FileTalkIf your files could talk, I guarantee that they would have a lot to say. With larger quantities of data being shared across more devices than ever before, we often mismanage our files and lose critical information.

Nearly half (42 percent) of IT professionals report their organization does not mandate secure methods for transferring corporate information according to a recent Ipswitch survey. In addition, 18 percent of IT professionals admit they have lost a critical file and 11 percent have spent more than an hour trying to retrieve that file.

Organizations need to reevaluate their file transfer strategy because let’s face it – our files are not happy with the way they are handled. Here are five things they would tell us if they could:

  1. I don’t feel safe. I need more protection: Cyber incidents occur at an alarming rate and cost the economy billions of dollars each year. It’s important for IT professionals to protect the file transfer server by running frequent penetration tests, vulnerability scans, static code analysis and storing files encrypted so they cannot be easily executed in the servers host OS. Additionally, file transfer solutions must incorporate rigorous control and security measures to meet Service-Level Agreement (SLAs) and compliance requirements. In the healthcare industry, for example, compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA) has fueled businesses to find ways to securely transmit protected health information (PHI) and meet the law’s requirements. Managed File Transfer (MFT) systems are a key component to enable secure file transfer and auditing to support compliance.
  2. If I were to go missing, would anyone care?: Not only are lost files a huge headache for IT, they are also a huge risk for an organization. Losing sensitive information, whether it is patient or financial data, can result in costly damages and cause an organization to fail an audit for non-compliance. MFT systems guarantee delivery of data and track files so IT professionals are aware of their locations and who accessed them at all times.
  3. I want to make my mark in the world: Files want to be seen and leave their imprint in the system. When employees use unauthorized applications, such as Dropbox, to share or download files for personal use, there is a true lack of visibility or audit trails. It’s important that businesses maintain control of company data and keep the flow of data transparent. It’s not just the employee that gets into trouble for sending a file in an unsecure manner; it’s the entire company that suffers, particularly if there is a breach as a result.
  4. I have places to be and little time to spare: In another survey conducted by Ipswitch this year, more than 100 IT professionals highlighted just how stressful a manual approach to file transfer can be: 61 percent equated manual file transfer processes to sitting in traffic. Manually transferring files can slow the transfer process and cause more interruptions for IT. Automated MFT solutions allow for efficient transfers and give back time to the IT department and make them look like heroes when they can quickly automate repetitive transfer-related tasks for business users. MFT allows files to get where they need to be much more quickly and securely.
  5. I want to feel cared for: If your car breaks down, you have AAA come repair your car onsite or take your car to a service station. Files want that same assurance with high availability and disaster recovery features. In addition to the soft costs, such as time and reputation, there are also hard costs that come with being unable to reliably transfer files between employees, partners and customers, including missed SLA penalties, lost business opportunities and impact on supply chain. By leveraging high availability, horizontal scaling, and disaster recovery as part of file transfer processes, organizations can ensure that critical files are delivered consistently and reliably.

I think it’s time IT professionals start listening to their files to understand the existing problems with their file transfer processes. MFT gives files what they want – security, reliability and visibility.

deliveryserviceDelivery services have come a long way over the past decade. Expecting a package? Check the status with the tracking number. Sending a surprise to someone in another state? Just log in to see when you will be getting an excited call. Or, find out before you even send the package when it will get there, and where it will travel on its way.

With so much critical and sensitive data passing through your organization each day, doesn’t it make sense to have a file transfer process that does the same as your top-choice delivery service?

Unfortunately, this is rarely the case. We recently conducted a survey of more than 100 IT professionals and found some sobering statistics:

  • 16 percent of respondents liken their file transfer process to an outdated post office: Files are tracked inconsistently.
  • 33 percent liken theirs to a library: Files are kept in one place for people to find them.

