transfer (MFT) solutions were considered a luxury; a nice-to-have for IT departments and large organizations. Those days are gone. Today, MFT has become mission-critical, particularly for those in the financial services and healthcare industries.

But why – what is driving this shift to managed file transfer inside so many businesses today?
To address this question, we brought together two Ipswitch File Transfer customers and an industry analyst for a roundtable discussion in our webinar the 4 Reasons Every Business Needs a Managed File Transfer Solution. The three subject experts were:

  • Rebecca Freise, Automation Application Specialist for Oppenheimer Funds
  • Regan McBride, Business Process Automation Consultant to multiple businesses including VIVA Health
  • Michael Osterman, Principal at Osterman Research

Here’s what we heard from the panel:

#1. Security is not an option (it’s a necessity)
These days, it’s hard to find a company that isn’t letting employees work remotely; that doesn’t have employees using mobile devices to get work done, and that doesn’t have a set of employees using a consumer-esqe file management tool like Dropbox. While convenient for some, these policies are a nightmare for IT departments, who must ensure that file transfers are both secure and auditable. Michael Osterman explains the dilemma:

“You may have sensitive or confidential content sent in violation of the corporate regulations or a variety of regulatory statutes. In many cases, IT simply can’t audit that content. They don’t know where it’s going. They don’t know how long it’s going to live. They don’t know who sent it to whom and how it was disseminated from there.”

See the problem? On a fundamental level, IT requires visibility and control of the entire file transfer process – something all the panelists agreed on – and the only way to ensure this level of control is through an MFT solution.

#2. You can’t risk violating regulations
Without an MFT solution, companies run the risk of violating a growing number of statutes and regulations designed to protect sensitive data from being breached. In fact, many businesses will find that regulatory requirements are the primary reason for adopting MFT.

#3. It’s not just about moving files, it’s about supporting business process
Managed file transfer is not about supporting the frivolous transfer of files between employees. It’s about supporting efficient file transfer as part of a business process – and therefore allows IT to better manage what happens next to the files or data.

Ragan McBride explained:

“A lot of our employees were going out to FTP sites on their own, grabbing data using regular FTP clients. IT would then have to get involved to unencrypt a lot of that data. We would trust that those users were using the data correctly, importing it to their databases as expected and making sure the data formats were correct. We were finding a lot of time was being spent on the IT side (helping end users figure this out).”

A managed file transfer system not only manages the file transfer, but also tracks the file’s connection to the corresponding business process, whether that business process is another system, a desktop user or a mobile user.

#4 – MFT makes life easier for IT Teams
This may best explain the continued adoption of MFT – MFT systems help make life easier for IT teams, addressing pain points such as audits and reporting and freeing up time to focus on more important tasks–instead of wasting time dealing with ad hoc file transfer requests, sifting through file transfer data to debug an issue, and locating lost files.

Rebecca Freise shared that prior to their MFT system, “We had issues with researching and finding specific transmissions and reporting on specific timeframes of file transmissions. And then trying to do an audit and report on specific clients was difficult and very time-consuming. Just doing any kind of research on any transmission was difficult. It took a lot of meeting hours to get things accomplished.”

And Michael Osterman explained this further,

“If you don’t have a good file transfer system in place, IT ends up having to do a lot of extra work to manage all of those file transfer processes, often on an ad hoc basis. The creation and maintenance of file transfer technologies becomes a real burden for IT simply because they have to do things like write custom scripts to move files, they need to build additional security around FTP servers that in many cases are just inherently insecure, they have to devote IT staff resources to manage the file transfer process where they otherwise wouldn’t have to if you had a good solution in place, and they have to use staff resources to manage all of the security and really the risk mitigation that goes along with file transfer.”

And in days of tightening budgets and strained resources, what IT group wouldn’t take something that can save precious time and remove some day-to-day headaches?

