The Ipswitch Innovate Virtual Summit for IT pros, by IT pros. Click to register!

Calling all IT pros looking to learn innovative best practices from each other and our own technology experts. Attend the Ipswitch Innovate 2015 Summit (October 21-22), a two-day virtual event where you can leave your car at home and wear anything you like, because you can only attend this summit online. It may be virtual, but Ipswitch Innovate 2015 will deliver a high dose of tech advice from IT innovators – live streamed directly to you.

Registration is FREE for anyone who wants to attend. Whether you’re an Ipswitch user or seeking tips, tricks & best practices for your IT team, you’ll receive 3 hours of LIVE content each day on ways to improve your IT operations across network, server & application monitoring, file transfer and more.

Summit highlights include case studies and live chats with product experts who will answer your questions including best practices for getting the most out of your monitoring & file transfer software. But the benefits of participating don’t stop there. Here are five reasons why this summit is a must-see:

  1. Advance your techniques, for free

Register now to get real-world technical advice from leading experts on the best ways to simplify IT initiatives with Ipswitch software. Did I already mention our online event is free?

  1. Get recognized for your success

Are you already innovating with Ipswitch software? If so, nominate your company for an Ipswitch Innovate 2015 Customer Award.

  1. Prepare for the future

Be among the first to learn about new, innovative Ipswitch products that are coming your way. Learn what’s trending in compliance and the Internet of Things (IoT) that’s changing everything you thought about securing data and monitoring Things.

  1. Get inspired by others

Hear battle stories from your fellow savvy IT pros in the trenches and learn how they are using Ipswitch technology to solve their IT challenges.

  1. Earn Ipswitch $

Participate and earn Ipswitch $ value rewards you can use to buy Ipswitch products like WhatsUp Gold network performance monitoring, MOVEit managed file transfer and WS_FTP.

Register now to reserve your seat. Want to learn more? Check out our summit agenda.

Some folks from the Ipswitch managed file transfer team and I were at RSA Conference U.S. last week where we had some great conversations with lots of IT and security pros including our own customers. Lots of visitors to our RSA booth were looking to looking to automate manual file transfers to shut-down unmanaged solutions being used internally like Dropbox.

Pictures from Ipswitch at RSA 2015.
Pictures from RSA Conference last week in San Francisco. (That’s me and Randy Franklin Smith in the lower left hand corner).

And I was finally able to meet Randy Franklin Smith face-to-face. He was at our booth to sign our recently published Managed File Transfer for Dummies reference book that he co-authored with me. Not only did we have fun bonding as a team, but I got some interesting insights.  First I’ll start with some quotable security quotes heard during keynote sessions:

  • Cybersecurity is a team sport.” (Michael Daniel, winner of the Excellence in Public Policy award)
  • This is a mindset problem. The world has changed, and trust me, it’s not the terrain that’s wrong.” (Amit Yoran, RSA
  • Challenge the platform/foundation because a culture of tradition will take place and things go awry. The challenge is not the tools, but process and people instead.” (Chris Young, Intel)

Observations and Experiences

More people than ever are looking for two-factor authentication, and they were happy to hear it is available with MOVEit Managed File Transfer via SAML 2 integration with Identity Provider solutions like those from OneLogin. (For more details, check out our SSO webinar with Rob Capozzi from OneLogin).

I personally talked with three customers who replaced Axway’s solution with MOVEit Managed File Transfer. Each of them said that MOVEit offered much better technical support, a more productive automation environment, less overall cost, and simple pricing model that doesn’t require lots of component purchases for what they considered minor additional requirements.

And I heard about the need to integrate managed file transfer technology into the existing IT security infrastructure for improved security and control. This includes security and information event management (SIEM) like Splunk, data loss prevention and anti-virus – all of which integrates nicely with MOVEit.

I’m already looking forward to RSA Conference 2016.