A superior file transfer process is not just a “nice to have” for your organization; it is actually critical to your business. The survey revealed 18 percent of respondents have lost files containing sensitive information, while 11 percent have spent more than an hour trying to retrieve missing files, and 10 percent have lost files all together.

What these organizations don’t know is that Managed File Transfer (MFT) solutions empower IT professionals to automate transfer activities while supporting all the standard, established protocols. MFT functions more like a highly successful delivery service than a disorderly mailroom.

It’s important for every business to consider the benefits of a delivery service-like MFT solution:

  • You know the origin of EVERY file
  • Every file has a beginning and an end – files do not go “rogue”
  • Employees use pre-approved and secure methods for transferring information
  • Reduces risk of security breaches from internal and external sources
  • You have insight and control over all files; where they start, where they travel, where they end up – and how to find them (and revert to earlier versions) if needed
  • Automated processes reduce the need for IT hands-on involvement
  • Automate end-user file manipulation and transfer tasks for further resource savings
  • Order, predictability and security to file movement is assured
  • Improve management of business performance
  • SLAs and compliance requirements can be met – with confidence

For more information about the benefits of managed file transfer, check out this infographic.

HealthIT According to a recent Ponemon Institute report, seventy-two percent of the 600 IT professionals surveyed believed their cloud service providers would fail to inform them of a data breach that involved the theft of confidential business data, and 71 percent believed the same for customer data.

Healthcare organizations have been hesitant to relinquish any perceived control over their information, and yet the investments and resources required to securely store and manage files “on-premise” has become a burden most facilities can no longer shoulder. IT teams lack the bandwidth and expertise to manage the growing volume and traffic of Protected Health Information (PHI). The move to the cloud has become inevitable because of the increasing complexity and burden of managing compliance processes.

Moreover, given the recent Omnibus ruling from September 2013, compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has never been more pervasive. With security breaches occurring at an alarming rate combined with the expansion of federal regulations, the push towards compliance has fueled businesses large and small to explore the necessary requirements – and options available – when it comes to achieving and maintaining HIPAA compliance.

Cloud-based solutions provide significant value for the healthcare industry, providing organizations with superior security and control when managing sensitive health data, especially PHI. In speaking with our customers in organizations required to adhere to HIPAA regulations, a cloud-based managed file transfer (MFT) solution offers numerous advantages: industrial-grade security, lower risk, reduced time and resources needed to achieve and maintain HIPAA compliance, higher reliability and availability backed up by service level agreements, and cost savings as IT staff is freed up to focus on other operational tasks.

The benefits of cloud provide a compelling reason for organizations to move to a managed cloud environment; here are a few best practices to keep in mind:

  • Invest in partners that are well-equipped to manage the breadth of HIPAA standards, and who are able to provide the tools needed to demonstrate compliance to your auditors;
  • Make sure to look for partners that provide a packaged HIPAA compliant environment that satisfies electronic protected health information (ePHI)-related legal obligations in HIPAA/HITECH legislation; and
  • Recognize from the start that your HIPAA compliance will usually involve a hybrid solution that combines both cloud and on-premise elements. A combination can provide the enabling “fabric” that will make it possible to do business moving forward.

To read more on this topic, check out my full article in HITECH Answers.

boxing glovesPart 2: The convergence of Managed File Transfer-as-a-Service and SOA for multi-enterprise integrations

In Part 1 of this post I discussed why managed file transfer thrives as an integration pattern in today’s highly regulated, multi-enterprise world, despite the growing use of transactional integration technologies like Software-as-a-Service (SaaS)/Platform-as-a-Service (PaaS), service-oriented architecture (SOA) and enterprise service bus (ESB). Now I want to explore how companies are leveraging Managed File Transfer-as-a-Service as middleware in a range of emerging multi-enterprise use cases.

Recall from my Part 1 post that 60% of transactional data continues to be transferred in batch files, for reasons of cost and reliability—only 40% are individual transactions. This is the primary driver behind the trend towards integrating MFTaaS with transactional (low-latency) integration hubs and SaaS/PaaS applications, especially in scenarios where both systems and people are involved.

