You’re going to be hearing more and more about “VISIBILITY” from Ipswitch, so I’d like to quickly start this blog post with our definition of visibility in the context of files and data flowing into, within and out of your company:

Visibility:  “Unobstructed vision into all data interactions, including files, events, people, policies and processes”

Fast, easy access to critical file and data transfer information is a must-have – it’s critical to the success of your business.  Whether it’s tracking and reporting on SLAs, analyzing file transfer metrics to identify bottlenecks and improve efficiency, or providing customers and partners with easy self-service access to the file transfer information they require – as well as countless other business objectives – unobstructed visibility is imperative.

Having one consolidated view into all of the systems and processes involved in your organizations file and data transfers will deliver tremendous business value and a competitive edge.  Please do take a couple of minutes to watch Ipswitch’s Frank Kenney share his perspective on why visibility is important.

[youtube]http://www.youtube.com/watch?v=qsxzweLBRGA&feature=channel_video_title[/youtube]

This morning I was asked if I recommended using transport encryption or file encryption to protect company files and data.

My answer:  “Use both of them, together!”

For starters, here’s a real quick summary of both encryption types:

  • Transport encryption (“data-in-transit”) protects the file as it travels over protocols such as FTPS (SSL), SFTP (SSH) and HTTPS.  Leading solutions use encryption strengths up to 256-bit.
  • File encryption (“data-at-rest”) encrypts an individual file so that if it ever ended up in someone else’s possession, they couldn’t open it or see the contents.  PGP is commonly used to encrypt files.

I believe that using both together provides a double-layer of protection.  The transport protects the files as they are moving…. And the PGP protects the file itself, especially important after it’s been moved and is sitting on a server, laptop, USB drive, smartphone or anywhere else.

Here’s an analogy:  Think of transport encryption as an armored truck that’s transporting money from say a retail store to a bank.  99.999% of the time that armored Brinks truck will securely transport your delivery without any incident.  But adding a second layer of protection – say you put the money in a safe before putting it in the truck – reduces the chance of compromise exponentially, both during and after transport.

One last piece of advice:  Ensure that your organization has stopped using the FTP protocol for transferring any type of confidential, private or sensitive information.  Although it’s an amazing accomplishment that FTP is still functional after 40 years, please please please realize that FTP is does not provide any encryption or guaranteed delivery – not to mention that tactically deployed FTP servers scattered throughout your organization lack the visibility, management and enforcement capabilities that modern Managed File Transfer solutions deploy.

Possibly not. The Internet’s venerable File Transfer Protocol (FTP) is usually supported by Managed File Transfer (MFT) systems, which can typically use FTP as one of the ways in which data is physically moved from place to place. However, MFT essentially wraps a significant management and automation layer around FTP. Consider some of the things an MFT solution might provide above and beyond FTP itself—even if FTP was, in fact, being used for the actual transfer of data:

  • Most MFT solutions will offer a secure, encrypted variant of FTP as well as numerous other more‐secure file transfer options. Remember that FTP by itself doesn’t offer any form of transport level encryption (although you could obviously encrypt the file data itself before sending, and decrypt it upon receipt; doing so involves logistical complications like sharing passwords or certificates).
  • MFT solutions often provide guaranteed delivery, meaning they use file transfer protocols that give the sender a confirmation that the file was, in fact, correctly received by the recipient. This can be important in a number of business situations.
  • MFT solutions can provide automation for transfers, automatically transferring files that are placed into a given folder, transferring files at a certain time of day, and so forth.
  • MFT servers can also provide set‐up and clean‐up automation. For example, successfully‐transferred files might be securely wiped from the MFT server’s storage to help prevent unauthorized disclosure or additional transfers.
  • MFT servers may provide application programming interfaces (APIs) that make file transfer easier to integrate into your internal line‐of‐business applications.
  • MFT solutions commonly provide detailed audit logs of transfer activity, which can be useful for troubleshooting, security, compliance, and many other business purposes.
  • Enterprise‐class MFT solutions may provide options for automated failover and high availability, helping to ensure that your critical file transfers take place even in the event of certain kinds of software or hardware failures.