For more on the growing need for Managed File Transfer solutions, view the 4 Reasons Why Every Business Needs an MFT Solution webinar or read Michael Osterman’s recent guest post.

NHBC Logo
“Ipswitch FT’s secure MOVEit solution gives us full visibility and management of file transfers, and enables us to avoid fines of up to £250,000 for non-compliance…”Wayne Watson, information security manager for NHBC 

The National House-Building Council (NHBC) , the UK’s leading home warranty and insurance provider has greatly expanded its use of MOVEit to ensure the organization adheres to  file transfer best practices, while meeting compliance with internal standards and external regulators, including the Financial Conduct Authority (FCA).

Securing Builders’ Drawings, Architectural Designs, Legal Files and More
Secure, managed file transfer (MFT) is a high-priority for NHBC. In the past six months alone, the company has doubled the number of employees successfully using MOVEit, with over 200 active users now securing file transfers. Its business straddles the heavily regulated insurance and building sectors, and daily activities demand a constant flow of secure, confidential, copyright and personal documents and communications. These include builders’ drawings, architectural designs, legal files and more, sent between internal departments and on to external stakeholders such as solicitors, lawyers, builders, architects and homeowners.

No More File Sharing Via USB drives, Email Attachments, or Unsecured Apps
By using Ipswitch File Transfer’s MOVEit system as a compliance solution, NHBC now meets strict ISO 27000 internal security standards and exceeds compliance and regulation requirements such as those set by the FCA and the Data Protection Act (DPA). Previously, NHBC employees had to encrypt and share files via SD cards, USB drives, CD-Rs, email attachments and an assortment of unsecured web-based file sharing apps. But a tremendous shift in attitudes in recent years has led to more organizations like NHBC integrating MFT platforms, making unsecured email attachments and portable media things of the past.

Wayne Watson, information security manager for NHBC, said: “Ipswitch FT’s secure MOVEit solution gives us full visibility and management of file transfers, and enables us to avoid fines of up to £250,000 for non-compliance, as well as maintaining our company’s 75-year trusted reputation.”

The file sharing habits of employees can be risky but is driven by their desire to get work done. The business need and IT desire to control file sharing is equally important. Fortunately, companies don’t have to choose between risky behavior and productivity. Using secure managed file transfer technology, employees can get the convenience, ease-of-use, and speed they need while IT and the business get the control, visibility, security and compliance they need.

Are Your Employees Putting Your Data at Risk? eBook

Every organization that values security is facing challenges in how it secures information shared between people, either inside the company or with people outside the company such as customers or partners.

Jeff Whitney, VP of Marketing, sat down with Enterprise Management 360 Editor David Tran to discuss trends and issues around person-to-person file sharing within business. 

EM360°: What are you seeing as the key trends today impacting person-to-person file sharing within businesses?

Jeff Whitney: There are essentially three key trends in person-to-person file sharing.

First of all, taking a few steps back, it has only been a few decades ago, in a work world that’s now long forgotten, that IBM mainframes ruled the world. In the good old days, the vast majority of confidential company and customer information was locked down in those mainframe computers. People were only able to access it by wading through computer printouts, or if they were lucky, by accessing large cathode ray VCT terminals. People couldn’t get hold of that information and risk sharing it elsewhere.

But today, the work world is entirely different. Today businesses are dominated with knowledge workers who have personal computers, and each one is far more powerful than those old mainframes. These PCs are filled with confidential company and customer files.

The second trend is that, with all the information that knowledge workers have, they are sending an ever-increasing volume of information to their extended enterprise; to their suppliers, shipping vendors; and their customers and every imaginable type of data being shared including legal documents, patient records, loyalty data, package locations, insurance claims, account information, purchase orders, x-rays, test results, and investment information, just to name a few.