The following requirements characterize many of these converged/hybrid use cases:

  • The need to simplify and accelerate development, deployment and maintenance
  • The need to support large, batch and/or unstructured data types
  • The need to work across data formats and network protocols
  • The need for secure, guaranteed delivery of data on a scheduled, on-demand and/or event-driven basis

Partner/community integration with MFTaaS

MFTaaS integration is particularly advantageous where data is exchanged between a network or community of recipients outside the company. Existing infrastructure and protocols can be leveraged with no development required.

For example, a large healthcare information exchange (HIE) service provider uses MOVEit to enable its clients to securely transfer files within its healthcare PaaS solution. Another MOVEit customer is a large insurance company that exchanges data with its partners using secure, standards-based SFTP/HTTPs instead of web services.

Enterprise-wide management and control

The common denominator in all these cases is reduced complexity—and thus reduced cost—plus greater reliability of key processes. Leveraging MFTaaS where service-based solutions are in place can provide significant benefits at low cost, with rapid time-to-value.

mft 200mIpswitch recently conducted a survey of more than100 IT professionals unveiling that employees feel an overwhelming sense of personal responsibility to protect corporate information or data. While accountability was high (84 percent) from an individual standpoint, 42 percent of respondents indicated that their organization does not mandate methods for securely transferring corporate files or have an automated system in place to mitigate the risk of human error.

The numbers would indicate that a lack of corporate oversight has had a critical impact on business operations for many companies; 18 percent of respondents report they have lost files containing sensitive information, 11 percent have spent more than an hour trying to retrieve missing files, and 10 percent have lost files completely after spending significant time looking for them. Lost or misdirected data has the potential to cost organizations both from a monetary and compliance standpoint.

A few additional findings:

  • 15 percent cite that while their organizations do have a process/method in place for transferring information, employees “go rogue” and regularly work around them,
  • 10 percent report that file transfer methods have caused their organization to be out of compliance with a regulation or corporate policy,
  • 33 percent liken their file transfer process to a library: Files are kept in one place for people to find them,
  • And for 16 percent of respondents, it is like a mediocre delivery service: Files are tracked inconsistently.

So, where does your organization fall within the data protection divide? If there is a lack of corporate oversight of file transfer processes, it might be time to consider a managed file transfer solution. You can find out more about the results in the infographic below. I look forward to your questions and comments!


antivirusThere’s never a shortage of bold predictions in the world of tech. Sometimes, these predictions come true. Most of the time however, they never materialize. And then of course, there are thousands of predictions that fall somewhere in between – predictions that seem like they could come true, but upon closer inspection, ultimately fail to pass the sniff test. Case in point: The supposed death of anti-virus software.

Over the last couple of months, we’ve seen this prediction (or proclamation, in some instances) come from several of the most well-known and well-respected figures in the world of software security. So, should you blindly take them at their word and abandon anti-virus altogether? Not so fast!

In this post, we wanted to briefly explain why this prediction is being made – why we disagree – and how MFT plays a part in our reasoning. Let’s get started…

This claim is being made for various reasons. The most altruistic of which is the truth that AV alone is no longer sufficient protection against malware and other attacks. Brian Krebs describes that perspective in his article, Antivirus is Dead: Long Live Antivirus!, discussing the evolving nature of malware and the tactics employed by cybercriminals to always stay a step ahead of the AV industry in the digital arms race. Each time “the good guys” develop smarter AV detection, “the bad guys” simply respond by using a “crypting” service that alternates scanning their malware with all of the available AV tools on the market and running custom encryption iterations until their malware is no longer detectable by any available AV protection.

