Sensitive data is everywhere, and it’s created faster than we can keep up with. To ensure our data remains secure we must employ countless tactics including file transfer security, data encryption and a zero-trust model.
Many cyber-attacks go after files, and especially go after them when they move from place to place.
Enterprises and large organizations know this and are taking pains to mitigate the threat.
Indiana University is one, and advises techniques that, “Encrypt the data over the network (in transit) and in storage (at rest) and require strong authentication to ensure both the sender and recipient are who they claim to be,” the school’s document on Transferring Data argues.
Files are Where Most Sensitive Data Resides
Files are where most data is created and held. Think of all the Word Docs and Excel spreadsheets created and shared every day. And this is not just ordinary information. This is the cream of the crop. In fact, documents, and Microsoft Office docs in particular, are where MOST of your organization’s SENSITIVE data is held!
While much sensitive data is stored in safe spaces, protected databases and such, as it is used it leaves those secure confines and ends up populating files. And these files end up getting transferred.
“Sensitive data is often stored in carefully protected systems with access controls and restrictions on usage. However, once data is exported from these systems—sometimes for valid business uses such as customer segmentation or powering a marketing campaign—it’s easy to lose control over the data. Sending sensitive data in email messages or as attachments, results in a broader attack surface for sensitive data, thus increasing the threatscape if an email account or cloud storage account is compromised,” Osterman Research said in its What Decision-Makers Can Do About Data Protection report.
Email: Terrible Way to Transfer Sensitive Files
Many shops still rely on old fashioned email for file transfers since attaching a file is something everyone can do. While this is fine for non-sensitive data, it is one of the worst things you can do with a sensitive, compliance-regulated file.
Besides the insane security risk (file interception, sent to the wrong recipient or even an entire distribution group), email is not made for large files. Many mail clients limit the size of file attachments to 10MB or less—not nearly enough to accommodate unstructured, multimedia formats such as ultrasound video files, audio files, images and so on.
Meanwhile, transferring large files through email servers causes performance degradation problems that impact reliability and file delivery.
Having many copies of large attachments gobble up allocated storage and lead to massive storage management headaches.
And of course, IT has no visibility as to where files are—a real problem when auditors come a calling.
FTP: Merely a Bad Way to Transfer Sensitive Files
Indiana University warns against sending sensitive data via FTP. “File Transfer Protocol (FTP), though efficient for transferring files, lacks any significant security features. The username, password, and data are sent across the network. In addition, there are no built-in safeguards to ensure the computer on the other end of the FTP connection (machine B in this example) is what it claims to be. These safeguards can be added with tools such as SSH or stunnel, but without them, FTP should only be used for data classified as Public or University Internal,” Indiana University’s document on Transferring Data contends.
The Need for File Transfer Visibility and Auditing
Having zero visibility into file transfers is just asking for trouble. Imagine a critical file never made it to its destination. What if it was mistakenly sent to the wrong person? Now IT must hunt the wayward file down, unravelling an array of errors, exceptions and problems that could solve the mystery. For security, compliance, and peace of mind, IT must always and easily know, for example, what clinical data was sent, where it went off to, if it was received and when and how exactly did it get there? Just as critical, what is the real-time status of the data?
Central Control Key to Secure Transfer of Sensitive Data
You can’t have file visibility if your file transfer system is not centralized. Often, this is due to a reliance on a patchwork of home-grown systems, usually scripted systems. Such a hodgepodge is inefficient, insecure, confusing and almost impossible to maintain.
For healthcare organizations, you may have different systems for different use cases, such as one for radiology and another for obstetrics— both with loads of “band-aid” fixes scripted along the way.
A better way is a single, centralized, consolidated secure file transfer solution for doctors, nurses, administrators and partners.
Sensitive Data Case Study: Scottish Pacific Business Finance (SPBF)
As one of the largest specialist providers of working capital solutions in Australia and New Zealand, Scottish Pacific Business Finance (SPBF) deals with more than 1700 clients across 8 offices, handles more than $14 billion in invoices and provides more than $1 billion in funding to their clients.
BFS had been using the award-winning MOVEit across their offices globally. During the consolidation process of the acquisition, SPBF decided to extend the use of MOVEit to all its eight offices. “With the different systems we had in place, the degree of human error due to the manual processes were high. But with MOVEit, we finally had a single tool that could deal with all the disparate systems. This made the processes much simpler for us and ensured that our data were always secure,” said Bruce Hort, the Applications Support Manager at SPBF.
SPBF deals with a lot of sensitive information, including credit scorings, which they must regularly share with banks. However, file transfers from one system to another comes with its own set of risks. “Our systems contain large amounts of sensitive data protected by a firewall in our internal system, that requires authentication to access it. While the files are well protected within the system, they lacked the same protection while being transferred, increasing their vulnerabilities,” added Hort.
Get more details in the full Scottish Pacific Business Finance Simplifies Secure Data Transfer with MOVEit case study.
The Managed File Transfer (MFT) Answer
So how do you encrypt, track, and authenticate file transfer users? Managed File Transfer (MFT), that’s how.
Because it can do all these things, MFT is the perfect way to replace all or most of the ways your shop transfers files, except for the ad hoc sending of non-sensitive material.
Even better, MFT is a true IT solution offering a single, secure, manageable and automated solution. And the MFT console gives IT pros a single pane of glass to see all activities, dramatically reducing the risk of file transfers gone wrong, or offering answers if they somehow do.
That single solution for secure transfer and sharing of sensitive files has several benefits. End users and IT are more productive because regularly scheduled file transfers are automated so users don’t have to lift a finger and are secure in the knowledge the files will be taken care of properly.
Learn more about secure file transfer by reading Osterman Research’s What Decision-Makers Can Do About Data Protection report.