In short, FTP isn’t a bad file transfer protocol—although it doesn’t offer encryption. MFT isn’t a file transfer protocol at all; it’s a set of management services that wrap around file transfer protocols—like FTP, although that’s not the only choice—to provide better security, manageability, accountability, and automation.

In today’s business, FTP is rarely “enough.” Aside from its general lack of security—which can be partially addressed by using protocols such as SFTP or FTPS instead—FTP simply lacks manageability, integration, and accountability. Many businesses feel that they simply need to “get a file from one place to another,” but in reality they also need to:

  • Make sure the file isn’t disclosed to anyone else
  • Ensure, in a provable way, that the file got to its destination
  • Get the file from, or deliver a file to, other business systems (integration)

In some cases, the business might even need to translate or transform a file before sending it or after receiving it. For example, a file received in XML format may need to be translated to several CSV files before being fed to other business systems or databases—and an MFT solution can provide the functionality needed to make that happen.

Many organizations tend to look at MFT first for its security capabilities, which often revolve around a few basic themes:

  • Protecting data in‐transit (encryption)
  • Ensuring that only authorized individuals can access the MFT system (authorization and authentication)
  • Tracking transfer activity (auditing)
  • Reducing the spread of data (securely wiping temporary files after transfers are complete, and controlling the number of times a file can be transferred)

These are all things that a simple FTP server can’t provide. Having satisfied their security requirements, organizations then begin to take advantage of the manageability capabilities of MFT systems, including centralized control, tracking, automation, and so forth—again, features that an FTP server alone simply can’t give you.

– From The Tips and Tricks Guide to Managed File Transfer by Don Jones

To read more, check out the full eBook or stay tuned for more file transfer tips and tricks!

SC Magazine just published a short article titled “FTP described as unsecure and generally unmonitored”.

In the article, fellow Managed File Transfer (MFT) vendor Axway correctly points out that “usernames, passwords, commands and data can be easily intercepted and read while files transferred via FTP are uploaded or downloaded without any encryption.”

Not to overstate the obvious, but I wholeheartedly agree (and this should come as no surprise to our avid blog readers).  The FTP protocol turned 40 years old in 2011 and although still functional, it was not designed to provide any encryption or guaranteed delivery.  Unfortunately, many organizations are still relying on outmoded homegrown FTP scripts or have deployed basic FTP servers scattered throughout their organization – all lacking basic security measures, not to mention important visibility, management and enforcement capabilities.

Today, the 40-year old FTP protocol proudly serves as the foundation for the majority of data transfer and application integration technologies that organizations rely on so heavily.    But luckily for us all, modern file transfer solutions deliver much more than basic FTP:

  • VISIBILITY capabilities such as logging; reporting; alerts; notifications; chain-of-custody and file life cycle tracking
  • MANAGEMENT capabilities such as workflows and scheduling of file related processes; person-to-person file transfer;  integration with systems/applications; data transformation; high availability;  virtualized platform support
  • ENFORCEMENT capabilities such as user provisioning;  password policies;  encryption requirements (for example, requiring 256-bit AES encryption over FTPS or SFTP protocols);  file integrity checking;  non repudiation

Now is the time to replace old and often insecure point FTP solutions and hard-to-maintain scripts with technology that includes the benefits of a modern MFT solution.

Ziff Davis recently published a study on Managed File Transfer that heralds MFT solutions as “the unsung security and compliance solution”.  Eric Lundquist sets the stage nicely:

“Everyone is talking about the need to collaborate more effectively and put employees closer to customers in a real time business environment.

But until you can assure the security, privacy, and compliance requirements of data transfer, the collaborative enterprise is just a good idea.  MFT is one of those enabling technologies designed to make it a reality.”

The study found that security concerns about current file transfer methods include the usual suspects, such as:  encryption; viruses, user authentication, backup, hacking, enforcing security policies, managing external users, auditing, reporting and defining security policies.

