I’m excited to share the news of our release of Ipswitch Analytics, a new reporting and monitoring solution for MOVEit™ Secure Managed File Transfer. Ipswitch Analytics ensures reliable, cost-effective and auditable file transfers. IT teams gain deep insight into business critical file transfers through an innovative analytics engine that includes an interactive activity monitor, automated report creation and distribution, and fine-grained access control.

Ipswitch Analytics accesses and consolidates data from all MOVEit File Transfer (DMZ) and MOVEit Central servers. Authorized users are able to monitor MOVEit activity in popular web browsers from any device. Ipswitch Analytics also simplifies the audit process by managing workflow, transfer, security and audit activity in one centralized location.

Ipswitch Analytics  (click on image to learn more!)
Ipswitch Analytics (click on image to learn more!)

With Ipswitch Analytics, businesses can:

  • Ensure reliable file transfers: Track MOVEit performance indicators such as successful transfers by end-point, peak load performance, and total throughput trends.
  • Automate reporting and distribution for Service Level Agreements (SLAs) and policy compliance: Customize reports, establish distribution lists with fine-grained access control and schedule auto-generated reports for delivery. Email alerts are sent to authorized users as reports are generated.
  • Manage workflow, transfer, security and audit activity in one place: Maintain a single view of all MOVEit File Transfer (DMZ) and MOVEit Central Servers activity. Manage key parameters for all file transfer processes such as transfer status, user access, encryption, and file formatting to make data-driven decisions.
  • Simplify the audit process: Use out-of-the-box report templates, or easily create custom reports. Drag-and-drop elements to organize presentation of key metrics to validate compliance with SLA, regulatory and corporate policies.

Feature details:

  • Report Templates – Over 50 out-of-the-box templates to manage workflows, transfers, security and audits. Ease creation of reports by starting from pre-defined templates.
  • Policy Management – Create policies to manage user access. Restrict user’s ability to view data associated with defined organizations, servers, or users.
  • Browser-based UI – Ipswitch Analytics browser-based UI can be accessed by any authorized user from any device or desktop via popular web browsers. The Ipswitch Analytics HTML 5 interface allows dynamic update of data and offers a drag-and-drop user experience.

>>> For more information about Ipswitch Analytics please visit: http://bit.ly/Ipswitch_Analytics.

 

 

521112057Nothing has the ability to put a damper on your Christmas spirits faster than a delayed shipment or a lost package. However, with online shopping on the rise and an ever increasing demand for convenience and speed, added pressure is being applied to delivery services creating more opportunities for issues to arise. In 2013, for example, FedEx handled 275 million shipments between Thanksgiving and Christmas. When retailers made numerous last minute promises for procrastinators, the order volume exceeded shipment capacity and those late shoppers were sadly disappointed when thousands of shipments were delayed or lost.

As with the growing complexity of the holiday shopping season, organizations today are seeing a larger volume of data files flowing across their networks and users across the borderless enterprise are demanding more flexibility in regard to their working environment, devices and applications. Organizations are struggling to maintain control and compliance of their sensitive data.

What these organizations may not know is that Managed File Transfer (MFT) solutions empower IT professionals to automate transfer activities while supporting all the standard secure transmission protocols. IT professionals have insight and control over all files; where they start, where they travel, where they end up – and how to find them. MFT and its automated processes, greater control and increased transparency also reduce risk of security breaches from internal and external sources.

With the lessons learned from last holiday season, FedEx and UPS are preparing for the holiday onslaught and increase in ecommerce by taking more control over their processes and resources. UPS is spending $500 million to update and expand infrastructure by adding 6,000 new loading spots for vans and increasing seasonal hires by 73 percent. These delivery services want to continue their guarantee that when you track your holiday packages, you will know exactly where they are and when they will arrive.

Similarly, MFT functions like a highly successful delivery service. IT knows where your company’s most critical data files are at all times, including who is handling it and where it is going. With MFT, organizations can rest assured that with predictable and secure delivery, extensive reporting, and easy integration with existing IT systems, no files will ever go lost or enter into the wrong hands.

Take control of your deliveries and don’t let anything get you down this holiday season – whether that means tracking files across the business network or tracking your family’s holiday gifts from retailer to your home.

Click here to access our e-guide entitled “The Definitive Guide to File Transfer” In this e-guide, we introduce you to MFT and its importance in today’s data-driven, security-conscious, and compliance-intensive environment; compare MFT to other methods you may be using; and describe how implementing a comprehensive MFT solution can benefit your organization.