In Symantec’s ‘Death of Antivirus’ Is a Dangerous Marketing Ploy, Paul Wagenseil alleged a more cynical motive behind this proclamation, ruling that Symantec’s comments were an attempt to rebrand their image in the eyes of corporate IT departments to be seen more as a rapid-reaction team that is keeping up with the evolving malware threats facing large American companies. These views, according to Wagenseil, potentially put both consumers and business professionals at risk. Consumers should not be accepting of the notion that AV’s time has passed, that it has somehow become an obsolete element of protection against harmful malware.

If AV could talk, and if it was starring in a Monty Python movie, it’d likely say, “I’m not dead… I feel fine…” as it was brought out to the Dead Collector’s cart. The fact of the matter is that AV is an indispensable layer of protection in your complete security solution. It may just be one layer in a growing number of essential security layers, but any security expert will tell you that multiple layers of security represent the new reality we must adhere to when protecting confidential, proprietary, sensitive, or personal information. Though it still embodies an important layer of protection, the indisputable truth still stands that AV alone doesn’t represent the same level of protection that it did ten or fifteen years ago.

AV scanning is one layer of protection available with your MFT solution. Use it. AV remains an important component of your protection against malware. The product, and the concept, is far from a dead technology. There are many other layers working in concert, including FIPS-validated crypto, access control, integrity checking, transport encryption, and application-specific penetration testing and code-scanning, to name a few. Removing any one of these layers means you’re relying on the remaining layers to compensate, and for every malware file or “signature” that your AV scanner misses, there are many more that it will still catch. It’s certainly worth noting that AV won’t catch everything, but that’s a far cry from declaring it dead and taking a “do I feel lucky?” approach to security. By layering AV with MFT, you’ve created a much more formidable defense against malware.

Data protection is still high on the agenda for business and continues to remain a hotly debated topic in the press. We recently carried out a survey of EU businesses professionals about attitudes, practices and technologies relating to data security and protection.

One of the most surprising results was that the majority of those questioned (43 percent) cited fear of reputational damage as the major reason to fall in line with data laws, compared to less than a third (31 percent) saying that financial censure is the biggest impetus. I wonder if the same would be true if we asked a similar question in the US?

While the value of reputation should not be ignored, perhaps this result could also indicate that fines are perhaps not stringent enough? Currently, the UK Information Commissioner’s Office (ICO), the public body which reports to UK Parliament and is sponsored by the Ministry of Justice to oversee data protection and privacy, can impose a maximum fine of £500,000 ($800,000).

Either way, what is apparent is that businesses simply cannot afford – either in terms of cost or reputation – to deal with the potential fall-out from unsafe business practices such as unsecured file sharing and they are clearly looking to governing bodies to take the lead in implementing further, stricter regulation. The vast majority surveyed (57 percent) think the ICO needs to be more aggressive in its approach. This is despite the fact that the UK is seen as having stronger data protection laws than either France or Germany.

But not everything can be laid at the door of regulatory bodies. The survey also highlighted that organizations still need to take more responsibility for their own file transfer practices. Far too many (53 percent) still rely on unsecured procedures for transferring sensitive files to get work done and nearly a fifth (19 percent) admitted to losing critical business documents.

Clearly, businesses need to have systems in place to mitigate security breaches, and – just as importantly – rigorously ensure those systems are appropriately used.

Data protection is not an issue that is going to go away. We urge all organizations to re-evaluate their file transfer methodologies, before they end up paying the price, either in diminished brand reputation, customer losses or financial penalties.

I’ve included the key conclusions from the survey and an infographic below and would love to hear your thoughts, from either a European or US perspective.

