Why Your Company Should Be Using Secure File Transfer Protocol Instead Of File Transfer Protocol
The importance of ensuring that a companies confidential information remains confidential should not be a surprise and is certainly not a new concept for maintaining regulatory compliance or economic competitiveness. Security breaches, which are more common than any business owner would like, that expose confidential data are dangerous and costly because of regulatory penalties, possible civil lawsuits, and lost business.
To avoid these breaches, enterprises routinely spend large amounts of money to implement effective measures for protecting data at rest within databases and archived storage systems. Believe it or not, with all the money spent to maintain security, enterprises routinely do a poor job at protecting data in transit. All to often these companies rely on unsecure tools, such as FTP or messaging programs, to transfer of files from one location to another. Enterprises need a secure file transfer solution that enables authorized users to transfer data quickly, easily, and securely all within a system that is monitored by a IT team.
What are the common unsecure file transfer tools that put enterprise data at risk?
"
FTP, which tempts users to upload confidential files on servers and then forget
about them.
" P2P, which relies on client configurations with default settings that often
broadcast all sorts of confidential data onto the Internet.
" IM, which often transfers files without encryption and which makes it easy to
spoof recipients' IDs.
" Courier services, which can lead to physical media such as tapes and CDs
being lost or mishandled.
" Free file-sharing services, which IT is unable to administer and which may leak
data to untrusted third parties.
" USB memory sticks, which can be lost or stolen, and which make data
untraceable by IT.
How VAO has created a solution;
1. Ensure ease of use and transparency to users
Implement a solution that fits into the software tools and business processes that
employees use every day. Make secure file transfer so transparent and easy that
employees are no longer tempted to use alternatives, such as private file transfer
accounts and Gmail. Best-of-breed solutions can be integrated to work with email
systems, Web browsers, and other applications that employees use every day.
2. Disable FTP and delete old files stored on FTP servers.
While ostensibly secure, FTP leads to many file security problems. Some
problems arise because FTP is often cumbersome to administer and manage. To
use FTP securely, users need unique, password-protected accounts. Setting up
such accounts falls to IT managers who often have higher priority issues. As a
result, getting an account set up can take time"" days or weeks, if IT
is backed up. In the meantime, business waits. The delay prompts users to seek
alternatives. Why wait for a special FTP account when you can send the file
immediately with Gmail or post it on a free file-sharing site like drop.io?
When employees do use FTP, other problems result. Files linger on servers
because once the recipient has the file, the sender has little incentive to log onto
the server and delete it. As a result, FTP servers become repositories for old,
untended confidential files. Clogged servers become targets for hackers. And
unscrupulous FTP users may pore through directories, looking for interesting
data.
3. Block P2P programs and warn employees about the dangers of P2P.
A couple of years ago, a major pharmaceutical company inadvertently leaked
confidential data about 17,000 employees onto the Internet. The data included
Social Security numbers. What caused the leak? An employee' spouse had
installed P2P software on a company laptop. The software' default configuration
generously shared the contents of the laptop' hard drive with the public. Another
employee sued, and Connecticut' attorney general launched an investigation.
P2P clients are among the most popular software downloads, but few users
realize just how risky P2P file-sharing really is. The default configurations of
many P2P clients broadcast data from local hard drives. Users are often too
swept up with their new music or movies to notice.
4. Protect files in transit.
Protect files in transit with SSL, data encryption, and password authentication.
5. Protect files at rest.
Protect files at rest with data and disk encryption and password authentication.
6. Let authorized users help themselves.
Enable business partners and other trusted outsiders to easily gain access and
use the same secure file transfer system for sending and receiving files securely.
Eliminate the need for IT managers to manually create accounts before files can
be transferred.
7. Set policies that limit the sharing of confidential information via courier services.
In July 2010, FedEx lost 138,000 patient health records when it was shipping
CDs for a New York City hospital. In 2009, FedEx delivered 8,500 confidential
W-2 forms to the wrong addresses.
There are some situations that require paper originals and the use of courier
services. But in many cases, sending files electronically is faster safer, and more
secure. Another benefit of using digital file transfer is that it consumes much less
energy and results in much less pollution. A secure file transfer solution is
"greener" than courier services relying on airplanes and trucks.