'You are Fired!'The popularity of consumer file-sync-and-share solutions such as Dropbox continues to grow, as consumers appreciate the ease with which they’re able to transfer large files, such as photos and videos, to family and friends. While beneficial to consumers, these applications are problematic for IT departments. More and more employees use Dropbox to share corporate files, and don’t fully understand the risk. Organizations must do a better job of warning employees that using online file sharing tools to share sensitive files at work can result in serious penalties, and even termination. Let’s take a look at why:

1. Operating in the shadows.

Companies’ IT departments aren’t able to track when an employee accesses Dropbox to share files and are unable to control which employee devices are able to sync with a corporate computer. This practice, often called “shadow IT,” effectively locks the IT department out of the file-sharing activities of employees. As a result, IT departments are unable to track how files have been modified, determine who has viewed files if sensitive information is leaked, or remotely wipe Dropbox if an employee’s device is stolen.

2. Potential for data theft.

Dropbox has limited security features, and because companies aren’t able to monitor what files are synced to what device, it’s impossible to know whether data has been shared with or accessed by the wrong party, which increases risk of insider threats and data theft.

3. Data loss.

Dropbox has been known to lose customer files (source this) – or fail to back them up at all – meaning that employees run the risk of permanently losing company files, with no way for the IT department to recover them.

4. Adherence to compliance regulations.

Many industries have compliance regulations which dictate that certain files have limited access or remain encrypted during transfer. Because Dropbox is not equipped with secure file regulation capabilities, there is an increased risk that employees are unknowingly violating their company’s compliance requirements.

5. Limited data security.

All employees know that it’s important to protect sensitive files such as financial data or intellectual property documents. Yet Dropbox has limited encryption and security features, which leaves data exposed and at risk of being corrupted or landing in the wrong hands.

While Dropbox and other online file sharing tools are sufficient for sending personal files, these systems simply aren’t capable of securely managing corporate file transfers. There’s certainly a demand among employees for reliable, user-friendly file transfer options, and IT departments should look to meet this need by providing employees with a highly secure alternative, such as Managed File Transfer (MFT) solutions.

FileTalkIf your files could talk, I guarantee that they would have a lot to say. With larger quantities of data being shared across more devices than ever before, we often mismanage our files and lose critical information.

Nearly half (42 percent) of IT professionals report their organization does not mandate secure methods for transferring corporate information according to a recent Ipswitch survey. In addition, 18 percent of IT professionals admit they have lost a critical file and 11 percent have spent more than an hour trying to retrieve that file.

Organizations need to reevaluate their file transfer strategy because let’s face it – our files are not happy with the way they are handled. Here are five things they would tell us if they could:

  1. I don’t feel safe. I need more protection: Cyber incidents occur at an alarming rate and cost the economy billions of dollars each year. It’s important for IT professionals to protect the file transfer server by running frequent penetration tests, vulnerability scans, static code analysis and storing files encrypted so they cannot be easily executed in the servers host OS. Additionally, file transfer solutions must incorporate rigorous control and security measures to meet Service-Level Agreement (SLAs) and compliance requirements. In the healthcare industry, for example, compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA) has fueled businesses to find ways to securely transmit protected health information (PHI) and meet the law’s requirements. Managed File Transfer (MFT) systems are a key component to enable secure file transfer and auditing to support compliance.
  2. If I were to go missing, would anyone care?: Not only are lost files a huge headache for IT, they are also a huge risk for an organization. Losing sensitive information, whether it is patient or financial data, can result in costly damages and cause an organization to fail an audit for non-compliance. MFT systems guarantee delivery of data and track files so IT professionals are aware of their locations and who accessed them at all times.
  3. I want to make my mark in the world: Files want to be seen and leave their imprint in the system. When employees use unauthorized applications, such as Dropbox, to share or download files for personal use, there is a true lack of visibility or audit trails. It’s important that businesses maintain control of company data and keep the flow of data transparent. It’s not just the employee that gets into trouble for sending a file in an unsecure manner; it’s the entire company that suffers, particularly if there is a breach as a result.
  4. I have places to be and little time to spare: In another survey conducted by Ipswitch this year, more than 100 IT professionals highlighted just how stressful a manual approach to file transfer can be: 61 percent equated manual file transfer processes to sitting in traffic. Manually transferring files can slow the transfer process and cause more interruptions for IT. Automated MFT solutions allow for efficient transfers and give back time to the IT department and make them look like heroes when they can quickly automate repetitive transfer-related tasks for business users. MFT allows files to get where they need to be much more quickly and securely.
  5. I want to feel cared for: If your car breaks down, you have AAA come repair your car onsite or take your car to a service station. Files want that same assurance with high availability and disaster recovery features. In addition to the soft costs, such as time and reputation, there are also hard costs that come with being unable to reliably transfer files between employees, partners and customers, including missed SLA penalties, lost business opportunities and impact on supply chain. By leveraging high availability, horizontal scaling, and disaster recovery as part of file transfer processes, organizations can ensure that critical files are delivered consistently and reliably.