FINAL_Data Protection - Can You Afford Not To

Key conclusions:

  • 31 percent of business professionals say that financial censure is the biggest impetus for complying with data protection or staying in line with ICO guidelines, while nearly half (43 percent) cite fear of reputational damage to their brand as the major reason to fall in line
  • The survey also reveals that over half of respondents (53 percent) admit to sending business sensitive documents over unsecured email, while nearly a fifth (19 percent) also admit to losing critical business documents
  • 64 percent of respondents consider the UK to have the tightest data protection laws, 30 percent name Germany as having the strictest laws, while six percent of respondents believe say that France has the strictest data protection
  • Almost three-quarters (71 percent) of respondents believe UK data protection laws should be stronger to protect businesses and consumers
  • Over a quarter of respondents (27 percent) have never heard of the UK Information Commissioner’s Office (ICO), the public body which reports to UK Parliament and is sponsored by the Ministry of Justice to oversee data protection and privacy

More than half (57 percent) agree that the ICO should be more aggressive in its data protection responsibilities


Of course, in order to understand the challenges (and solutions) of healthcare file transfer, there are a few essential terms that you’ll need to know. Let’s take a closer look at a few in particular:

  • HIPAA – Health Insurance Portability and Accountability Act.  This act requires the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and national identifiers for providers, health plans and employers. Specifically, this act was put in place to improve the efficiency and effectiveness of the healthcare system. In many ways, HIPAA compliance is the number one file transfer priority for those in the healthcare space.
  • BAA – Business Associate Agreement. This document is essentially a promise that the people hired to handle the sensitive healthcare information are adhering to the same confidentiality agreement that the healthcare providers observe.
  • HIE – Health Information Exchanges. This system provides the capability to mobilize information electronically, across a designated region or healthcare information system.  The HIE is designed to provide a more timely, efficient and effective patient-care system.
  • HIO – Health Information Organization. An organization that brings together health care stakeholders within a defined geographical area. This group then exchanges health information among themselves, for the purpose of improving the health and care within that region.
  • HITECH – Health Information Technology for Economic and Clinical Health. An act that promotes the adoption and meaningful use of health information technology. In other words, facilitating healthcare providers with the technology in order to use electronic health records. This would allow physicians to provide better care to their patients because the health records would be undamaged and easily accessible.
  • PHI (ePHI) – Protected Health Information (electronic). This individually identifiable information relates to past, present and future physical or mental health conditions of an individual.
  • EMR – Electronic Medical Record. This record contains both the medical and treatment history of a patient in a given facility, for one practice. This record stays within said facility and is not easily accessed by any additional doctors who may also be treating the patient.
  • EHR – Electronic Health Record. This report focuses on the total health of an individual. It recaps a patient’s history in every facility, for every practice, that the patient has used.  Think of the EHR as combining the information from every individual EMR that the patient may have, and placing it into one, central location.
  • Managed File Transfer (MFT) – While EHR is the central location for patient data to reside, MFT systems provide a complimentary central system to manage the transfer of files & data (including sensitive and confidential patient information) to/from the healthcare organization to its extended ecosystem of partners, suppliers and payers. This includes integrating with other systems and vendors with multiple configurations and access controls. MFT systems are a key cog in enabling a healthcare organization with file transfer automation and auditing to support HIPAA compliance.
  • Unstructured Data – Also known as the “patient narrative,” unstructured data is text-heavy information that may be unorganized, have irregularities or be ambiguous. This type of information would require the “human touch” to read, capture and interpret properly.  Most of the information that would be needed to make a decision about a patient can be found here.  This data is also difficult to standardized, difficult for a healthcare provider to gain access to, and difficult to share between dissimilar computer systems.
  • EDI – Electronic Data Interchange. This electronic communications system provides a means for exchanging data. This interchange facilitates the exchange of information from one computer to another with zero human intervention.
  • Omnibus Rule – A rule that was put in place to implement statutory amendments under the HITECH Act. Some of the effects that this rule had were: strengthening the privacy and security protection for individuals’ PHI, modified HIPAA Privacy Rule to strengthen the privacy protections for genetic information, and set new limits for how information is used and disclosed for marketing and fundraising purposes. Basically, the Omnibus Rule set further requirements for holding all custodians of PHI the same security and privacy rule of covered entities under HIPAA.