>> Download a free copy of Managed File Transfer for Dummies and learn how to securely manage file transfers in the borderless enterprise; reduce business risk and ensure compliance; and automate file transfers and save money. <<






infosec2A few months ago, I was fortunate enough to attend RSA, one of the biggest and best security conferences here in the States. Today, I’m overseas attending Europe’s leading security conference. It’s a tough job, but hey, someone’s gotta do it.

I’m talking of course about Infosecurity 2014, which features over 300 exhibitors, 13k attendees and hundreds of the brightest minds from the global security community. As you might imagine, the agenda covers nearly all of the hot industry topics, including cloud technology, compliance, cybercrime and much more. That said, there are four things in particular that I’m looking forward to:

#1. MFT and the Continental Divide

Here in North America, the primary drivers for adopting Managed File Transfer (MFT) are almost always some combination of automation, consolidation, integration, visibility and control. But can the same be said for organizations across the pond? I hope to find out. While Europe’s compliance laws, for instance, are certainly different from the ones we have here in the US, they are no less stringent. Thus, I’m interested to learn what unique factors are driving MFT adoption outside of the US.

#2. Sessions, Sessions, Sessions 

If I could clone myself and attend every session, I would. While I’ll be attending as many as I can, I’m especially interested in these four:

  • Understanding and Addressing Data Governance in Large Scale Enterprises: Barclays recently took a series of measures designed to strengthen its data governance capabilities with respect to “unstructured, human-generated data.” I was aware of the initiative, but only on a very general level, so I’m interested in getting an insider’s look during this presentation.
  • PCI DSS 3.0, Application Security and Penetration Testing: PCI is a topic near and dear to me (and the rest of us here at Ipswitch), so I’m excited to learn about new techniques that help PCI-compliant organizations ensure a greater level of safety for their applications. This session covers some of the latest changes in 3.0 and “how it relates to application security and see how new technology can be applied to development processes to create continuous security assurance for applications early in the development life cycle.”
  • Social Engineering, a View From the Dark Side: Organizations have gone to great lengths to secure their systems from a data breach, but they still have a long way to go towards securing their employees in a similar fashion In this session, we’ll be given a closer look into social engineering – how hackers are “coercing unwitting employees to provide them with the tools they need to unlock even the most secure systems.”
  • How to Avoid the Tangled, Digital “Do-It-Yourself” Approach to File Transfer: In the absence of well-defined policies, awareness and education, and enterprise-supported alternatives — enterprises over time have come to rely on a mix of “digital do-it-yourself” approaches for synching, sharing and transferring files. In this presentation, Ipswitch’s very own Steve Hess will untangle the web of file transfer applications within the enterprise and talk about best practices to ensure visibility and control in an increasingly regulated market.

#3. Innovations and Insights 

Of course, not all of the learnings and key takeaways will come from panelists and presenters; much of it will come from the conference’s 325+ exhibitors. I’m therefore extremely eager to chat with my colleagues and contemporaries to gain a better understanding of the global security market. I’m always interested to see what other upcoming tools and technologies are being developed to help make businesses (and their data) more secure – and there’s no better place to do just that than Infosecurity.

London Calling 

On a personal note, I’m really looking forward to walking around Soho (my favorite part of London), having pints of lager with bangers and mash in some of the more prominent pubs, and shopping at Lillywhites on Piccadilly Circus for football jerseys and rugby shirts.

RSA BoothReality has set back in. No longer confined in the Moscone Center, I’ve returned home to the frigid New England cold. My favorite part of the show was talking with people about their WTF (Where’s the File) moments—more to come on that through future content.

As a follow up to my first post, I wanted to share a few takeaways from the RSA Conference.

  • Cloud security was HOT. Nearly every booth I stopped by had a spin on how the cloud could be a secure solution—perhaps we’re at that tipping point as an industry in how we all view the security of the cloud.
  • In 2014, the basic challenges associated with file transfer were well understood and we were happy to see more sophisticated, pointed questions around helping them with their file transfer challenges.
  • People understand the needs and issues around Managed File Transfer (MFT) but they may not be familiar with the term. FTP is very well understood, so when we explained how MFT goes well beyond FTP capabilities by adding management, visibility and control, integration and automation, their eyes lit up and they suddenly became interested. Many folks I spoke to suffer from too many file transfer methods and are just starting to realize that they need to consolidate into a common, managed file transfer platform.
  • International presence was higher than expected. We had conversations with folks from Brazil, Mexico, Japan and China in the booth.
  • Don’t expect any fun takeaways from the NSA booth. I think we were lucky to get a smile or two from that bunch but I guess that’s to be expected.
  • The Greek gyro place next to the Moscone center is not to be missed.

