Don’t look now, but you and your IT team may be in the trucking and secure-transport business. And naturally, you’ll need end-to-end encryption.

Every day, your business is a virtual loading dock, packaging data and shipping it out to users who, now, have more than one way to receive it. All of it is valuable, or you wouldn’t be transferring it. And much of it is highly sensitive, filled with your intellectual property and your customers’ financial information.

With respect to file transfer, you’re probably transferring larger files (and more of them). With respect to the cloud, much of this file warehousing takes place at remote locations where your data gets trucked over the Web. And with regard to today’s highly sophisticated cybercrime rings, hackers would love to get their hands on it before it hits its destination. Securing it for transit with end-to-end encryption is, without a doubt, a pretty darn good idea.

What Is End-to-End Encryption?

What exactly is end-to-end encryption? Wired‘s Andy Greenberg said it best: a procedure in which “messages are encrypted in a way that allows only the unique recipient of a message to decrypt it, and not anyone in between.”

The servers that forward the file along the pipeline act as “illiterate messengers” passing along messages whose contents they can’t read themselves. More specifically, this form of encryption relies on public-key cryptography, wherein the user provides a public key that anyone can use to encrypt a message. However, only the user’s personal key can decrypt it to read the information.

To put it another way, the truck drivers don’t carry a key to the trailer’s cargo door, so they can’t be tricked or suborned into letting the truck get pilfered.

Data Protection Is In Your Hands

Vendors promise to encrypt files in transit, but this means the trucking company holds the key to the data, not you. Their security may be excellent, but you don’t have control over it. What’s this mean? You shouldn’t rely solely on their protection.

The list of big-enterprise breaches keeps growing, Target and Sony falling victim to two of the most spectacular as of late. Regarding a recent hack of British telecom carrier, TalkTalk, Jeff Goldman at eSecurity Planet quotes one security specialist’s advice: “Any company that collects, stores or transmits personal information needs to encrypt that data at rest and in transit.”

Apart from shipping your data on storage media in a physical lockbox, encryption is the only tool that can protect your data while it is in someone else’s possession.

Encryption Helps After Data Theft Has Occurred

The use of encryption points to a couple of fundamental points about security. One is that no security technology, including this one, is invulnerable. A so-called man-in-the-middle attack can trick senders into using the attacker’s public key rather than that of the intended recipient. Or, an attacker can hack your own computer and simply steal your private key.

These security measures can’t make data theft impossible; rather, it’s all about making data theft as difficult as possible. Encryption increases the chance that even if data is physically stolen, those behind it will be unable to read or use it.

Keep in mind that the subjective nature of security means there’s nothing wrong with adding multiple layers of protection. As noted at ZDNet, security experts consider it best practice to encrypt data in this way at all times — at rest as well as in transit. End-to-end encryption works particularly well in the latter, adding that critical extra layer of protection while data is out on the open superhighway and exposed to the world’s most precise attacks. Don’t let your data leave home without it.

Protecting-FTP-Servers-Exposed

Possibly not. The Internet’s venerable File Transfer Protocol (FTP) is usually supported by Managed File Transfer (MFT) systems, which can typically use FTP as one of the ways in which data is physically moved from place to place. However, MFT essentially wraps a significant management and automation layer around FTP. Consider some of the things an MFT solution might provide above and beyond FTP itself—even if FTP was, in fact, being used for the actual transfer of data:

  • Most MFT solutions will offer a secure, encrypted variant of FTP as well as numerous other more‐secure file transfer options. Remember that FTP by itself doesn’t offer any form of transport level encryption (although you could obviously encrypt the file data itself before sending, and decrypt it upon receipt; doing so involves logistical complications like sharing passwords or certificates).
  • MFT solutions often provide guaranteed delivery, meaning they use file transfer protocols that give the sender a confirmation that the file was, in fact, correctly received by the recipient. This can be important in a number of business situations.
  • MFT solutions can provide automation for transfers, automatically transferring files that are placed into a given folder, transferring files at a certain time of day, and so forth.
  • MFT servers can also provide set‐up and clean‐up automation. For example, successfully‐transferred files might be securely wiped from the MFT server’s storage to help prevent unauthorized disclosure or additional transfers.
  • MFT servers may provide application programming interfaces (APIs) that make file transfer easier to integrate into your internal line‐of‐business applications.
  • MFT solutions commonly provide detailed audit logs of transfer activity, which can be useful for troubleshooting, security, compliance, and many other business purposes.
  • Enterprise‐class MFT solutions may provide options for automated failover and high availability, helping to ensure that your critical file transfers take place even in the event of certain kinds of software or hardware failures.