The third trend is, with all of this going on, IT hasn’t been able to keep up with this flow of information, and there is a plethora of easy ways that employees can use to transfer files. For instance: company email, personal email and consumer collaboration systems like Dropbox.  Employees are using these non-secure systems because IT hasn’t been able to provide them with solutions that are convenient enough. They are not knowledgeable of these security risks, and all they want to do is get their work done.

EM360°: From a corporate perspective, what security risks and challenges are therefore in place that management, IT and security professionals need to be aware of?

These file-sharing techniques that employees are using can create security breaches. Even company email is often not secure as it is coming across in an unencrypted way.

You could be breaking corporate compliance obligations — if you are in financial services, in healthcare, or any number of other places who have policies or compliance regulations.

There is a true lack of visibility of Audit trails. You lock down your cash, so you know what is happening to your cash. And yet knowledge is regarded as far more important to businesses, or at least as important as cash. Yet, we are letting that knowledge flow back and forth in very non-secure manners. And the reality is who will get in trouble if that happens — is it the employee who sends it? Definitely. But equally, the senior manager is going to walk into the IT department, asking why IT hasn’t provided their workforce with solutions that can protect secure the data and provide the governance and compliance the business needs. 

EM360°: So now let’s get to the survey. We see your eBook states that 84% of respondents acknowledge they send classified or confidential information as email attachments. That’s astounding. What do you see driving that behavior?

It is really driven by the fact that employees are just trying to get their job done. They are surrounded by solutions — personal email, consumer collaboration tools — that allow them to share information in a very easy to use and rapid form. They carry that over into their work lives. If they know that they could send a file very quickly using a readily available consumer tool, they are not going to wait around for a member of the IT department to help them.

I think it’s actually very appropriate to discuss the magnitude of file-sharing. You mentioned that 84% are using or sending confidential information using these kinds of tools. In that 84%, they are actually sending classified emails with email attachments, which I have reiterated before, is not secure.

Almost three quarters of those — 72% — are doing it weekly, and more than half are doing it every day. This is a major issue.

In fact it gets even worse as employees aren’t using only their work emails, but instead are using their personal email. Some 50% are using their personal emails to send over work attachments. 40% say it’s because it is faster and more convenient. 35% say it is because of file size issues. And 30% say their IT department can’t monitor or audit. They are sending over confidential company information, and for some reason, they do not want IT to monitor that. It’s wrong.

Additionally, 50% are using file sharing websites, and of those, a quarter are doing that weekly, and some of those websites are well known for data breaches and have been publicized for it over the past few months.

EM360°: Jeff, there’s a set of risks in place with most organizations today. So what can companies do to balance the needs of the employee vs. the organization?

What companies need to do is to provide secure managed file transfer capabilities for their employees that they will readily adopt.  These tools need to be convenient, straight-forward, and allow fast transfer of knowledge. And for the business, it needs to provide the security and governance (control, security, compliance) that companies demand. You need to have both; it isn’t just one or the other.

IT isn’t just sitting on resources that are readily available to attack any issue. This issue has just blown up so quickly that IT has been slow to respond. Our survey shows that only 25% of IT organizations actually enforce the usage of IT-sanctioned tools. Only about 40% of organizations have visibility into the movement of their confidential data in and out of their business. And only about 15% receive confirmation of when critical data is being delivered.

As I said, IT organizations haven’t been able to catch up with this trend, and they haven’t provided the solutions that are out there to address this.

So how is Ipswitch File Transfer addressing this increasing need that you’re seeing for secure person-to-person file transfer within organizations?

Ipswitch File Transfer has a long history of providing managed file transfer capabilities for organizations, specifically for IT to manage these issues.

Our MOVEit™ Ad Hoc Transfer solution enables employees to send and receive files and messages between individuals and groups using an Outlook or a simple browser interface.  MOVEit™ meets employees’ needs for convenience, ease-of-use and speed and IT’s need for governance, including control, visibility, security and compliance.

EM360°: Jeff, thank you for sharing your insights with us. The eBook Jeff mentioned is available and includes the full details of the research we have cited around the risks of person-to-person file transfer within business.  