I think it’s time IT professionals start listening to their files to understand the existing problems with their file transfer processes. MFT gives files what they want – security, reliability and visibility.

mft 200mIpswitch recently conducted a survey of more than100 IT professionals unveiling that employees feel an overwhelming sense of personal responsibility to protect corporate information or data. While accountability was high (84 percent) from an individual standpoint, 42 percent of respondents indicated that their organization does not mandate methods for securely transferring corporate files or have an automated system in place to mitigate the risk of human error.

The numbers would indicate that a lack of corporate oversight has had a critical impact on business operations for many companies; 18 percent of respondents report they have lost files containing sensitive information, 11 percent have spent more than an hour trying to retrieve missing files, and 10 percent have lost files completely after spending significant time looking for them. Lost or misdirected data has the potential to cost organizations both from a monetary and compliance standpoint.

A few additional findings:

  • 15 percent cite that while their organizations do have a process/method in place for transferring information, employees “go rogue” and regularly work around them,
  • 10 percent report that file transfer methods have caused their organization to be out of compliance with a regulation or corporate policy,
  • 33 percent liken their file transfer process to a library: Files are kept in one place for people to find them,
  • And for 16 percent of respondents, it is like a mediocre delivery service: Files are tracked inconsistently.

So, where does your organization fall within the data protection divide? If there is a lack of corporate oversight of file transfer processes, it might be time to consider a managed file transfer solution. You can find out more about the results in the infographic below. I look forward to your questions and comments!

ipswitch_june24

blog image previewAs an IT professional, this likely sounds all too familiar: Find a way(s) to keep business processes smooth and secure despite your lack of full control or visibility over the movement of files. As the type of data, threats, transfer scenarios and modes all continue to rise, you are expected to keep it all together – all while managing countless other tasks.

But it’s time to disrupt the status quo and resolve some of the pains of file transfer. Ask yourself if you are currently experiencing any of the following:

  • Inadequate security
  • Lack of control
  • Increasing complexity and time consumption when hunting down reports or missing files
  • Invisibility (not the super hero kind, but the kind when you don’t have full view into the transport of important information)

If you answered yes to any of the above, look no further – managed file transfer might be what you are looking for (and might even make you feel like a super hero*).

*Invisibility not guaranteed

Check out our new Managed File Transfer infographic here and tell us your thoughts. null

Grab the PDF of the MFT Infographic here.

QuestionMarkNo matter what line of work you’re in, there’s bound to be a frustrating incident that makes you slam your fists on the desk, look to the ceiling and exclaim, “WTF?!?!” For IT pros, this often stands for “Where’s the File?”

We hear it all the time: File transfer is becoming increasingly difficult. And considering that roughly two-thirds of enterprise file transfers – for content like purchase orders, invoices, travel documents, tax information, etc. – are sent between applications and not people, it’s no wonder that tracking and locating files can be a constant burden –especially when critical business processes go down.

We’ve heard many “Where’s The File?” stories from customers, but we want to hear yours! Consider these examples:

•”My automated file movement triggers order fulfillment for my products, but if the files don’t make it from location A to B, we lose orders, we lose customers, and we lose money…”

” process large video files from around the world and need to get them turned around in a matter of hours for clients. More often than I’d like, the videos either take too long or don’t complete the transfer at all. My video content gets stale, it loses value, and my clients aren’t happy.”