What were your takeaways from the show?

rsa conferenceNothing ever stays the same in the world of information security. Each day we see new threats and challenges, along with new solutions, tactics and approaches. Despite the ever-changing nature of the space, there are however a few constants – one of them being the annual RSA Conference.

Considered by many (myself included) to be the premier IT security event, RSA features keynotes and sessions from some of the world’s foremost experts – including those from business, government and academia. If you’re interested in being among the first to know about a particular topic or trend, this is the place to be. In fact, it’s where I’ll be in just a few short days.

So what am I looking forward to the most? Here are five things in no particular order:

1) New Insights on Cloud Security: If you scan the RSA Conference 2014 tracks, you’ll notice that cloud security is getting a fair amount of attention – and for good reason. After realizing the benefits of adopting the cloud (cost, efficiency, etc.) organizations quickly discover the challenges and concerns, which almost always center on security. While we have our own take on this matter, I’m interested to hear what others have to say. Thus, some of the sessions I’m most looking forward to include Is the Cloud Really More Secure Than On-Premise?, Virtualization and Cloud: Orchestration, Automation and Security Gaps and Trust Us: How to Sleep Soundly with Your Data in the Cloud.

2) The Networking: The RSA Conference is well-known for attracting some of the best and brightest from a wide range of industries – and this year’s conference will be no exception. Here are a few of the featured speakers that I’m hoping to catch:

  • Selim Aissi, Vice President, Global Information Security, VISA
  • Marene Allison, Global Chief Information Security Officer and World Wide Vice President of Information Security, Johnson and Johnson
  • Bob Blakley, Global Head of Information Security Innovation, Citigroup
  • Mary Ann Davidson, Chief Security Officer, Oracle
  • Scott Andersen, Director, Global Information Security, Citi
  • Bret Arsenault, Chief Information Security Officer, Microsoft Corporation
  • Joseph Demarest, Assistant Director of the Cyber Division, FBI
  • Eran Feigenbaum, Director of Security, Google Apps, Google

3) Stephen Colbert: I’m not sure how much Stephen Colbert knows about information security, but I’m not sure that it matters. As a long-time fan of the Colbert Report, I was thrilled to find out that he’ll be one of the featured keynote speakers. Who says that information security isn’t funny?

4) Alternate Realities: Here at Ipswitch, we tend to discuss file transfer security, compliance and other matters through the lens of a business. But at this year’s conference, we’ll get to see how security is viewed by large government organizations like the FBI, as well as that of venture capital firms, economists, academics and other personas those of us in the business world sometimes forget about. If you’re looking to expand your understanding of information security, there’s no better place to be than the RSA Conference.

5) The Food: This year’s event will be held in San Francisco, a haven for foodies like myself. Thus, I’ve already spent a considerable amount of time on Yelp scoping out restaurants and other hotspots. Clearly this is important to me. I’ll be coming back with a renewed appreciation for the importance of information security, but also a few good meals. Thankfully, they only hold this event once per year.


What are you looking forward to seeing at this year’s RSA Conference? Be sure to let us know in the comments section. Or let me know your recommendations for must-eat restaurants!

derek-brink--security-file-transferIn a webinar I participated in recently with Ipswitch File Transfer I shared the following from an analysis and comparison of companies that use managed file transfer (MFT) solutions, and companies that don’t:
Performance Metrics
(last 12 month avg.)