The list goes on. If you’re looking for a way to simplify the file transfer process within your organization, be sure to check out some of our healthcare case studies or this resource page. If there are any other terms that you would like to be explained, please be sure to leave them in the comments section below.

QuestionMarkNo matter what line of work you’re in, there’s bound to be a frustrating incident that makes you slam your fists on the desk, look to the ceiling and exclaim, “WTF?!?!” For IT pros, this often stands for “Where’s the File?”

We hear it all the time: File transfer is becoming increasingly difficult. And considering that roughly two-thirds of enterprise file transfers – for content like purchase orders, invoices, travel documents, tax information, etc. – are sent between applications and not people, it’s no wonder that tracking and locating files can be a constant burden –especially when critical business processes go down.

We’ve heard many “Where’s The File?” stories from customers, but we want to hear yours! Consider these examples:

•”My automated file movement triggers order fulfillment for my products, but if the files don’t make it from location A to B, we lose orders, we lose customers, and we lose money…”

” process large video files from around the world and need to get them turned around in a matter of hours for clients. More often than I’d like, the videos either take too long or don’t complete the transfer at all. My video content gets stale, it loses value, and my clients aren’t happy.”

Sound familiar? Have another WTF story? Let us know here:

Not only will you get it off your chest, you’ll be entered into our Xbox One contest giveaway! We’ll draw our winner on March 19th – so tell us your “WTF” story today!

HealthITYesterday, SC Magazine reported on promises by the Information Commissioner’s Office (ICO) to crack down on how NHS trusts handle patient data.  This follows plans outlined by Justice Minister Simon Hughes to grant the ICO the power to carry out “compulsory audits” on the NHS around the handling of confidential patient data.

Many of you will have read the recent headlines accusing NHS partners of data breaches.  Organisations including PA Consulting and Earthwear were heavily criticised, though both parties claim they respected both the law and people’s privacy, plus the data couldn’t be linked to any individuals. Yet this has, not surprisingly, unnerved the British public.  No-one wants to consider that their confidential and personal data is at any level of risk, not even a slight one.

The problem with news such as this is that it is can tar all parts of an organisation or its network with the same media brush.

We work closely with a number of NHS trusts and partners and have a deep understanding of the importance of security and privacy.  Specifically, we’ve worked closely with NHS Wales to address security challenges associated with the transfer of highly sensitive data. NHS Wales needed to ensure the security and control of high volumes of confidential and sensitive data whilst upholding ICO standards, internal practices and external regulations.  With MOVEit Managed File Transfer solution, NHS Wales Trust has remained fully-compliant with internal practices and industry regulations and has complete visibility of documents and data coming in and out of the business.  This allows the organisation to greatly reduce the time to securely share sensitive information, resulting in improving overall care and providing invaluable peace of mind to staff and patients alike.

While reported breaches highlight the need for businesses to sit up and pay attention to the visibility, control and sharing of confidential data, it’s also important to recognise the diligence and commitment to personal privacy and data security that many organisations already have in place.

You can read more about how we’ve helped NHS Wales to secure patient data here.  Alternatively, feel free to share your thoughts with us on Twitter.

crime scene no keyboardNews broke yesterday afternoon that a group of hackers had compromised file transfer servers at several leading organizations after obtaining credentials for thousands of FTP sites. According to the report, hackers were even able to upload several malware program files to an FTP server run by the NYT and picked up a list of unencrypted credentials from an internal computer. A big concern there – and in particular for an organization with a large email database like NYT’s – is that those files could be incorporated into malicious links that could be used in spam messages.

My initial reaction: how is FTP security still making headlines in 2014? And secondly: hacks like this are exactly why people are more carefully evaluating their use of file transfer and in some cases, moving away from FTP to other versions of file transfer that more clearly suit their needs.

FTP servers are online repositories where users can upload and download files, and they’re designed to be accessible remotely via login and password. In some FTP set-ups, files remain there unencrypted and susceptible to foul play should credentials be obtained by the bad guys, which is the case here.