Sound familiar? Have another WTF story? Let us know here: https://www.surveymonkey.com/s/XJ29727

Not only will you get it off your chest, you’ll be entered into our Xbox One contest giveaway! We’ll draw our winner on March 19th – so tell us your “WTF” story today!

derek-brink--security-file-transferIn The Business Case for Managed File Transfer – Part I, a back-of-the-envelope calculation based on the findings from Aberdeen’s research showed the following advantage for companies that use managed file transfer (MFT) solutions, compared to companies that don’t:

Performance Metrics (average over the last 12 months)

MFT
Users

MFT
Non-Users

MFT Advantage

Errors / exceptions / problems,
as a percentage of the total annual volume of transfers

3.3%

4.5%

26%

Time to correct an identified error / exception / problem

81
minutes

387 minutes

4.8-times

Annual cost of lost productivity for senders, receivers, and responders affected by errors / exceptions / problems

$3,750

$23,975

6.4-times

It’s very tempting to simply stop the analysis here – how much more compelling a business case in favor of MFT does there need to be?

But think about this: when we work with averages in this way, there is by definition a 50% likelihood that the actual values will be higher than those that we used in our calculations, and a 50% likelihood that they will be lower. Said another way, there’s virtually no chance that our calculations will end up being precisely right.

When you really think about it, our previous analysis tells us almost nothing about the reduction in file transfer risks from using a MFT solution – remember that risk is defined as the likelihood of the issues, as well as the magnitude of the resulting business impact. If we aren’t talking about probabilities and magnitudes, we aren’t talking about risks! It should make us consider how useful to the decision-maker our previous analysis really is.

The solution to this problem is to apply a proven, widely-used approach to risk modeling called Monte Carlo simulation. In a nutshell, we can carry out the computations for many (say, a thousand, or ten thousand) scenarios, each of which uses a random value from our range of informed estimates, as opposed to using single, static values. The results of these computations are likewise not a single, static number; the output is also a range and distribution, from which we can readily describe both probabilities and magnitudes – that is, risk – exactly what we are looking for!

Applying this approach to the assumptions used in Part Ifeel free to go back and refresh your memory – results in the following:

INPUTS

Lower Bound

Upper Bound

Mean

Units

Distribution

Annual volume of file transfers

1,000

1,000

1,000

transfers

n/a

Number of errors, exceptions, or problems as a % of annual volume
MFT non-users

1.0%

8.0%

4.5%

issues / 1,000 transfers / year

normal

MFT users

0.0%

8.0%

4.0%

issues / 1,000 transfers / year

triangular

Time to respond, remediate, and recover
MFT non-users

0.083

13.0

6.54

hours

normal

MFT users

0.083

3.0

1.54

hours

uniform

Number of working hours per employee per year

2,080

2,080

2,080

hours / employee / year

n/a

Cost of lost productivity for users
Number of users affected by issues

2

2

2

employees

n/a

Fully-loaded cost per user per year

$50,000

$250,000

$150,000

$ / employee / year

triangular

% of user productivity lost during time to respond, remediate, recover

10%

60%

35%

% of downtime

normal

Cost of responders
Fully-loaded cost per responder per year

$50,000

$150,000

$100,000

$ / employee / year

normal

% of responder productivity lost during time to respond, remediate, recover

100%

100%

100%

% of downtime

n/a

Using a Monte Carlo model to carry out exactly the same calculations as before – only this time over 10,000 independent iterations – yields the following comparison of MFT users and MFT non-users:

derek brink companies using MFT

It can be a little tricky at first to read this chart, so I have tried to summarize some of the information it provides in the following table:

For every 1,000 annual file transfers, there is a(n)

MFT Non-Users

MFT Users

MFT Advantage

80% probability of the annual cost being greater than

$7,000

$600

91%

50% probability of the annual cost being greater than

$20,500

$2,250

89%

20% probability of the annual cost being greater than

$41,500

$6,000

86%

Note that at the 50% likelihood level, these values are similar (but lower) than those from our previous, back-of-the-envelope approach – this is because the Monte Carlo model uses a more accurate, non-symmetrical distribution (i.e., a triangular distribution) for the fully-loaded cost of senders and receivers. This reflects the reality that the majority of enterprise end-users are at the lower end of the pay scale, while still accommodating the fact that incidents will sometimes happen to the most highly-paid individuals. This is yet another reason why we should think more carefully about using simple means (averages) in our analysis!   Taken as-is, we can use this information to advise our business decision-makers using risk-based statements such as the following:

  • For every 1,000 file transfers, we estimate with 80% certainty that the annual business impact will fall between $2,000 and $56,000 for MFT non-users … and that it will fall between $500 and $8,500 for MFT users
  • For MFT non-users, we estimate an 80% likelihood that the annual business impact will be less than $41,500 … but for MFT users, there’s an 80% likelihood that it will be less than $6,000

Remember that my comments from the previous blog still apply: this analysis incorporates some, but not all, of the associated costs – so the actual risk is understated. But if this wasn’t already a sufficient business case for a MFT solution, we could easily go ahead and estimate additional costs related to errors, exceptions, and problems with file transfers, such as loss of current / future revenue, loss or exposure of sensitive data, and repercussions of non-compliance. I haven’t attempted to model these costs here, but it seems clear enough that if we did then the gap between MFT users and MFT non-users would grow even wider.

