Last week we broke down the real-world benefits of managed file transfer (MFT) as part of our ongoing series around our new reference book, Managed File Transfer for Dummies. This week, we share highlights from the final chapter, which looks at ten major MFT requirements to take into consideration when choosing an MFT solution, and they include:

Click on the image to download your free copy of Managed File Transfer for Dummies today!
Click on the image to download your free copy of Managed File Transfer for Dummies today!
  1. Automation: The most important item is whether your MFT solution will automate your file transfer tasks and eliminate the need to write and maintain scripts, eliminate manual tasks, along with eliminating the need for extensive training
  2. Single System Capability / Centralized Logging: You should always demand a single system capable of satisfying all methods of file transfer, along with complete centralized logging of all file transfer activities enterprise wide
  3. Integration with IT Security Infrastructure: Ensure that your MFT solution integrates with your existing services. You want to use your existing infrastructure, rather than creating yet another directory or security service provider.
  4. Accessibility: As business becomes more responsive, it becomes necessary to invoke file transfers or verify operations from many locations and devices.
  5. Self-administration: MFT solutions enable users to self-provision, having the ability to on-board new partners and invite users to participate in secure file transfers, freeing the IT admin to perform other tasks.
  6. Easy Deployment in the Cloud and On Premise: Your MFT system should not only be friction-free in the initial set up and configuration, but ongoing activities such as adding new users and partners as well as performing feature updates should also be easily accomplished.
  7. End-to-End Encryption: It’s always a good idea to have end-to-end encryption, meaning the data isn’t merely encrypted on the network, but encrypted while sitting on storage devices. You need an MFT system that supports all the popular encryption techniques.
  8. Guaranteed Delivery, Non Repudiation, and Expiration Rules: Depending on your security desires, you may need an MFT solution that guarantees delivery and prevents the receiver from changing the document or saying he or she never received it.
  9. Scalability: When your activity levels overload one server, you should look for an MFT system that will spread the workload across all available servers automatically, while providing management and control.
  10. Automatic Failover Capabilities: Having automatic failover capabilities ensures that any file transfer in process is continued or restarted and that any new scheduled or ad hoc requests will be honored even when there is a service interruption.

>> If you’re interested in learning more about the benefits of MFT, download a free copy of Managed File Transfer for Dummies!

Capturerrr
Download your free copy of Managed File Transfer for Dummies today!

Last week, we shared some insight from the first chapter of our new reference book entitled Managed File Transfer for Dummies. This week, we’ll take a look at some highlights from Chapter 2.

Whether by regulation or by a business need, data often needs to be kept secret. Managed file transfer provides many security mechanisms and offers the flexibility to ensure compliance with data privacy regulations and policies. When thinking about secure managed file transfer, you should consider three areas:

  • Compliance: Compliance means conforming to every relevant legal, professional and company standard. For example, a bank or retail company that offers credit card services needs to comply with PCI‐DSS. Audit teams look at the policy and ensure that the actual operations satisfy requirements, often by examining log files and IT systems documentation. Any managed file transfer solution you pick should both specify and prove it’s compliant with the standards important to your business.
  • Audit: One role of audit is when it’s used during an investigation — to find out how the problem happened, when it happened, and what failed. The best managed file transfer systems will provide logging capability and configurable security alerts.
  • Real‐time visibility: Sometimes you need to know exactly what’s going on right now. Your managed file transfer solution should log each and every event to a central database, whether the event is the start of a transfer, the completion or errors. That tells you what has just happened in the system, and you may want to watch in real-time to manage performance and investigate various alerts.

Careful consideration of security needs is important because unauthorized access to data with PII/PHI for one record or millions of them could result in significant fines and have a large and lasting negative impact on your business.

>> Be sure to check back next week when I highlight Chapter 3. In the meantime, download a free copy of Managed File Transfer for Dummies today!

Last week, we announced the release of our new reference book entitled Managed File Transfer for Dummies, written by security expert Randy Franklin Smith.