I recently attended SecureWorld Detroit and engaged in two days of conversation with top security, IT and risk management professionals.

There was a single theme that I heard the loudest and clearest from the security community:

There is growing concern for how employees transfer files in an ad hoc manner to those outside the organization. Employees are quick to turn to DropBox or YouSendIt to step outside of file size limitations or email speed issues, without realizing the consequences of their actions.

We heard this consistently across multiple industries – Retail, Healthcare, Financial Services, Banking, Government, Automotive.

We heard this from organizations large, medium and small with requirements to manage file transfers with partners, customers or vendors, and in some cases with international and global reach.

It was said in different ways but it came down to the security teams seeing significant risk for leakage with their current situation today. Some soundbites:

  • “We need a person to person file transfer solution”
  • “My users want to send large files through YouSendIt. Right now I just keeping saying ‘No’, I’d rather have a solution to offer them.”
  • “We need to support an ad hoc file transfer requirement for our users”
  •  “I have people using DropBox today. It is absolutely unacceptable from a security standpoint, but we need to offer them an alternative.”

This risk around person to person file transfer is not going away, it’s getting worse by the day as more and more employees rely on personal email and cloud based services to transfer data. The potential for leakage is amplified when you consider other data transfer devices such  as USB drives and personal email use.

We have done extensive research in this area and we have a Research Report summarized in a graphical eBook which will be published later in October. Titled “Are Your Employees Putting Your Company’s Data at Risk?”, this report helps bring the current problems to life with a picture of how users are behaving today.

In his white paper, “Business-Class File Sharing Best Practices”, Michael Osterman of Osterman Research assesses the current state of
personal file sharing within business, with recommendations about how information technology, risk management and compliance teams can best address the common issues and risks.

Below is an excerpt from the paper, where Michael summarizes some of the key issues with the status quo with personal file sharing within business.  We also invite you to access the full white paper including Michael’s case for why IT needs to provide and manage file sharing solutions.

Excerpted from “Business-Class File Sharing Best Practices”

The Status Quo Doesn’t Work

  • Users are stymied because company email systems often do not permit file attachments of more than 10 to 20 megabytes to be sent, and it is not efficient at sending more than a few files at a time. Moreover, email doesn’t typically include a return receipt so the sender can know if the recipient ever received the email. Also, when email is used for file transfer, it imposes increased storage and bandwidth costs, slow message delivery, long backups, long restores, high IT management costs.
  • Many users will turn to their personal Webmail account because of their ability to send very large files through these systems. However, when users do so there is no IT visibility into the sent or received content, no tracking, no auditability, and no archiving. Moreover, corporate content can reside in personal Webmail repositories for many years, long after an employee may have left the company. While this makes life easier for users, it increases the risk to the organization.
  • USB sticks, tablets and smartphones create the same problems: lack of security, higher costs, their likelihood of being lost or stolen, and the potential for content on them to be accessed by unauthorized parties.
  • Dropbox-like file sharing tools and cloud services can be effective, but they do not permit IT management or governance of content. And, they often are individual accounts and not under the sanction of IT which means that IT doesn’t have the visibility or insight into what is being transferred, nor does IT maintain any type of audit trail for this content.
  • SharePoint and similar tools are useful for sharing information if both senders and recipients are using it. However, SharePoint require the deployment of a dedicated infrastructure and training for end users, and it is not always easily accessible by remote workers or people external to an organization.
  • Basic FTP client-server systems, while useful, require both the sender and recipient to have access to the FTP server to share information, which can be an ongoing provisioning burden for IT.
  • Physical delivery of information – such as CD-ROMs or DVD-ROMs that are burned and sent through overnight services – is expensive and the speed of delivery is slow

Again, at this link you can access the full white paper including Michael’s case for why IT needs to provide and manage file sharing solutions.