Don’t look now, but you and your IT team may be in the trucking and secure-transport business. And naturally, you’ll need end-to-end encryption.

Every day, your business is a virtual loading dock, packaging data and shipping it out to users who, now, have more than one way to receive it. All of it is valuable, or you wouldn’t be transferring it. And much of it is highly sensitive, filled with your intellectual property and your customers’ financial information.

With respect to file transfer, you’re probably transferring larger files (and more of them). With respect to the cloud, much of this file warehousing takes place at remote locations where your data gets trucked over the Web. And with regard to today’s highly sophisticated cybercrime rings, hackers would love to get their hands on it before it hits its destination. Securing it for transit with end-to-end encryption is, without a doubt, a pretty darn good idea.

What Is End-to-End Encryption?

What exactly is end-to-end encryption? Wired‘s Andy Greenberg said it best: a procedure in which “messages are encrypted in a way that allows only the unique recipient of a message to decrypt it, and not anyone in between.”

The servers that forward the file along the pipeline act as “illiterate messengers” passing along messages whose contents they can’t read themselves. More specifically, this form of encryption relies on public-key cryptography, wherein the user provides a public key that anyone can use to encrypt a message. However, only the user’s personal key can decrypt it to read the information.

To put it another way, the truck drivers don’t carry a key to the trailer’s cargo door, so they can’t be tricked or suborned into letting the truck get pilfered.

Data Protection Is In Your Hands

Vendors promise to encrypt files in transit, but this means the trucking company holds the key to the data, not you. Their security may be excellent, but you don’t have control over it. What’s this mean? You shouldn’t rely solely on their protection.

The list of big-enterprise breaches keeps growing, Target and Sony falling victim to two of the most spectacular as of late. Regarding a recent hack of British telecom carrier, TalkTalk, Jeff Goldman at eSecurity Planet quotes one security specialist’s advice: “Any company that collects, stores or transmits personal information needs to encrypt that data at rest and in transit.”

Apart from shipping your data on storage media in a physical lockbox, encryption is the only tool that can protect your data while it is in someone else’s possession.

Encryption Helps After Data Theft Has Occurred

The use of encryption points to a couple of fundamental points about security. One is that no security technology, including this one, is invulnerable. A so-called man-in-the-middle attack can trick senders into using the attacker’s public key rather than that of the intended recipient. Or, an attacker can hack your own computer and simply steal your private key.

These security measures can’t make data theft impossible; rather, it’s all about making data theft as difficult as possible. Encryption increases the chance that even if data is physically stolen, those behind it will be unable to read or use it.

Keep in mind that the subjective nature of security means there’s nothing wrong with adding multiple layers of protection. As noted at ZDNet, security experts consider it best practice to encrypt data in this way at all times — at rest as well as in transit. End-to-end encryption works particularly well in the latter, adding that critical extra layer of protection while data is out on the open superhighway and exposed to the world’s most precise attacks. Don’t let your data leave home without it.

Protecting-FTP-Servers-Exposed

Possibly not. The Internet’s venerable File Transfer Protocol (FTP) is usually supported by Managed File Transfer (MFT) systems, which can typically use FTP as one of the ways in which data is physically moved from place to place. However, MFT essentially wraps a significant management and automation layer around FTP. Consider some of the things an MFT solution might provide above and beyond FTP itself—even if FTP was, in fact, being used for the actual transfer of data:

  • Most MFT solutions will offer a secure, encrypted variant of FTP as well as numerous other more‐secure file transfer options. Remember that FTP by itself doesn’t offer any form of transport level encryption (although you could obviously encrypt the file data itself before sending, and decrypt it upon receipt; doing so involves logistical complications like sharing passwords or certificates).
  • MFT solutions often provide guaranteed delivery, meaning they use file transfer protocols that give the sender a confirmation that the file was, in fact, correctly received by the recipient. This can be important in a number of business situations.
  • MFT solutions can provide automation for transfers, automatically transferring files that are placed into a given folder, transferring files at a certain time of day, and so forth.
  • MFT servers can also provide set‐up and clean‐up automation. For example, successfully‐transferred files might be securely wiped from the MFT server’s storage to help prevent unauthorized disclosure or additional transfers.
  • MFT servers may provide application programming interfaces (APIs) that make file transfer easier to integrate into your internal line‐of‐business applications.
  • MFT solutions commonly provide detailed audit logs of transfer activity, which can be useful for troubleshooting, security, compliance, and many other business purposes.
  • Enterprise‐class MFT solutions may provide options for automated failover and high availability, helping to ensure that your critical file transfers take place even in the event of certain kinds of software or hardware failures.

In short, FTP isn’t a bad file transfer protocol—although it doesn’t offer encryption. MFT isn’t a file transfer protocol at all; it’s a set of management services that wrap around file transfer protocols—like FTP, although that’s not the only choice—to provide better security, manageability, accountability, and automation.

In today’s business, FTP is rarely “enough.” Aside from its general lack of security—which can be partially addressed by using protocols such as SFTP or FTPS instead—FTP simply lacks manageability, integration, and accountability. Many businesses feel that they simply need to “get a file from one place to another,” but in reality they also need to:

  • Make sure the file isn’t disclosed to anyone else
  • Ensure, in a provable way, that the file got to its destination
  • Get the file from, or deliver a file to, other business systems (integration)

In some cases, the business might even need to translate or transform a file before sending it or after receiving it. For example, a file received in XML format may need to be translated to several CSV files before being fed to other business systems or databases—and an MFT solution can provide the functionality needed to make that happen.

Many organizations tend to look at MFT first for its security capabilities, which often revolve around a few basic themes:

  • Protecting data in‐transit (encryption)
  • Ensuring that only authorized individuals can access the MFT system (authorization and authentication)
  • Tracking transfer activity (auditing)
  • Reducing the spread of data (securely wiping temporary files after transfers are complete, and controlling the number of times a file can be transferred)

These are all things that a simple FTP server can’t provide. Having satisfied their security requirements, organizations then begin to take advantage of the manageability capabilities of MFT systems, including centralized control, tracking, automation, and so forth—again, features that an FTP server alone simply can’t give you.

– From The Tips and Tricks Guide to Managed File Transfer by Don Jones

To read more, check out the full eBook or stay tuned for more file transfer tips and tricks!