MFT Advantage

Errors / exceptions / problems,
as a percentage of the
total annual volume of transfers




Time to correct an identified
error / exception / problem


387 minutes


The comparison is easy enough to understand: MFT users experienced 26% fewer errors, exceptions, and problems as a percentage of the total annual volume of transfers, and they were 4.8-times faster to get going again when an error, exception, or problem did occur.

This is nice information to have for marketing purposes, but what does it really mean for the business?

A couple of quick, back-of-the-envelope calculations based on these findings shed some interesting light on this question:

  • Let’s base our analysis on an annual volume of 1,000 file transfers. This makes it easy for you to personalize for your own particular environment – for example, if your annual volume is 10,000 transfers, you can simply multiple these results by 10.
  • Let’s assume that the average percentage of errors, exceptions, and problems is as shown above
  • Likewise, let’s assume that the average time to correct errors, exceptions, and problems is as shown above
  • A simple computation leads us to the following:
    • 1,000 transfers * 3.3% * 81 minutes = 2,711 minutes lost per year for MFT users
    • 1,000 transfers * 4.5% * 387 minutes = 17,331 minutes lost per year for MFT non-users

Now, let’s think about the cost of that lost time. In a person-to-person scenario, there are at least two people affected – and arguably three:

• The sender of the file loses at least some of their productivity
• The receiver of the file loses at least some of their productivity
• In addition, the issue may require the involvement of an additional person to help respond, remediate, and recover – and this responder loses all of their productivity

For the sake of this back-of-the-envelope calculation, let’s further assume:

  • The fully-loaded cost per person is $50 per hour
  • Both sender and receiver lose one-third of their respective productivity for the time the issue remains uncorrected (e.g., they can still do other work)
  • The responder, however, loses 100% of their productivity for the time the issue remains uncorrected
  • A simple calculation leads us to the following:
    • 2,711 minutes * 1 hour / 60 minutes * $50 / hour * (1/3 + 1/3 + 1) = $3,750 lost per year for MFT users
    • 17,331 minutes * 1 hour / 60 minutes * $50 / hour * (1/3 + 1/3 + 1) = $23,975 lost per year for MFT non-users

This is a 6.4-times advantage for MFT users, for the cost of lost productivity alone!

If this wasn’t already a sufficient business case for a MFT solution, we could also estimate additional costs related to errors, exceptions, and problems with file transfers, such as:

  • Opportunity costs
    • Loss of current revenue
    • Loss of future revenue
    • Inability to carry out the organization’s mission
  • Costs associated with the loss or exposure of sensitive data
  • Costs associated with non-compliance

I won’t attempt to quantify these costs here, but it seems clear enough that if we did then the gap between MFT users and MFT non-users would grow even wider – e.g., Aberdeen’s research confirmed that compared to MFT non-users, MFT users had fewer security incidents (e.g., data loss or exposure), fewer non-compliance incidents (e.g., audit deficiencies), fewer errors and exceptions, and fewer calls and complaints. As if we needed any more convincing.

Remember, these calculations were done on a volume of 1,000 file transfers per year – you can easily scale these up to reflect your own environment. It’s pretty easy to see that it doesn’t take very much volume to justify the cost of implementing and supporting an MFT solution. (In fact you might even save in operational costs, from the benefits of having a more uniform and efficient file transfer “platform”.)

Another thing we might want to do with Aberdeen’s research findings is to show how MFT users have actually reduced their risk compared to that of MFT non-users – using the proper definition of risk, which has to do with the probability of an error, exception, or problem and the magnitude of the corresponding business impact. The results of that more sophisticated analysis would not be a single, static number (such as the ones we derived above), but a more realistic range of values that would support making business decisions about file transfer based on the organization’s appetite for risk.

In my next post I will dig deeper into the business case for MFT by using a proven, widely-used approach to risk modeling called Monte Carlo simulation.

You also may be interested in the Aberdeen White Paper with this underlying research “From Chaos to Control: Creating a Mature File Transfer Process,” as well as these audio highlights from a recent webinar on this same topic of quantifying the benefits of Managed File Transfer.

MFT Webinar Recap
Ipswitch’s recent round-table included Michael Osterman, Principal at Osterman Research, and MFT experts from the healthcare and financial services industries.