Remember also, these calculations were done on a volume of 1,000 file transfers per year – you can easily scale these up to reflect your own environment. It’s pretty easy to see that it doesn’t take very much volume to justify the cost of implementing and supporting an MFT solution. (In fact you might even save in operational costs, from the benefits of having a more uniform and efficient file transfer “platform”.)   The essential point is that we can use these proven, widely used tools to help to make better-informed decisions about file transfers that are based on our organization’s appetite for risk. As security professionals, this means that we will have done our job – and in a way that’s actually useful to the business decision-maker.

You also may be interested in the Aberdeen White Paper with this underlying research “From Chaos to Control: Creating a Mature File Transfer Process,” as well as these audio highlights from a recent webinar on this same topic of quantifying the benefits of Managed File Transfer.

Just what is managed file transfer (MFT)? It’s easy to think of MFT as little more than file transfer on steroids, or a super slick FTP server. But MFT is more than that because the problems IT administrators solve with MFT demand more. Our customers don’t move files for fun – they move files to get work done.

MFT is a category of middleware software that ensures reliable, secure and auditable file transfer to enable critical business process. But even though File Transfer is at the core of MFT, it’s the M in MFT that sets the category apart.

Back in the Day…

There was a time when an organization in need of file transfer infrastructure would reach for a basic FTP server by default. That was the answer if you needed to make files available to partners, create a space where partners could drop files into a process, and script all around those activities to keep things moving while maintaining some sense of security. But as file volumes went up, and the range of processes that involve file exchange broadened, so too did the number and variety of software solutions that could help to accomplish the goal.

In recent history, we have seen the emergence of a new category, so called Enterprise File Synchronization and Sharing (EFSS). This category of mostly personal tools helps individuals share files between their myriad devices, including smartphones, tablets, home and work computers. While easy for end users, these mostly cloud services have become a real problem for IT departments. That’s because the simplicity, openness, and device-friendliness they allow come at a real costs to the control, visibility, and security protections that are the IT department’s responsibility.

New Demands for Security and Compliance

In addition to pleasing end users, IT also has to please the businesses they serve, and on that side of the ledger things have grown more complex too. Today, the variety of business processes that depend on reliable file transfer is up and the volume of transfer activity is up. The need to manage all of this activity under a tighter security and compliance regimen means nothing can be left to chance.

Where simple FTP was once sufficient, today IT has to reach for more capable infrastructure that mixes the end-user simplicity of EFSS with the reliability of FTP and the business-process focus of integration middleware. But they need to do this in a way that doesn’t inadvertently make what has traditionally been a solvable problem into a messy, bespoke custom development situation. The last thing they want to do is to engage “solutions vendors” with their bag of forty tools, complemented by expensive internal developers and systems integrators.

This is where MFT fits in.

MFT is a purpose-specific class of middleware focused on the reliable transfer of files between business parties, using simple, secure protocols and easy-to-understand models of exchange. But it’s fortified with security, manageability, scalability, file processing and integration, and business-reporting options that allow IT to deliver more sophisticated, controlled file-transfer solutions without slipping into the custom-code abyss.

What is Managed File Transfer
Future posts will look at each of the components of Managed File Transfer (MFT)

In a series of upcoming posts, I and my colleagues will explore each facet of MFT, including:

  • Tools for end-user access: ­ The ways users can participate in MFT-driven business processes using the skills they already possess, and tools that leverage already familiar activities, like sending email attachments or working in local folders.
  • File-transfer automation and workflow: ­ Explores the ways that file transfer can be put to work, either through the handling and preparation of files for further processing, or the standards-based handoff of files, metadata, or both to the next step in a business process.
  • Reporting and analytics: ­ Will look at the importance of visibility into the volume, history, and current activity of a 24/7 MFT flow into and out of your business, and the importance of end-to-end visibility in linking that traffic to your business.
  • MFT administration: ­ Will explore a range of topics, from security and compliance to topologies that deliver high availability, performance under load, and efficiency of operations.