Click to get your free copy of Managed File Transfer for Dummies
Click to get your free copy of Managed File Transfer for Dummies

Over the coming weeks, we will provide a sneak peek into each chapter of the book. Here’s a glimpse at Chapter 1:

There are many different ways to transfer data, but most of them are manual, unmanaged and often insecure:

  • Email: Although email is the most common and convenient, it is prone to error due to invalid addresses, delivery failures and file size limitations. It’s also not easily tracked or automated.
  • Physical transport: Physically transporting data with a thumb drive is best used for the casual transfer. Downside: It’s a common vector for virus propagation and isn’t “managed.”
  • Enterprise file sync and share: Services like Dropbox and other file sync and share solutions are popular ways to share files for collaboration between small groups of people, but presents a juicy target to cyber thieves because they hold large amounts of data from many companies in the same cloud.
  • File transfer clients and servers: File Transfer Protocol (FTP) is another method that is quite common and may be used explicitly through FTP commands. However, transferring data via FTP is very difficult to automate, secure, track and manage.

A good Managed File Transfer (MFT) system can often replace all the other methods described above, depending on your organization’s needs. MFT is automated and secure through a server (or multiple servers) that are configured and used to control transfers to and from people and processes. By using MFT as a single solution, it allows organizations to lower risks and cost for moving files across the borderless enterprise. Be sure to check back next week to read more on Chapter 2.

In the meantime, download a free copy of Managed File Transfer for Dummies today.

For the second installment of my three-part series on file transfer encryption for Ipswitch, I’ll go a little deeper into the how-to’s. (These posts are based on a recent webinar I did with the folks here, available for replay.)

encryption
How will you use file encryption to protect data?

Understanding the basics of file transfer encryption is absolutely critical for securing your file transfer data. However, solely understanding the basics won’t do you much good. You also must understand how exactly you can use it to secure your company’s most private files, and to create an exceptional trail with no unbroken chain of custody. ‎

How will you use encryption?

The type of encryption being used is not as important as how the encryption is done. You must understand how the keys are managed, and the proclivity for files’ encrypted copies to become lost and to fall into the wrong hands.

Utilizing a fairly modern encryption algorithm or product (such as PGP) is a great start, but what it really boils down to is the key handling and execution. If this process is too complicated then someone will end up bypassing it and, most likely, utilize another application (such as Dropbox). This means that every step you took to privatize and secure your data is completely lost. You have completely circumvented the PGP encryption.

Keeping your data integrity

Many of these transaction files have direct financial impact. As scary as this will sound, unauthorized modification transaction is one of the easiest ways to commit fraud.

There is no “one size fits all” for data integrity and file transfer. You have to support the different protocols and types of encryption based on what works best for your company specifically. Although PGP provides data integrity – it enables the user to sign the data and the file to ensure that it wasn’t modified while in transit – it’s just a part of the solution.

Some organizations chose to utilize manual tracking in order to ensure that their check sums are not tampered with at the end of a transaction. However, this completely stands in the way of automation and slows down the process.

Utilizing access control

How different parties access and upload their personal files, while not giving access to other parties’ files, can become incredibly complicated. Many companies find that it become even more difficult when they’re using FTP or custom web applications. Here, if you get past the first level of security, then generally everyone can receive access to everyone else’s files.

Utilizing access controls for both passwords and accounts are critical. If you don’t have a policy built in then your company becomes very vulnerable for attack. But if you do have a policy, be sure to think about how you will be able to unlock accounts when they become mistakenly locked. Also bear in mind that FTP and custom applications are found to be very insecure as well. There is rudimentary authentication in both and many, many holes.

Understanding compliance auditing requirements

Anything that comes into compliance brings with it the need to be audible, or the ability to have a regular trail to track. You must be able to show each access and operation on a file: downloads, uploads, when it was deleted, when it was encrypted, if/when it was decrypted, when it was deleted after being decrypted, etc.

If you choose to use FTP then you will have an audit trail in both your FTP logs and in the file system for the files exposed to FTP. However, relying on native auditing like will be extremely difficult because the information is fragmented, making it extremely cryptic and difficult to interpret – let alone correlate – with one other. Custom web apps are difficult to use because there is no audit log. You will have to employ someone to modify the code to include this tracking capability.

What do you find the most difficult about auditing data for a file transfer? Be sure to leave your thoughts in the comments section below.

Next Steps

If you’re interested in learning more about encryption and file transfer security, be sure to check out the full webinar by clicking here.

And you’re always welcome to visit my own site (UltimateWindowsSecurity.com) for news and analysis.

Randy Franklin Smith
Click here to access replay the “File Transfer Security: Top 8 Risks to Assess & Address” webinar

 

 

My name is Randy Franklin Smith and I’m guest blogging a three-part series on file transfer security for Ipswitch, starting today with the important of file transfer encryption. These posts are based on a recent webinar I did with the folks here, available for replay if you like.