There was a time when managed file transfer (MFT) solutions were considered a luxury; a nice-to-have for IT departments and large organizations. Those days are gone. Today, MFT has become mission-critical, particularly for those in the financial services and healthcare industries.

But why – what is driving this shift to managed file transfer inside so many businesses today?
To address this question, we brought together two Ipswitch File Transfer customers and an industry analyst for a roundtable discussion in our webinar the 4 Reasons Every Business Needs a Managed File Transfer Solution. The three subject experts were:

  • Rebecca Freise, Automation Application Specialist for Oppenheimer Funds
  • Regan McBride, Business Process Automation Consultant to multiple businesses including VIVA Health
  • Michael Osterman, Principal at Osterman Research

Here’s what we heard from the panel:

#1. Security is not an option (it’s a necessity)
These days, it’s hard to find a company that isn’t letting employees work remotely; that doesn’t have employees using mobile devices to get work done, and that doesn’t have a set of employees using a consumer-esqe file management tool like Dropbox. While convenient for some, these policies are a nightmare for IT departments, who must ensure that file transfers are both secure and auditable. Michael Osterman explains the dilemma:

“You may have sensitive or confidential content sent in violation of the corporate regulations or a variety of regulatory statutes. In many cases, IT simply can’t audit that content. They don’t know where it’s going. They don’t know how long it’s going to live. They don’t know who sent it to whom and how it was disseminated from there.”

See the problem? On a fundamental level, IT requires visibility and control of the entire file transfer process – something all the panelists agreed on – and the only way to ensure this level of control is through an MFT solution.

#2. You can’t risk violating regulations
Without an MFT solution, companies run the risk of violating a growing number of statutes and regulations designed to protect sensitive data from being breached. In fact, many businesses will find that regulatory requirements are the primary reason for adopting MFT.

#3. It’s not just about moving files, it’s about supporting business process
Managed file transfer is not about supporting the frivolous transfer of files between employees. It’s about supporting efficient file transfer as part of a business process – and therefore allows IT to better manage what happens next to the files or data.

Ragan McBride explained:

“A lot of our employees were going out to FTP sites on their own, grabbing data using regular FTP clients. IT would then have to get involved to unencrypt a lot of that data. We would trust that those users were using the data correctly, importing it to their databases as expected and making sure the data formats were correct. We were finding a lot of time was being spent on the IT side (helping end users figure this out).”

A managed file transfer system not only manages the file transfer, but also tracks the file’s connection to the corresponding business process, whether that business process is another system, a desktop user or a mobile user.

#4 – MFT makes life easier for IT Teams
This may best explain the continued adoption of MFT – MFT systems help make life easier for IT teams, addressing pain points such as audits and reporting and freeing up time to focus on more important tasks–instead of wasting time dealing with ad hoc file transfer requests, sifting through file transfer data to debug an issue, and locating lost files.

Rebecca Freise shared that prior to their MFT system, “We had issues with researching and finding specific transmissions and reporting on specific timeframes of file transmissions. And then trying to do an audit and report on specific clients was difficult and very time-consuming. Just doing any kind of research on any transmission was difficult. It took a lot of meeting hours to get things accomplished.”

And Michael Osterman explained this further,

“If you don’t have a good file transfer system in place, IT ends up having to do a lot of extra work to manage all of those file transfer processes, often on an ad hoc basis. The creation and maintenance of file transfer technologies becomes a real burden for IT simply because they have to do things like write custom scripts to move files, they need to build additional security around FTP servers that in many cases are just inherently insecure, they have to devote IT staff resources to manage the file transfer process where they otherwise wouldn’t have to if you had a good solution in place, and they have to use staff resources to manage all of the security and really the risk mitigation that goes along with file transfer.”

And in days of tightening budgets and strained resources, what IT group wouldn’t take something that can save precious time and remove some day-to-day headaches?

For more on the growing need for Managed File Transfer solutions, view the 4 Reasons Why Every Business Needs an MFT Solution webinar or read Michael Osterman’s recent guest post.