Not surprisingly, data from the study shows that many of those very security concerns that people had with their organizations current file transfer methods are actually strengths of today’s MFT solutions.

Keep in mind that many organizations still rely on homegrown scripts and point-to-point solutions, oftentimes using unencrypted FTP protocol for transport… And with very little visibility, management or policy enforcement.  In addition to being time consuming and expensive to manage and maintain (and commonly built by developers that left the company years ago), many existing file transfer methods are insecure and introduce risk and inefficiency into an organization.

Plus, many companies haven’t even begun to crack the person-to-person nut of file transfer beyond relying on corporate email, unsanctioned personal email or file sharing websites, and even sneakernet!

In my next post, we’ll take a closer look at some of the areas where the study identified MFT solutions as being superior to many commonly used methods for file transfer.

Over the last few weeks we’ve shown you the new APC UPS, FTP, and Printer monitors and the new Critical Active Monitors feature. This week we’ll show you two new monitors: the Folder monitor and the File Properties monitor.

Folder Monitor

The Folder Monitor keeps an eye on a Universal Naming Convention (UNC) path on your network and alerts you if the folder’s properties vary outside of the conditions you configure in the monitor.

folderpropThe Folder Monitor tracks if the folder exists, the size of the folder (both actual size and size on disk, which is affected by the drive’s block size) and the number of files in the folder.

File Properties Monitor

The File Properties Monitor lets you track and alert on the properties of a specific file.

filepropThe File Properties monitor can check the existence of the file, the file’s size, the date of the file’s last modification and the file’s checksum (using SHA1, SHA256, SHA384, or SHA512).

Sign up for the WhatsUp Gold v14 Technical Preview Program

Curious to learn more about the new features in WhatsUp Gold v14? You can learn more about the innovations in the new version on the Ipswitch Technical Preview site. Sign up for the technical preview program now and you’ll find out as soon as a technical preview release is available.

Questions? Ask them in the comments!

Enhanced by Zemanta

Here in our research and development office in Atlanta, we’re hard at work putting the finishing touches on WhatsUp Gold v14 network monitoring software. The excitement here is palpable–we’re delivering some huge enhancements, and we can’t wait to get them into the hands of our customers.

Last week, I gave you a preview of the new Critical Active Monitors feature, which solves a longstanding headache of receiving too many alerts when a device goes completely offline. Today, let’s look at the solution to another pain point that we hear about often.

We’re fond of saying that there’s not much you can’t manage with WhatsUp Gold. Between the SNMP monitor, the WMI monitor, and the Active Script features (that let you write custom VBscript and Jscript code to monitor just about anything), you can keep tabs on just about anything if you know where to look for the data. But knowing where to look is sometimes difficult, requiring you to do a lot of research. What MIB should you be using? What counter, what OID, should you be polling?

Let’s be honest: who wants to do that sort of research to keep tabs on something simple, like the amount of toner left in a laser printer?

Now, in WhatsUp Gold v14, we’ve done the research for you for a lot of commonly monitored devices, and we’ve packaged them into simple, easy-to-use monitors. Here’s a preview of just three of them.

Printer Monitor

The Printer Monitor lets you easily track the health of your printers, helping you correct error conditions like paper jams and predict maintenance issues like needing a new toner cartridge.

printermon

APC UPS Monitor

The APC UPS Monitor watches your APC UPS device and alerts you when selected thresholds are met or exceeded, output states are reached, and/or abnormal conditions are met. For example, an alert can be sent when the UPS battery capacity is below 20% or when the battery temperature is high.

upsmon

FTP Monitor

The new FTP Monitor does a lot more than check for a connection on standard file transfer ports. It logs into an FTP server and verifies that you can upload, download, and delete files–all without disturbing the contents of your FTP server.

ftpmon

WhatsUp Gold v14 includes several other new monitors, which I’ll showcase in future posts. In the meantime, if you want to be among the first to see the latest and greatest, sign up for the WhatsUp Gold v14 Technical Preview Program!

Enhanced by Zemanta