Encryption Options

The Internet is a scary place for businesses, which is obviously why many are paying closer attention to best practices for securing their file transfers. Among those best practices: encryption. Basically, there are three options for encrypting file transfer data: FTPS, SFTP and HTTPS. All three are heavily used for internal to external, or business to business, transfers.

Lock down your file transfer data at rest and in motion
Lock down your file transfer data

The fastest of the three and the most widely implemented option is FTPS, or FTP over SSL. However, it has both implicit and explicit notes, and a range of data ports must be available for use, whereas SFTP only requires one port, making it the one of the simpler options for encryption.

On the other hand, while FTPS and SFTP are great to use within servers, HTTPS is better for interactive, human-based transfers. Ultimately, all three of these options (FTPS, SFTP and HTTPS) will automatically and transparently encrypt a company’s data and protect it from being snipped as its traversing over the Internet, it just boils down to your specific company’s needs for which one is right for you.

Why It’s Crucial to Encrypt Data at Rest …

Not only is it important to encrypt data as you transfer files from one server to the next, but it is equally important to protect and encrypt these data as it rests on your home server. Why? Two reasons. One, data exchange files are particularly vulnerable because it’s a file in a very easily-consumed format. Encrypting this resting file adds a new level of protection against potential hackers. Two, file transfer servers on the internet are more exposed to an attack.

By encrypting data at rest, the hacker would not only have to break into the server, but they would also have to find the key to decrypt the data. This will make their task longer and more strenuous, and enables your organization with ample time to notify the authorities and track down the hacker.

Yes, your company may be utilizing a firewall, DMZ or a reverse proxy, but even with these things in place you’re still relevantly exposed because all three are connected to the outside world, while a file transfer is not. During this day of cyber theft, it’s important for organizations to take a strategic and defensive approach by protecting their data – regardless as to whether it is in motion or at rest.

Data That May Be Accessed By or Shared With Third Parties

When a company shares a file with another company, they typically are using a storage vendor that has automatic encryption. However, these storage vendors typically require that all of your users are authenticated to a domain before use. So what happens when you need to transfer a fire to a company that has not been authenticated? What options do you have? Must you only work with vendors that have been authenticated? Your company will need a different way of ensuring that the files, both being transferred and at rest, are encrypted.

Most companies have a policy in place that every file needs to be encrypted before it’s transferred, typically using PGP. PGP is a failsafe for companies to ensure that if someone uploads a file, that it’s encrypted without the third party having to be tech-savvy and implementing it. However, while PGP is valuable, there is the potential that something will break and the file won’t be PGP encrypted.

Is PGP Alone Good Enough to Manage File Security?

So what happens with PGP breaks? Or better yet, is PGP strong enough to protect a company’s most crucial and private files? Many customers leverage PGP and praise its effectiveness. And, yes, PGP is incredibly effective in the hands of security experts and practitioners. These professionals understand security cyphers and keys, and know how to fix something if it breaks.

However, for the less tech-savvy among us, what happens is a scenario similar to this: We are given a login for decrypting a file transfer. If we are unable to figure it out, we typically ask someone else in the office for help. Now this code is no longer private, because someone else has been given access.

Simply put, you wouldn’t implement a firewall and state that your entire network is safe. No, you would take the precautious measure to ensure your employees and your customers that your system is secure. And this is exactly how PGP should be treated. You should have PGP in place, but you should also take the extra security measures to ensure that your network is protected.

Next Steps

If you’re interested in learning more about encryption and file transfer security, be sure to check out the full webinar by clicking here.

And you’re always welcome to visit my own site (UltimateWindowsSecurity.com) for news and analysis.

Randy Franklin Smith
Click here to access replay the “File Transfer Security: Top 8 Risks to Assess & Address” webinar

 

 

 

Moving files from Point A to Point B…if only it were that simple. As the number of files being transferred continues to rise, so does associated costs. Likewise, as technology evolves, so does the need to ensure security and compliance.  So how can your organization determine the best way to go about transferring files securely? …in compliance with regulations? …and without breaking the bank? All very important questions.

Guide to Managed File Transfer
Guide to Managed File Transfer

No surprises here that the answer (to all of them) is a Managed File Transfer solution. As we explain in our Definitive Guide to Managed File Transfer: Attaining Automation, Security, Control & Compliance, it’s no longer enough for organizations to transfers files via email attachments, zip drives or even standard FTP. These methods are clearly not secure enough – and even if they were – they would leave enormous holes in terms of efficiency and visibility.