So stay tuned…

NHBC Logo
“Ipswitch FT’s secure MOVEit solution gives us full visibility and management of file transfers, and enables us to avoid fines of up to £250,000 for non-compliance…”Wayne Watson, information security manager for NHBC 

The National House-Building Council (NHBC) , the UK’s leading home warranty and insurance provider has greatly expanded its use of MOVEit to ensure the organization adheres to  file transfer best practices, while meeting compliance with internal standards and external regulators, including the Financial Conduct Authority (FCA).

Securing Builders’ Drawings, Architectural Designs, Legal Files and More
Secure, managed file transfer (MFT) is a high-priority for NHBC. In the past six months alone, the company has doubled the number of employees successfully using MOVEit, with over 200 active users now securing file transfers. Its business straddles the heavily regulated insurance and building sectors, and daily activities demand a constant flow of secure, confidential, copyright and personal documents and communications. These include builders’ drawings, architectural designs, legal files and more, sent between internal departments and on to external stakeholders such as solicitors, lawyers, builders, architects and homeowners.

No More File Sharing Via USB drives, Email Attachments, or Unsecured Apps
By using Ipswitch File Transfer’s MOVEit system as a compliance solution, NHBC now meets strict ISO 27000 internal security standards and exceeds compliance and regulation requirements such as those set by the FCA and the Data Protection Act (DPA). Previously, NHBC employees had to encrypt and share files via SD cards, USB drives, CD-Rs, email attachments and an assortment of unsecured web-based file sharing apps. But a tremendous shift in attitudes in recent years has led to more organizations like NHBC integrating MFT platforms, making unsecured email attachments and portable media things of the past.

Wayne Watson, information security manager for NHBC, said: “Ipswitch FT’s secure MOVEit solution gives us full visibility and management of file transfers, and enables us to avoid fines of up to £250,000 for non-compliance, as well as maintaining our company’s 75-year trusted reputation.”

Every organization that values security is facing challenges in how it secures information shared between people, either inside the company or with people outside the company such as customers or partners.

Jeff Whitney, VP of Marketing, sat down with Enterprise Management 360 Editor David Tran to discuss trends and issues around person-to-person file sharing within business. 

EM360°: What are you seeing as the key trends today impacting person-to-person file sharing within businesses?

Jeff Whitney: There are essentially three key trends in person-to-person file sharing.

First of all, taking a few steps back, it has only been a few decades ago, in a work world that’s now long forgotten, that IBM mainframes ruled the world. In the good old days, the vast majority of confidential company and customer information was locked down in those mainframe computers. People were only able to access it by wading through computer printouts, or if they were lucky, by accessing large cathode ray VCT terminals. People couldn’t get hold of that information and risk sharing it elsewhere.

But today, the work world is entirely different. Today businesses are dominated with knowledge workers who have personal computers, and each one is far more powerful than those old mainframes. These PCs are filled with confidential company and customer files.

The second trend is that, with all the information that knowledge workers have, they are sending an ever-increasing volume of information to their extended enterprise; to their suppliers, shipping vendors; and their customers and every imaginable type of data being shared including legal documents, patient records, loyalty data, package locations, insurance claims, account information, purchase orders, x-rays, test results, and investment information, just to name a few.

The third trend is, with all of this going on, IT hasn’t been able to keep up with this flow of information, and there is a plethora of easy ways that employees can use to transfer files. For instance: company email, personal email and consumer collaboration systems like Dropbox.  Employees are using these non-secure systems because IT hasn’t been able to provide them with solutions that are convenient enough. They are not knowledgeable of these security risks, and all they want to do is get their work done.

EM360°: From a corporate perspective, what security risks and challenges are therefore in place that management, IT and security professionals need to be aware of?

These file-sharing techniques that employees are using can create security breaches. Even company email is often not secure as it is coming across in an unencrypted way.

You could be breaking corporate compliance obligations — if you are in financial services, in healthcare, or any number of other places who have policies or compliance regulations.