Four Reasons Companies Need Managed File TransferAs an IT analyst firm, we query companies large and small on a range of issues. One of the areas of risk we consistently see is around the transfer of files associated with business processes. To understand why these risks exist, we need to explore the difference between simple file transfer and managed file transfer.

The Importance of Managed File Transfer

Business processes are dependent on the transfer of files – important business records sent between applications, between people, or between applications and people.  A strong case can be made that the vast majority of so-called “communication” networks are really much more about transferring files than they are about sending messages or other types of communication. This is particularly true since most file transfers occur between applications and not between people: roughly two-thirds of file transfers – for content like purchase orders, invoices, travel documents, tax information, etc. – are sent business-to-business, not user-to-user.

File Transfer Needs Improvement

File transfer is so integral to the proper flow of business processes and corporate communication that it must be a high priority for any company. Yet, there are numerous problems with existing file transfer processes including the following:

  • Many files are sent without encryption
  • IT cannot control the lifecycle of the transferred files
  • Lack of auditability for the file transfer process
  • Some content is not archived in accordance with corporate policies
  • Chain-of-custody cannot be maintained for some content
  • Transferred files cannot be inspected by Data Loss Prevention systems

This lack of control results in a greater likelihood of data breaches and a breakdown of business process efficiency.

The “M” in “MFT”

Clearly, companies of all sizes need to address these problems. They can do so by implementing a file transfer process that can be managed in accordance with the variety of requirements that enable them to maintain the integrity of data as it is being transferred within and between organizations. However, this is usually not possible via typical file transfer solutions like traditional FTP or many of the growing number of cloud-based file transfer tools because of their inherent limitations. Instead, true, enterprise-grade file transfer requires MFT, which is distinctly different from typical file transfer solutions in the following four ways:

  1. Security
    An MFT system enables the transfer of files using secure protocols that will encrypt content both in transit and at rest. This is essential in order to maintain the integrity of information as it passes from sender to recipient, and as it is stored on various servers.
  2. Compliance
    An MFT solution allows an organization to maintain compliance with the growing number of statutes that are designed to protect sensitive information from being intercepted by unauthorized parties.
  3. Control
    A key distinction of an MFT system is the control that it allows over content: its expiration, who can access the content, where it can be sent, and the ability to report on content flows, etc. In short, MFT solutions permit complete control over the lifecycle of content in order to minimize the risk of non-compliance or loss of sensitive content.
  4. Integration with workflows
    An essential element of a true MFT solution is its ability to integrate with corporate workflows to ensure that content can be sent in support of corporate requirements. For example, a purchase order system that requires the sending of purchase orders and other documentation to recipients must integrate seamlessly with this system in order to minimize disruption with existing processes.

The Next Generation of File Transfer

File transfer is changing as organizations migrate away from insecure, legacy FTP systems; email (which has become the de facto file transfer solution in many organizations); and lightweight, consumer-focused file sharing solutions. Instead, companies are moving toward true MFT solutions that:

  • Integrate well with existing corporate workflows and content-transfer processes
  • Allow IT to maintain control of the entire file-transfer lifecycle
  • Ensure appropriate corporate governance for all content
  • Enable end users to employ file transfer simply and efficiently

I will have the pleasure of discussing these issues along with two individuals whose organizations have recently implemented MFT solutions at a Webinar on August 22nd and would welcome having you join us for the discussion.

To learn more view the on-demand version of the webinar:

Four Reasons Every Business Needs a Managed File Transfer Solution


  • Mr. Michael Osterman, Principal at Osterman Research
  • Ms. Rebecca Freise, Senior Application Systems Administrator, Oppenheimer Funds
  • Mr. Ragan McBride, Automation Engineer & Industry Consultant, Viva Health

There is so much to absorb at RSA Conference.  The largest gathering of security vendors, solution providers and practitioners in the U.S. certainly didn’t disappoint as the Moscone Center was buzzing with security education and of course lots of thought provoking conversations.