Reading deeper into the story, we can glean a few things about the compromised data in the FTP servers:

1) It was unencrypted, and therefore an immediate leak would not require much additional work by hackers. Any organization transferring sensitive data should use encryption while data is in motion and at rest.

2) Once one server gets hacked, others follow  – What was hacked was most likely an application that housed the credentials insecurely or maybe a programmer who was working on that application clicked a link that scraped his machine for the passwords.  Then the hackers could access new sites using those passwords and so on, and so on.

3) It’s unclear if the data was used for destructive purposes, i.e. the spamming example I mentioned above. Because most FTP servers offer poor reporting and auditing features, it can be difficult to piece back together what the attackers did once inside the FTP.

Additionally, the FTP passwords must have been stored in clear text or encrypted with a sloppy algorithm or lazy key management. This is inexcusable in today’s digital age. These organizations could have salted and hashed its passwords, greatly improving their security.

In summary, there are a few critical steps your business can take to decrease file transfer risk:

1)      Make sure to store credential information securely and encrypted with diverse, complex, and numerous keys.

  • Only use secure protocols for transfer
  • Salt and Hash passwords, never store the actual password
  • Disable anonymous access (if allowed at all)
  • Require multi-factor authentication (with certificates, smart cards or IP address limits)

2)      Check the file’s payload.

  • Scan files for viruses and malware on upload
  • Limit the file types that can be uploaded (no .htm, .php, .vbs, .exe, etc.)

3)      Make sure to have good reporting and auditing of suspicious logins.

4)      Protect your file transfer server

  • Frequent penetration tests
  • Frequent vulnerability scans
  • Static code analysis
  • Store files encrypted so they cannot be easily executed in the servers host OS

5)      Ensure your teams, all of them, are aware about security and not to click on things from dubious sources. All it takes is one click on one bad link to create a breach.

FTP has been around for more than 40 years, and we continue to see breaches like these on a regular basis. Simply put, companies need to carefully evaluate their systems to make sure their usage of technology maps to their needs. I guess I shouldn’t be surprised that data breaches via FTP still occur today, but more organizations should understand the risks involved, and seek solutions that improve all aspects of file transfer.

Zemanta Related Posts ThumbnailIn my last post, I covered the first two steps in a proven four-step plan for ensuring a smooth implementation. Here are I cover the final two steps of this blueprint for success.

3) Release to Production – This step is usually coupled with step 2 and iterated for each process. As I said, most successful file transfer implementations will break down and group business processes and then slowly build them up into the new system. Like any product, there is a learning curve with managed file transfer and the more you use it, the easier and faster it is to bring new processes and partners on board.Some tips to ensure success:

  • Keep lines of communication open between the person implementing the solution, network administrators and partners so there is visibility into the new process.
  • Gather as much information up front as possible, like usernames, passwords and host information.
  • Always check with your network administrator to make sure the file transfer system will have access to the endpoints to avoid disruptions in processes that rely on file transfer. Though this type of issue is usually discovered in Step 2, it can crop up again since the production system is usually on a different network than the test network.

4) Debugging and Troubleshooting – Inevitably something will go wrong, whether it’s a failed connection or a file was not received. This is where it’s helpful to use a file transfer system that logs and audits everything. Being able to trace connections and see login information is incredibly useful, as it allows you to drill down into the root cause of issues. Many times, file transfer is interrupted due to a network hiccup and simply trying the transfer again will resolve the problem. Other times, a system has changed a host key and that key needs to be accepted or exchanged before the process can resume. And if you still can’t isolate the issue, it’s nice to know there is a friendly support staff ready to assist if needed. I should know – that’s where I started!

So there you have it – a blueprint for a successful implementation of a file transfer solution. What roadblocks have you run up against in your file transfer deployments? Any additional best practices to share?