WS_FTP Server can now be configured to support automatic, unattended failover, enabling your organization to easily achieve high availability for your file transfer processes. Not only will you increase system uptime, reliability, and performance, but you will now be able to provide uninterrupted access to file transfer users – all critical for helping your company deliver exceptional business performance and meet service level agreements around availability.
Take a quick minute and watch Ipswitch’s Jonathan Lampe share his thoughts on our new failover capability for WS_FTP Server:
This week’s NASDAQ data breach has raised serious questions about the security of the US stock exchange and clearinghouses – not to mention further shaken an already fragile investor confidence.
My head is spinning just contemplating the possible ramifications if this network breach had resulted in the theft of non-public inside information that could be used illegally to gain a stock trading advantage!
Ipswitch’s Frank Kenney shares some additional thoughts on this week’s NASDAQ breach, including why it’s so critical that your software/service providers be held accountable for the security and privacy of your files and data. The confidentiality of your information may very well depend on it.
There are many reasons why organizations have shifted their approach to file transfer away from being a purely tactical point-solution (which was likely driven by a new/immediate need of a single business unit) to being viewed as a strategic project that’s now considered an important part of an organization’s overall business operation.
Jonathan Lampe recently published a very insightful article on CIO titled “The Evolution of File Transfer in 2011: From Tactical to Strategic”. Jonathan makes a very insightful case that the increased focus on (and backlash from) data breaches and compliance regulations has played a big role in this evolution.
As Jonathan points out, the grace period for lapses in personal data protection is thankfully over! And Managed File Transfer technology is being leveraged more and more as a strategic tool to not only facilitate the secure transfer of files, but also in a way that allows for much needed visibility, management and enforcement of company data, both within an organization and also between external partners and customers. And all with auditing and reporting capabilities that satisfy even the strictest of governed environments not to mention person-to-person, transformation and application integration too.
Some highlights of what to expect with the MFT evolution in 2011:
“First, there will be the ongoing challenge to present interfaces and metaphors that are relevant to today’s end users – the days of an FTP client on every desktop are long ago.
Second, there will be increased pressure to more closely integrate with enterprise middleware, authentication and monitoring/control technology.
Finally, there will be the ongoing need to present and manage more information about the flows of data, all within the context of tightening regulations around data privacy”.
Take a quick read of the CIO article…. It’s well worth 5 minutes of your time.
During the past year, we shared news of our expanded partner program and new partner web portal, reinforcing our commitment to the channel.
Today, we’re very excited to share news that our suite of MOVEit solutions will now be made available for sale through North American distributor Tech Data.
“Adding MOVEit to their portfolio ensures that our partners will have a strategic offering to meet the evolving needs of their customers.” said Gary Shottes, president, Ipswitch File Transfer.
“Businesses of all sizes are looking to VARs to support their security and compliance needs, and Tech Data and Ipswitch are working together to ensure that VARs have access to the support they need to add the MOVEit solutions to their offerings.” said Stacy Nethercoat, vice president at Tech Data.
Our channel partners will continue to be a critical component of the Ipswitch File Transfer worldwide sales team, providing customers with advisory and consultative solutions. Please do visit our partner webpage to find a local Distributor or Reseller.
Does it feel like you’re hearing about a new data breach almost every day?
Well guess what — you likely are. The Identity Theft Resource Center recorded 662 data breaches on its 2010 ITRC Breach List. That averages to over a dozen reported breaches per week…. And a whopping total of over 16,000,000 reported exposed records in 2010. The fact that social security numbers and/or credit card information is included in the majority of breaches just makes things even more alarming!
Denise Richardson lays out a solid argument for mandatory data breach reporting, as well as some key takeaways from the ITRC Breach List, including:
- Malicious attacks still account for more breaches than human error, with hacking at 17% and insider theft at 15%
- 39% of listed breaches did not identify the cause — Indicating a clear lack of transparency and full reporting to the public
- 49% of breaches did not list number of potentially exposed records — A clear sign of inaccuracy and incompleteness of reporting
- 62% of breaches reported exposure of Social Security Numbers
- 26% of breaches involved credit or debit cards
As I’ve blogged about before, I firmly believe that breached individuals have the right to timely notification. Delays are unacceptable, and hiding it is unthinkable. Afflicted people deserve quick notification so they can ensure their credit report isn’t showing strange activity and that their social security number isn’t being used to open new credit cards or being used to fraudulently report wages.