This is a realization that many organizations have arrived at in recent years, but it’s one that first requires them to ask some critical questions about the state of file transfers. Here are a few, extracted from the aforementioned eGuide:

What’s actually in these files?

Without asking this question, there’s a pretty good chance you’ll put your organization at risk. For instance, just imagine if these files ended up in the wrong hands:

  • Personally Identifiable Information (PII): Name, physical and email addresses, phone number, date of birth, Social Security/national identification number, vehicle registration information, driver’s license number, digital credentials, biometrics
  • Financial Customer Data: Credit card numbers, financial statements, credit applications, claims
  • Business Customer Data: Letters of agreement, statements of work, purchase orders, invoices, corporate financial information, intellectual property, business plans
  • Legal Information: Contracts, discovery, privileged communications
  • Medical: Patient-provider communications, patient records, test results, X-rays, CT Scans, PT Scans, MRIs, prescriptions, insurance claims
  • Government and Regulatory Data: Compliance information/audits, tax filings
  • Personnel Information: Payroll data, workmen’s compensation, unemployment tax filings, HR records, 401K data, benefits information, employee applications, offers, agreementsHow do files travel today?

As complex as it might seem, all file transfers can be classified into 1 of 4 categories

  1. Process-to-process: Many files are automatically transferred between systems. This is especially true when it comes to an organization’s external partners – clients, vendors, service providers, government organizations.
  2. Process-to-person: These transfers occur when an automated process creates a file or report and transfers it automatically to a person, based either on a schedule or an event.
  3. Person-to-person: Ad hoc or impromptu file transfers from one person to one or more other parties.
  4. Person-to-process: In this scenario, an employee, customer or partner transfers a file that is automatically uploaded into storage or a business system.Why is this important? Simple. If you’re going to simplify your file transfer processes, then you need a solution that can address all of these scenarios, not just one or two.

What’s wrong with the status quo?

At this point, it’s common to wonder—if all your files are reaching their destination—why there’s a need to revamp or think your approach. Several reasons:

  • Manual complexity: When organizations use multiple systems and custom scripts to manage file transfer, they needlessly increase complexity for employees, customers and partners.
  • Control (or lack thereof): For security and compliance reasons, companies now need a greater level of visibility and control over file transfer activity.
  • Shadow IT: Without an enterprise-grade solution, employees will use whatever means necessary to move files. Most of these methods are intended for personal use, not for sensitive data, putting your organization at risk of a data breach or compliance violation.So can the status quo get the job done? Yes. Does it put your organization at risk, and create needless complexity and additional work? Absolutely.

Next Steps

If you’re currently asking these questions, you’re on the path to adopting a more comprehensive, powerful method of transferring files—but why stop here? Be sure to read our eGuide in its entirety: The Definitive Guide to Managed File Transfer: Attaining Automation, Security, Control & Compliance>>>

It seems that almost every organization – from SMBs to large enterprises – is struggling with secure file transfer. Large companies like Sony Pictures are not immune. They are dealing with the outfall of a successful attack on their secure files. Despite their IT security efforts, hackers have stolen and are leaking terabytes of data from the media company. These security breaches don’t come from a lack of effort or awareness. Rather, it is the result of file transfer practices that have not evolved to meet today’s complex requirements.

The main culprit: standard FTP solutions

Evolving from FTP to Secure File Transfer
Pictured: FTP (left) and Secure File Transfer (right).

File Transfer Protocol (FTP) is widely considered the easiest way to transfer business data, and the numbers back it up; FTP is used by a staggering 83% of businesses. Of this group, however, we find that very few are comfortable with its security, as the majority of respondents express fear about sensitive data being compromised.

File transfer solutions have often been relegated to the darkest corner of the lowest wattage server room, and it’s very common to find long-ago deployed home grown FTP solutions that are not well understood, documented or easily maintained by today’s IT staff being used to manage company data.

As a result of this misunderstanding, FTP is now being used to send highly sensitive data that is subject to HIPAA, PCI, SOX and other industry regulations – putting an organization at risk. for data breaches, compliance violations, financial burdens, and in some cases, a “company death sentence.” Harsh, but true. Of course, this was never FTP’s intended purpose, and now, companies are scrambling to find an alternative.