There is a true lack of visibility of Audit trails. You lock down your cash, so you know what is happening to your cash. And yet knowledge is regarded as far more important to businesses, or at least as important as cash. Yet, we are letting that knowledge flow back and forth in very non-secure manners. And the reality is who will get in trouble if that happens — is it the employee who sends it? Definitely. But equally, the senior manager is going to walk into the IT department, asking why IT hasn’t provided their workforce with solutions that can protect secure the data and provide the governance and compliance the business needs. 

EM360°: So now let’s get to the survey. We see your eBook states that 84% of respondents acknowledge they send classified or confidential information as email attachments. That’s astounding. What do you see driving that behavior?

It is really driven by the fact that employees are just trying to get their job done. They are surrounded by solutions — personal email, consumer collaboration tools — that allow them to share information in a very easy to use and rapid form. They carry that over into their work lives. If they know that they could send a file very quickly using a readily available consumer tool, they are not going to wait around for a member of the IT department to help them.

I think it’s actually very appropriate to discuss the magnitude of file-sharing. You mentioned that 84% are using or sending confidential information using these kinds of tools. In that 84%, they are actually sending classified emails with email attachments, which I have reiterated before, is not secure.

Almost three quarters of those — 72% — are doing it weekly, and more than half are doing it every day. This is a major issue.

In fact it gets even worse as employees aren’t using only their work emails, but instead are using their personal email. Some 50% are using their personal emails to send over work attachments. 40% say it’s because it is faster and more convenient. 35% say it is because of file size issues. And 30% say their IT department can’t monitor or audit. They are sending over confidential company information, and for some reason, they do not want IT to monitor that. It’s wrong.

Additionally, 50% are using file sharing websites, and of those, a quarter are doing that weekly, and some of those websites are well known for data breaches and have been publicized for it over the past few months.

EM360°: Jeff, there’s a set of risks in place with most organizations today. So what can companies do to balance the needs of the employee vs. the organization?

What companies need to do is to provide secure managed file transfer capabilities for their employees that they will readily adopt.  These tools need to be convenient, straight-forward, and allow fast transfer of knowledge. And for the business, it needs to provide the security and governance (control, security, compliance) that companies demand. You need to have both; it isn’t just one or the other.

IT isn’t just sitting on resources that are readily available to attack any issue. This issue has just blown up so quickly that IT has been slow to respond. Our survey shows that only 25% of IT organizations actually enforce the usage of IT-sanctioned tools. Only about 40% of organizations have visibility into the movement of their confidential data in and out of their business. And only about 15% receive confirmation of when critical data is being delivered.

As I said, IT organizations haven’t been able to catch up with this trend, and they haven’t provided the solutions that are out there to address this.

So how is Ipswitch File Transfer addressing this increasing need that you’re seeing for secure person-to-person file transfer within organizations?

Ipswitch File Transfer has a long history of providing managed file transfer capabilities for organizations, specifically for IT to manage these issues.

Our MOVEit™ Ad Hoc Transfer solution enables employees to send and receive files and messages between individuals and groups using an Outlook or a simple browser interface.  MOVEit™ meets employees’ needs for convenience, ease-of-use and speed and IT’s need for governance, including control, visibility, security and compliance.

EM360°: Jeff, thank you for sharing your insights with us. The eBook Jeff mentioned is available and includes the full details of the research we have cited around the risks of person-to-person file transfer within business.  

Ericka Chickowski did a nice job in her Dark Reading article on how old-fashioned FTP introduces unnecessarily levels of compliance and security risks to organizations.  And here’s an alarming data point from Harris Interactive – approximately 50% of organizations are currently using the FTP protocol to send and exchange files and data.

Talk of security concerns with FTP is certainly not new.  FTP was never designed to provide any type of encryption, making it possible for data to be compromised while in-transit.  A common answer for this is to use encrypted standards-based protocols such as SSL/FTPS and SSH/SFTP.

Luckily, modern managed file transfer solutions deliver not only the security you know your business requires, but also the visibility and control that IT needs to properly govern company information.

Ipswitch’s Greg Faubert offers his thoughts in the Dark Reading article:

“While FTP is a ubiquitous protocol, depending on it as a standard architecture for file exchange is a bad strategy…. The PCI standards look specifically at the security surrounding your FTP environment. It is a significant area of focus for auditors, and they will fail companies in their PCI audits for a lack of adequate controls.”

And yet, somehow, many organizations continue to rely on unencrypted FTP to transport mission-critical or sensitive information.  For those guilty, here are a few steps to help you get started in migrating away from antiquated FTP.  And don’t worry, it won’t be painful.