Mandatory disclosure would provide the structure, discipline and enforcement required for consistent and transparent breach information. Compliance would require a very high level of visibility and control of all files that enter, bounce around and exit an organization. This would benefit not only breached individuals, but also the organizations and their business partners.
For those unfamiliar, the Information Commissioner’s Office (ICO) in the United Kingdom is the independent regulatory office dealing with data protection regulations such as the Data Protection Act.
Like many policy makers, the actual enforcement of policies has been a major stumbling block to their potential effectiveness. Up until recently, the ICO enforcement powers were very limited. However, the ICO has very recently started to issue fines (or “monetary penalties”) for failing to comply with the Data Protection Act.
- A4e was fined £60,000 for losing an unencrypted laptop containing thousands of client details
- Hertfordshire County Council was fined £100,000 for faxing details about a child sex abuse case to the wrong people
At the very least, seeing harsh penalties handed out for data breaches should help increase organization’s focus on protecting sensitive business and customer information. Hopefully that focus will be centered less on what device people are using to access company files and data (such as USB drives, personal email, portable hard drives, smart phones, etc) and more on the underlying risk mitigation need.
“This is part of a wider trend whereby the penalties for, and consequences of, inadequate security measures are increasingly costly and come from different sources – from the payments card industry, to government and private sector contracts, to activist regulators and the public at large,” said Frank Kenney, VP of Global Strategy at Ipswitch File Transfer. “The ICO move has to be seen in the wider context of increased compliance activity.”
Businesses need to take inventory of their own information and understand what confidential files exist and where they are located. Access to confidential files should only be granted to people that are required to use it as part of their job. Simply making policies won’t make a difference; organizations need to follow up with policy enforcement and also must provide employees with the right tools to keep them productive so they done need to resort to their own devices.
Great question asked by Wayne Hemrick at ArticleSnatch. In his answer to “How would you send large files in an ideal world?”,Wayne touches on a few very important considerations when thinking about person-to-person file sharing, including: ease-of-use, large file size, and security.
I agree that the ability to easily send ginormous files is only part of the problem that a business should be looking to solve. It’s no secret that people need to send other people files as part of their jobs. In many cases, these files contain information that is sensitive and confidential. In my opinion, the real issue is that business users lack a way to ensure the security of these information exchanges.
Wayne correctly points out that many of the currently used tools are insecure, inefficient, complicated and some even require the intervention of IT professionals. But the growing risk of privacy loss and data breaches has made the security aspect of sending files a top concern. Organizations need to demonstrate to their customers that they understand this and are taking steps to address it.
Businesses require a simple file sharing solution that:
- Enables employees to easily send files (any size, any type) to other people
- Lowers company risk by securing and protecting internal and customer information
- Provides visibility into what happens after file is sent for auditing and compliance
The ideal solution must provide for guaranteed and trackable file delivery that your business can rely on.
Neil Chesanow just published a very informative article for Medscape titled “Why Your Patients’ Data May Not Be Safe: 5 Steps to Protect It”
I had the pleasure of talking with Neil as he was writing the article and I must say that I’m impressed with the 5-step approach he outlines to prevent privacy breaches.
1. Develop a strict-but-realistic security policy
2. Control access to patient data
3. Monitor electronic health record (EHR) activity
4. Require more complex passwords
5. Encrypt all outgoing files
Although written from a medical/healthcare point-of-view, the steps can be applied to help any business or organization think through some of the issues surrounding the protection of sensitive and confidential files and data.
One of the more critical points that I believe Neil highlighted is how important it is to control access to confidential information. Access to sensitive files and data should only be granted to people that are required to use it as part of their job. Not every employee or external partner should have access to all company information…. And it’s easy enough to control and enforce access by applying simple rules and policies.