Many of the people I spoke with shared similar concerns of data breach risk, tighter compliance and auditing requirements, and their lack of visibility and control over the tools that people are using inside their organization to share files and data with other people.  IT leaders are feeling pressure (and rightfully so) to regain control over how people share files with other people.  It was also great hear so many people talking about migrating to the public and private clouds in order to take advantage of benefits such as quick provisioning and elasticity.

My favorite conversations at conferences are usually the ones I have with current customers…. And RSA was no exception.  Quite frankly, the key insights I learn from talking with customers help me do my job better.  Many thanks to the dozen or so Ipswitch customers that stopped by our booth and shared stories of how they have successfully consolidated and replaced the various homegrown file transfer tools and scripts, various vendor products, and manual processes they had been relying on with an Ipswitch MFT solution, resulting in improved efficiencies in their business processes as well as a simplified way to demonstrate compliance and consistently enforce security policies for all their file transfer and file sharing activities.

Are you attending RSA Conference next week in San Francisco?  If so, stop by booth #629 at the Moscone Center and say hello the Ipswitch team.

This will be my third year attending RSA.  Not only and I’m looking forward to talking about how Ipswitch’s portfolio of Managed File Transfer solutions can solve the problems you’re experiencing with your current file transfer and B2B environment….  But I’m also looking forward to learning about topics like security attacks, data breaches, mobile threats, cloud security, and compliance along with the other 15,000+ people attending the largest security conference in North America.

If you’re going to be at RSA this year, stop by our Ipswitch booth (#629) to learn how we can help you:

  • Mitigate security risks and data breach exposure.  We’ll show you how to secure and control all files/data moving between systems and people — both internally and externally
  • Reduce complexity by consolidating and replacing the various file transfer products, homegrown solutions, hard to maintain scripts, and tools people use to share files
  • Increases productivity and efficiency by automating manual and labor-intensive workflows with a simple point-and-click interface – No scripting required
  • Provide visibility and auditability into all data transfer and file sharing activities, including files, events, people, policies and processes

We hope to see you there.

Ipswitch has been cautioning companies about the dangers of private/confidential information being sent through Google (and other hosted and person-to-person services), both from a security and a responsibility perspective.

Last week’s GMail hack further drives home the point that organizations must proactively manage and have visibility into what information is being shared with service providers and how information is being sent between people.

Don’t let your guard down and simply treat the cloud as just another internal resource…. They need to be properly managed and governed just like any other third-party.

Ipswitch’s Frank Kenney recently concluded a 4-part webcast series on integration.  It’s not too late to watch a replay of it.  In parts 3 and 4, Frank talks through the issue of relying on cloud providers and provides tips for managing and governing cloud and person-to-person interactions.

We’ve got some fresh stats and trends to share from data that we collected at the recent RSA Security Conference.  Many thanks to the “statistically significant” number of people that took the time to fill out our survey questionnaire.

Our survey results highlight some major security and compliance concerns for businesses – information security, visibility and policy enforcement remain a major problem in 2011.  Here are a few key data points:

  • 65% have no visibility into files and data leaving their organization
  • >80% use easily lost or stolen portable devices like USB drives and smartphones to move and backup confidential work files
  • >75% send classified documents as email attachments – including payroll, customer data and financial information
  • >25% percent have purposely used a personal email account (like yahoo or hotmail or gmail) instead of their work accounts as a way to hide their file transfer activity
  • 55 percent said their companies provide – but do not enforce – policies and tools around sharing sensitive information

The fact that so many companies admittedly lack visibility into the files and documents that are moving around and leaving their organization is pretty scary.  How can an organization protect information that they don’t know even exists?  Clearly, increased focus is needed to first identifying sensitive data and then protecting it – These critical information security components should be carefully baked into an organizations security, governance and compliance initiatives.

Lastly, I’d like to vent on the last data point for a minute.  Policy creation simply isn’t enough…. the enforcement of that policy is the critical step.  Writing down a policy but not enforcing it is just as risky as not having documented the policy in the first place. Creating the policy is a good start, but please please please don’t stop there.