Would you be surprised if I told you that nearly 40% of all data leaks within the past 3 years have happened between January 1st and April 15th?
According to the DataLoss Database there have been 2,402 data loss incidents reported between 2007 and 2010, and 916 of them happened during tax season.
Tax season is upon us, and auditors are making the rounds. So what are companies doing to prevent sensitive information from walking out the door?
Important questions companies should consider:
- What kind of access is being granted to third parties, like auditors?
- How are third parties handling and protecting your business-critical information?
- What tax-related documents are being sent internally and externally – without a lock-and-key?
There is a critical need for visibility and security when handling sensitive documents either internally or with third-party providers – or with anyone else, for that matter. Organizations must make it a priority to first identify the confidential information floating around its systems, people and between partners. Then carefully consider where that data lives, who has access to it, and what policies should be implemented to ensure that it’s handled safely.
This week’s NASDAQ data breach has raised serious questions about the security of the US stock exchange and clearinghouses – not to mention further shaken an already fragile investor confidence.
My head is spinning just contemplating the possible ramifications if this network breach had resulted in the theft of non-public inside information that could be used illegally to gain a stock trading advantage!
Ipswitch’s Frank Kenney shares some additional thoughts on this week’s NASDAQ breach, including why it’s so critical that your software/service providers be held accountable for the security and privacy of your files and data. The confidentiality of your information may very well depend on it.
There are many reasons why organizations have shifted their approach to file transfer away from being a purely tactical point-solution (which was likely driven by a new/immediate need of a single business unit) to being viewed as a strategic project that’s now considered an important part of an organization’s overall business operation.
Jonathan Lampe recently published a very insightful article on CIO titled “The Evolution of File Transfer in 2011: From Tactical to Strategic”. Jonathan makes a very insightful case that the increased focus on (and backlash from) data breaches and compliance regulations has played a big role in this evolution.
As Jonathan points out, the grace period for lapses in personal data protection is thankfully over! And Managed File Transfer technology is being leveraged more and more as a strategic tool to not only facilitate the secure transfer of files, but also in a way that allows for much needed visibility, management and enforcement of company data, both within an organization and also between external partners and customers. And all with auditing and reporting capabilities that satisfy even the strictest of governed environments not to mention person-to-person, transformation and application integration too.
Some highlights of what to expect with the MFT evolution in 2011:
“First, there will be the ongoing challenge to present interfaces and metaphors that are relevant to today’s end users – the days of an FTP client on every desktop are long ago.
Second, there will be increased pressure to more closely integrate with enterprise middleware, authentication and monitoring/control technology.
Finally, there will be the ongoing need to present and manage more information about the flows of data, all within the context of tightening regulations around data privacy”.
Take a quick read of the CIO article…. It’s well worth 5 minutes of your time.
During the past year, we shared news of our expanded partner program and new partner web portal, reinforcing our commitment to the channel.
Today, we’re very excited to share news that our suite of MOVEit solutions will now be made available for sale through North American distributor Tech Data.
“Adding MOVEit to their portfolio ensures that our partners will have a strategic offering to meet the evolving needs of their customers.” said Gary Shottes, president, Ipswitch File Transfer.
“Businesses of all sizes are looking to VARs to support their security and compliance needs, and Tech Data and Ipswitch are working together to ensure that VARs have access to the support they need to add the MOVEit solutions to their offerings.” said Stacy Nethercoat, vice president at Tech Data.
Our channel partners will continue to be a critical component of the Ipswitch File Transfer worldwide sales team, providing customers with advisory and consultative solutions. Please do visit our partner webpage to find a local Distributor or Reseller.
If your file transfer solution could look into the future and predict 3 things for you, what would they be?
To kick this off, here’s a list of predictive needs I often hear from customers:
1) Am I about to miss my service levels, and which ones are about to cost me the most?
2) If I grow X% next year or bring on body Y of new traffic, what do I need to plan for in terms of system capacity, staffing and related technology?
3) Can I test a new transmissions proposal as if the test items were really coming from real people during real transmissions windows…all without affecting production?
Would these be your top 3 predictors as well? We’d love to know either way.
More than any other question, customers and prospects are asking me: What is the Ipswitch Cloud story? What are you going to do in the Cloud?
The Cloud has been the topic of discussion in many Product Management and Research & Development meetings and strategy sessions here at Ipswitch. While we may not have all the details sorted out, I want to provide you with a my initial thoughts…and I’d like to encourage you to provide feedback.
Ipswitch looks at the Cloud as having multiple personae. That is, to say, it represents various “things” to us.
In one sense, it’s a destination. When I use a Cloud-based service, my destination is the Cloud and there are attributes about this destination that are pre-configurable, predictable, and static, as far as connectivity goes. The notion of a set of Cloud Streams offered by Ipswitch is a real possibility. With over 10 million active users, we could offer pre-configured, governed connections to common Cloud-based SaaS providers like Salesforce.com or Office 365.
In another sense, the Cloud represents a way to broker information to some other endpoint that may be cloud-based or on-premise. Our Sendable offering is just that. We broker the interactions between people and systems. Brokering includes adding layers of visibility, management, and enforcement. In this case, it’s important to offer multiple ways of connecting and multiple ways of provisioning, from ad-hoc to more formalized adapters and interfaces.
Finally, we look at the Cloud as being half of any domain-to-domain exchange of information, whether it’s people-to-people, system-to-system, application-to-application, or business-to-business. Companies of any size need to seriously consider a hybrid approach to MFT, B2B, and EAI overall.