Monitoring, reporting and auditing file and data activity is another critical point raised by Neil. The ability to see who accessed sensitive information, when and how many times they access it, whether they moved or sent it to another location or person, and if/how the transmission and file itself was secured and encrypted are important pieces of information from both an internal security policy as well as compliance perspective. Believe me, you don’t ever want to turn down an eDiscovery judge’s request to provide an audit trail for a particular file or communication and not be able to provide it.
Here’s an amazing tale of how Ipswitch WS_FTP software is being used by the European Columbus laboratory to securely transfer hundreds of megabytes of scientific data between the International Space Station and Earth.
“Crew time is so valuable and the volume of data involved is so large that a reliable and secure system for data transfer was absolutely essential,” explained Alain Maillet, Cadmos engineer.
“WS_FTP gives us the possibility to transfer all our scientific data files automatically and securely, not only in space, but also back down to Earth – it is secure, stable and easy-to-use.”
Here’s an action photo of Alain Maillet talking with the International Space Station from Toulouse, France.
Got a great Ipswitch story of your own to tell? Email us at email@example.com…. We can’t wait to hear all about it!
In my last three blog posts on the Ziff Davis MFT survey, we dove into security and compliance, highlighted other notable strengths such as speed, reliability, scalability and up-time, and looked at some perceived deployment challenges.
Today, let’s look at the business benefits of a MFT and how they impact an organization’s bottom line.
The survey did a nice job uncovering some supporting business processes which respondents claim were positively impacted by their MFT solution. These include: communications with remote office and remote workers, collaborating with external business partners, vendors and suppliers, distribution and fulfillment, compliance management and customer service.
Here’s a nice summary: “Note how these improvements address the bottom line for an organization directly by improving efficiency, security, and customer outreach all at the same time.” That’s quite an impressive trifecta!
I’ll conclude this 4-part blog series with a couple of closing thoughts:
- I wholeheartedly agree with MFT solutions wearing the “unsung security and compliance solution” label…. And that growing perception will spread as more and more organizations look at refining, automating, optimizing and securing their file transfer policies, processes and workflows.
- It all comes down to visibility, management and enforcement. Organizations need visibility into data interactions, including files, events, people, policies and processes. They also need to be able to manage and automate internal and external data transfers and interactions. And of course, organizations must be able to easily create and enforce administrator defined policies and rules, including (but certainly not limited to) security.
Let’s take a closer look at the perceived challenges of Managed File Transfer (MFT) that are identified on the Ziff Davis MFT survey.
A few related topics top the list: “Finding the right MFT solution”, the “Cost”, including ongoing maintenance and future upgrades, as well as “Employee training”, including satisfaction and acceptance.
A lot has to do with the partner you choose to do business with, as well as the complexity of the MFT solution and its ease of use. Take time to carefully research vendors and clearly understand the anticipated deployment timeline, required involvement and training of your IT staff, and if any professional services are needed.
You want a proven, reliable vendor that has a track record of successful long-term customer relationships and who is committed to bringing new technology to market as business needs continue to grow and evolve. Let’s just say that not all MFT vendors are created equal…So choose carefully.
“Cost” is always a sensitive subject. But with so many MFT solutions varying in complexity, sophistication, scalability, deployment options, and price, I strongly advise you to list key business requirements and make sure not to over (or under) purchase functionality.
For example, here at Ipswitch we offer a range of MFT solutions that span from basic secure file transfer products and services all the way to robust solutions proven to meet requirements for extreme volumes of data exchange with governance, data transformation and file life-cycle tracking. Our solutions have proven to be fast to deploy and easy to use, resulting in rapid time-to-value that greatly exceeds other vendor solutions.
Lastly, consider the ROI and “risk avoidance” aspects of MFT from a security perspective alone (which is only part of the story). In a recent blog post, I pointed out that the average cost of each compromised file is $204. So go ahead and estimate how many pieces of sensitive files and data your company has…. Now multiply that by $204. I’m sure you’ll agree that the ROI on the time and resources spent to protect company data are well worth the investment!