Acronyms that start with “S”

Luckily, many are finding a viable alternative to FTP in the form of two common security protocols that help to secure and increase the reliability of data transfer: Secure Sockets Layer (SSL) and Secure Shell (SSH). Specifically designed to encrypt file transfers and associated administration network traffic, both SSL and SSH enhance the security and reliability of file transfer by using encryption to protect against unauthorized viewing and modification of high-risk data during transmission across open networks.

Don’t just take our word for it, our customer Enterasys went through their own evolution from FTP to secure file transfer.

SSH is particularly popular in IT environments because most operating systems (including UNIX/Linux) support SSH, therefore using SSH for file transfer (SFTP) allows for cross-platform IT standardization. Standardization using SFTP ensures consistent, strong security policy enforcement and simpler administration.

Are you ready to learn how SSL and SSH security policies can help your organization? Are you ready to toss aside your basic FTP and evolve with the times? Download the free Ipswitch File Transfer Whitepaper: Evolution from FTP to Secure File Transfer.

In just a few days we’ll be listening to “Auld Lang Syne” and watching the ball drop in Times Square. As we plan deeper into 2015 I found myself reading Gartner’s Top 10 Strategic Technology Trends for 2015 and want to share a few thoughts based on two of them:

  • Cloud/Client Computing: For businesses, Cloud/Client Computing has an additional component beyond Gartner’s omni-portable linkage between the cloud’s compute/data/management and client devices. Apps for the business cannot be viewed in isolation. Beyond data synchronization, IT will also have to address the integration layer between public cloud and private cloud, and between cloud and on premise applications, for rich sharing and use of data within business workflows.
  • Risk-Based Security and Self-Protection: We seem to have reached a tipping point that Gartner alludes to: security can no longer be fully managed by IT. There are just too many threats, and the paradigm shift of applications themselves pre-empting some of these threats will be welcome. Gartner correctly views this as part of a multifaceted approach. We believe that monitoring of how threats spread will lead to new dynamic response methodologies, perhaps bot-implemented, going well beyond today’s analysis of threat signatures. Stopping threats rather than dealing with their consequences is something for IT to look forward to.

Speaking of stopping threats, are you constantly on edge about the safety of your stored and transferred files? Using the right file transfer system is paramount in securing files and sensitive data. The MOVEit Managed File Transfer System is designed specifically to give control over sensitive data to the IT department, to ensure better security throughout the entire file transfer life cycle. Download our white paper entitled Security Throughout The File Transfer Life-Cycle to learn more.

As we head into 2015, what will the New Year have in store for IT? Only time will tell!

Lost or stolen data is a nightmare in and of itself, but what can really make an IT team go prematurely gray is the audit that will inevitably follow. Given that today is Halloween, here are two things that can scare any IT professional, regardless of the time of year. Capture

1. The audit that follows a data breach

High-profile data breaches may have less shock value simply because they happen more frequently. But that doesn’t mean that each incident isn’t a major shock to the IT team that has to manage through it. As the biggest consumer breach of 2014, what happened at JP Morgan Chase left 83 million households exposed. The hackers also targeted intellectual property. Compliance and security standards exist to protect sensitive forms of data. If any combination of people, process and technology break down, the entire organization is at risk. This shouldn’t be a shock to anyone.

2. Important files go missing

According to a 2014 survey conducted by Ipswitch, nearly half (42 percent) of IT professionals reported their organization does not mandate secure methods for transferring corporate information. Additionally, 18 percent of IT professionals admit they have lost a critical file and 11 percent have spent more than an hour trying to retrieve that file. As the volume and size of digital files continues to increase, so can the costs associated with file transfer. Organizations must plug the holes in their systems in order to meet their legal mandates. Failure to do so will become a costly proposition for all involved, especially as compliance and security demands grow across healthcare, finance and retail industries.

Don’t let your files hide in the shadows

When moving confidential or sensitive files from one place to another, companies need to make sure their IT teams have visibility and control over files in transit at all times. A managed file transfer solution (MFT) is one method to ensure data is completely secure and that critical files are never left in the dark. MFT systems support efficient file transfer as part of a business process – and therefore allow IT to better track and manage the data. With the right MFT solution, organizations can reduce security risk incidents while increasing efficiency and productivity.

Google announced in a blog post on Tuesday a vulnerability in the design of SSL version 3.0 (CVE-2014-3566), nicknamed POODLE.  The SSLv3 protocol is used in OpenSSL and other commercial products.  This vulnerability allows the plaintext of secure connections to be calculated by a network attacker and has an overall CVSS severity rating of MEDIUM.  security POODLE

Ipswitch immediately assessed all of its products as soon as we became aware of the vulnerability.  We’ve identified specific recommendations for MOVEit Managed File Transfer, WS_FTP Server and MessageWay and continue to evaluate remaining Ipswitch products, including WhatsUp Gold and IMail Server.  While POODLE is not considered high risk to our customers we will provide additional guidance for those products as soon as it’s available.