In my last three blog posts on the Ziff Davis MFT survey, we dove into security and compliance, highlighted other notable strengths such as speed, reliability, scalability and up-time, and looked at some perceived deployment challenges.
Today, let’s look at the business benefits of a MFT and how they impact an organization’s bottom line.
The survey did a nice job uncovering some supporting business processes which respondents claim were positively impacted by their MFT solution. These include: communications with remote office and remote workers, collaborating with external business partners, vendors and suppliers, distribution and fulfillment, compliance management and customer service.
Here’s a nice summary: “Note how these improvements address the bottom line for an organization directly by improving efficiency, security, and customer outreach all at the same time.” That’s quite an impressive trifecta!
I’ll conclude this 4-part blog series with a couple of closing thoughts:
- I wholeheartedly agree with MFT solutions wearing the “unsung security and compliance solution” label…. And that growing perception will spread as more and more organizations look at refining, automating, optimizing and securing their file transfer policies, processes and workflows.
- It all comes down to visibility, management and enforcement. Organizations need visibility into data interactions, including files, events, people, policies and processes. They also need to be able to manage and automate internal and external data transfers and interactions. And of course, organizations must be able to easily create and enforce administrator defined policies and rules, including (but certainly not limited to) security.
Let’s take a closer look at the perceived challenges of Managed File Transfer (MFT) that are identified on the Ziff Davis MFT survey.
A few related topics top the list: “Finding the right MFT solution”, the “Cost”, including ongoing maintenance and future upgrades, as well as “Employee training”, including satisfaction and acceptance.
A lot has to do with the partner you choose to do business with, as well as the complexity of the MFT solution and its ease of use. Take time to carefully research vendors and clearly understand the anticipated deployment timeline, required involvement and training of your IT staff, and if any professional services are needed.
You want a proven, reliable vendor that has a track record of successful long-term customer relationships and who is committed to bringing new technology to market as business needs continue to grow and evolve. Let’s just say that not all MFT vendors are created equal…So choose carefully.
“Cost” is always a sensitive subject. But with so many MFT solutions varying in complexity, sophistication, scalability, deployment options, and price, I strongly advise you to list key business requirements and make sure not to over (or under) purchase functionality.
For example, here at Ipswitch we offer a range of MFT solutions that span from basic secure file transfer products and services all the way to robust solutions proven to meet requirements for extreme volumes of data exchange with governance, data transformation and file life-cycle tracking. Our solutions have proven to be fast to deploy and easy to use, resulting in rapid time-to-value that greatly exceeds other vendor solutions.
Lastly, consider the ROI and “risk avoidance” aspects of MFT from a security perspective alone (which is only part of the story). In a recent blog post, I pointed out that the average cost of each compromised file is $204. So go ahead and estimate how many pieces of sensitive files and data your company has…. Now multiply that by $204. I’m sure you’ll agree that the ROI on the time and resources spent to protect company data are well worth the investment!
The Ziff Davis survey on Managed File Transfer did a nice job amplifying the aspects of currently deployed file transfer methods people think need the most improvement.
Checking in at #1 and #2 on the “improvements needed to my existing file transfer methods” list are SPEED and SECURITY. This only fuels the age-old debate of productivity versus security… But that’s a topic for another day! Needless to say, it’s not surprising that about half of survey respondents say that they need faster file transfers and roughly the same amount say they require stronger security.
Other items on the “improvements” wish list include: reliability, capacity, scalability, central management, workflow integration, IT infrastructure integration and compliance.
It’s validating to see in the graphic that areas where MFT solutions excel today closely map to those aspects of existing file transfer methods that people say require the most improvement — Reliability, speed, security, up-time and capacity round out the top five. Efficiency is a common theme with all these items, driven largely by time-sensitive business-critical processes and even SLAs depending on fast and highly available file transfer processes and workflows.
The last point I want to make about the “needs improvement” survey results is that no solution (MFT or other) will magically make a company compliant. There is no holy grail to achieving regulatory, regional, industry or corporate compliance. Rather, compliance is the end result of a strategically implemented, documented and monitored initiative that encompasses the entire arsenal of company-sanctioned policies, tools, and of course processes and employee actions.
Coming soon: I’ve got a few more musings about the survey that focus on deployment challenges as well as the business benefits of MFT.
Ziff Davis recently published a study on Managed File Transfer that heralds MFT solutions as “the unsung security and compliance solution”. Eric Lundquist sets the stage nicely:
“Everyone is talking about the need to collaborate more effectively and put employees closer to customers in a real time business environment.
But until you can assure the security, privacy, and compliance requirements of data transfer, the collaborative enterprise is just a good idea. MFT is one of those enabling technologies designed to make it a reality.”
The study found that security concerns about current file transfer methods include the usual suspects, such as: encryption; viruses, user authentication, backup, hacking, enforcing security policies, managing external users, auditing, reporting and defining security policies.
Not surprisingly, data from the study shows that many of those very security concerns that people had with their organizations current file transfer methods are actually strengths of today’s MFT solutions.
Keep in mind that many organizations still rely on homegrown scripts and point-to-point solutions, oftentimes using unencrypted FTP protocol for transport… And with very little visibility, management or policy enforcement. In addition to being time consuming and expensive to manage and maintain (and commonly built by developers that left the company years ago), many existing file transfer methods are insecure and introduce risk and inefficiency into an organization.
Plus, many companies haven’t even begun to crack the person-to-person nut of file transfer beyond relying on corporate email, unsanctioned personal email or file sharing websites, and even sneakernet!
In my next post, we’ll take a closer look at some of the areas where the study identified MFT solutions as being superior to many commonly used methods for file transfer.