In short, FTP isn’t a bad file transfer protocol—although it doesn’t offer encryption. MFT isn’t a file transfer protocol at all; it’s a set of management services that wrap around file transfer protocols—like FTP, although that’s not the only choice—to provide better security, manageability, accountability, and automation.

In today’s business, FTP is rarely “enough.” Aside from its general lack of security—which can be partially addressed by using protocols such as SFTP or FTPS instead—FTP simply lacks manageability, integration, and accountability. Many businesses feel that they simply need to “get a file from one place to another,” but in reality they also need to:

  • Make sure the file isn’t disclosed to anyone else
  • Ensure, in a provable way, that the file got to its destination
  • Get the file from, or deliver a file to, other business systems (integration)

In some cases, the business might even need to translate or transform a file before sending it or after receiving it. For example, a file received in XML format may need to be translated to several CSV files before being fed to other business systems or databases—and an MFT solution can provide the functionality needed to make that happen.

Many organizations tend to look at MFT first for its security capabilities, which often revolve around a few basic themes:

  • Protecting data in‐transit (encryption)
  • Ensuring that only authorized individuals can access the MFT system (authorization and authentication)
  • Tracking transfer activity (auditing)
  • Reducing the spread of data (securely wiping temporary files after transfers are complete, and controlling the number of times a file can be transferred)

These are all things that a simple FTP server can’t provide. Having satisfied their security requirements, organizations then begin to take advantage of the manageability capabilities of MFT systems, including centralized control, tracking, automation, and so forth—again, features that an FTP server alone simply can’t give you.

– From The Tips and Tricks Guide to Managed File Transfer by Don Jones

To read more, check out the full eBook or stay tuned for more file transfer tips and tricks!

Ipswitch has launched a new version of our WS_FTP Server solution.  Customers can now deploy WS_FTP Server in a failover configuration.

WS_FTP Server can now be configured to support automatic, unattended failover, enabling your organization to easily achieve high availability for your file transfer processes.  Not only will you increase system uptime, reliability, and performance, but you will now be able to provide uninterrupted access to file transfer users – all critical for helping your company deliver exceptional business performance and meet service level agreements around availability.

Take a quick minute and watch  Ipswitch’s Jonathan Lampe share his thoughts on our new failover capability for WS_FTP Server:

Sometimes it feels like Murphy’s law is in full-swing. Everything that could go wrong does go wrong. As an IT admin this can be particularly frightening when the well-being and success of a business relies heavily on the integrity of its IT infrastructure.

Fortunately, when there is impending doom, WhatsUp Gold’s comprehensive Network Management Solutions can alert you to a problem before users notice anything, so it can be resolved with little to no repercussions. However, there can be times when the visibility of your network is impeded. In this case you would normally be up ____ creek without a paddle. But, with the WhatsUp Gold Failover Manager plug-in you have one more, high availability trick up your sleeve.

WhatsUp Gold Failover Manager enables the configuration of a Primary and Secondary server both running the exact same version of WhatsUp Gold. With Failover Manager in place, WhatsUp Gold continues to collect data and run critical monitoring services during planned or unplanned downtime:

  • Set up Primary and Secondary WhatsUp Gold servers for manual or automatic failover
  • Select specific event occurrences and conditions that can trigger ‘failover’ and ‘failback’
  • Ensure monitoring data protection through the support for remote database operation
  • Remotely manage the failover process from anywhere on the network
  • Report failover actions in the Alert Center for single console operations management
  • Virtually eliminate the risk of ‘dark periods’ or monitoring data loss

Interested in learning more about insulating yourself from network failure with WhatsUp Gold Failover Manager?

Take advantage of our limited-time offer: Save 10% on Failover Manager and receive a FREE copy of the new Engineer’s Toolkit when you purchase before September 30th!

Enhanced by Zemanta