To protect against this attack, it is recommended that all customers disable SSLv3 for all services and clients.  Please find specific instructions for the following products in this Ipswitch Knowledgebase article:

  • MOVEit File Transfer (DMZ) Server and API Module
  • MOVEit Central
  • MOVEit Ad Hoc
  • MOVEit Mobile
  • MOVEit Xfer
  • MOVEit Freely
  • WS_FTP Server
  • WS_FTP Web Transfer Module
  • WS_FTP Professional

Following the instructions above may present compatibility problems for users on old platforms and browsers, where there is no support for TLS 1.0 or higher. While both Google and Mozilla have announced plans to remove support for SSLv3 from their browsers soon, it’s still recommended that you test these configuration changes and carefully monitor the production system after making any changes, so that you are prepared to handle any negative impact.

 

Dropbox IpswitchYesterday Dropbox posted an update at the end of their 10/13 blog that noted their servers were not hacked. Apparently the compromised credentials in question were stolen from a different source. At the end of the day, Dropbox isn’t to blame. The stolen credentials were used to access multiple services, including theirs.

So let’s leave the folks at Dropbox alone. Every organization that holds personally identifiable information (PII) is a target. And I agree with Dropbox’s advice to their users should use unique passwords across different sites, and when possible, add a layer of security to make things a lot safer.

Like everyone else, I just want to keep all my work and personal stuff online safe. So the Dropbox brouhaha got me thinking about how hard it is to remember and manage all my user account names and passwords. I’m a Mac guy and have found Apple iCloud Keychain to be helpful for managing my personal login credentials, but it has limitations.

Identity management in the enterprise world

IT pros who are responsible for security and compliance around managed file transfer and/or file sharing security should work with an identity management provider to evaluate solutions integrated with SAML 2.0. These vendors’ products can provide single sign-on (SSO), data loss prevention and two-factor authentication – any and all of which will add layers of security to protect personal and business information.

At the end of the day, security should be accessible to everyone in the borderless enterprise composed of employees, customers and partners.

 

'You are Fired!'The popularity of consumer file-sync-and-share solutions such as Dropbox continues to grow, as consumers appreciate the ease with which they’re able to transfer large files, such as photos and videos, to family and friends. While beneficial to consumers, these applications are problematic for IT departments. More and more employees use Dropbox to share corporate files, and don’t fully understand the risk. Organizations must do a better job of warning employees that using online file sharing tools to share sensitive files at work can result in serious penalties, and even termination. Let’s take a look at why:

1. Operating in the shadows.

Companies’ IT departments aren’t able to track when an employee accesses Dropbox to share files and are unable to control which employee devices are able to sync with a corporate computer. This practice, often called “shadow IT,” effectively locks the IT department out of the file-sharing activities of employees. As a result, IT departments are unable to track how files have been modified, determine who has viewed files if sensitive information is leaked, or remotely wipe Dropbox if an employee’s device is stolen.

2. Potential for data theft.

Dropbox has limited security features, and because companies aren’t able to monitor what files are synced to what device, it’s impossible to know whether data has been shared with or accessed by the wrong party, which increases risk of insider threats and data theft.

3. Data loss.

Dropbox has been known to lose customer files (source this) – or fail to back them up at all – meaning that employees run the risk of permanently losing company files, with no way for the IT department to recover them.

4. Adherence to compliance regulations.

Many industries have compliance regulations which dictate that certain files have limited access or remain encrypted during transfer. Because Dropbox is not equipped with secure file regulation capabilities, there is an increased risk that employees are unknowingly violating their company’s compliance requirements.

5. Limited data security.

All employees know that it’s important to protect sensitive files such as financial data or intellectual property documents. Yet Dropbox has limited encryption and security features, which leaves data exposed and at risk of being corrupted or landing in the wrong hands.

While Dropbox and other online file sharing tools are sufficient for sending personal files, these systems simply aren’t capable of securely managing corporate file transfers. There’s certainly a demand among employees for reliable, user-friendly file transfer options, and IT departments should look to meet this need by providing employees with a highly secure alternative, such as Managed File Transfer (MFT) solutions.