8. Audit file transfers to ensure best practices and industry regulations are being
met.
Once the secure file solution is deployed, IT manager and security officers
should communicate updated secure file transfer best practices. Then they
should audit the solution' use to ensure that users have genuinely changed their
habits and are transferring files securely. By monitoring file traffic and account
activity, while keeping an eye on the use of courier services, Gmail, and other
communication channels, IT and security personnel can gain an understanding of
which users and departments might be clinging to their old habits and putting
data security and regulatory compliance at risk.
To avoid these breaches, enterprises routinely spend large amounts of money to implement effective measures for protecting data at rest within databases and archived storage systems. Believe it or not, with all the money spent to maintain security, enterprises routinely do a poor job at protecting data in transit. All to often these companies rely on unsecure tools, such as FTP or messaging programs, to transfer of files from one location to another. Enterprises need a secure file transfer solution that enables authorized users to transfer data quickly, easily, and securely all within a system that is monitored by a IT team.
What are the common unsecure file transfer tools that put enterprise data at risk?
"
FTP, which tempts users to upload confidential files on servers and then forget
about them.
" P2P, which relies on client configurations with default settings that often
broadcast all sorts of confidential data onto the Internet.
" IM, which often transfers files without encryption and which makes it easy to
spoof recipients' IDs.
" Courier services, which can lead to physical media such as tapes and CDs
being lost or mishandled.
" Free file-sharing services, which IT is unable to administer and which may leak
data to untrusted third parties.
" USB memory sticks, which can be lost or stolen, and which make data
untraceable by IT.
How VAO has created a solution;
1. Ensure ease of use and transparency to users
Implement a solution that fits into the software tools and business processes that
employees use every day. Make secure file transfer so transparent and easy that
employees are no longer tempted to use alternatives, such as private file transfer
accounts and Gmail. Best-of-breed solutions can be integrated to work with email
systems, Web browsers, and other applications that employees use every day.
2. Disable FTP and delete old files stored on FTP servers.
While ostensibly secure, FTP leads to many file security problems. Some
problems arise because FTP is often cumbersome to administer and manage. To
use FTP securely, users need unique, password-protected accounts. Setting up
such accounts falls to IT managers who often have higher priority issues. As a
result, getting an account set up can take time"" days or weeks, if IT
is backed up. In the meantime, business waits. The delay prompts users to seek
alternatives. Why wait for a special FTP account when you can send the file
immediately with Gmail or post it on a free file-sharing site like drop.io?
When employees do use FTP, other problems result. Files linger on servers
because once the recipient has the file, the sender has little incentive to log onto
the server and delete it. As a result, FTP servers become repositories for old,
untended confidential files. Clogged servers become targets for hackers. And
unscrupulous FTP users may pore through directories, looking for interesting
data.
3. Block P2P programs and warn employees about the dangers of P2P.
A couple of years ago, a major pharmaceutical company inadvertently leaked
confidential data about 17,000 employees onto the Internet. The data included
Social Security numbers. What caused the leak? An employee' spouse had
installed P2P software on a company laptop. The software' default configuration
generously shared the contents of the laptop' hard drive with the public. Another
employee sued, and Connecticut' attorney general launched an investigation.
P2P clients are among the most popular software downloads, but few users
realize just how risky P2P file-sharing really is. The default configurations of
many P2P clients broadcast data from local hard drives. Users are often too
swept up with their new music or movies to notice.
4. Protect files in transit.
Protect files in transit with SSL, data encryption, and password authentication.
5. Protect files at rest.
Protect files at rest with data and disk encryption and password authentication.
6. Let authorized users help themselves.
Enable business partners and other trusted outsiders to easily gain access and
use the same secure file transfer system for sending and receiving files securely.
Eliminate the need for IT managers to manually create accounts before files can
be transferred.
7. Set policies that limit the sharing of confidential information via courier services.
In July 2010, FedEx lost 138,000 patient health records when it was shipping
CDs for a New York City hospital. In 2009, FedEx delivered 8,500 confidential
W-2 forms to the wrong addresses.
There are some situations that require paper originals and the use of courier
services. But in many cases, sending files electronically is faster safer, and more
secure. Another benefit of using digital file transfer is that it consumes much less
energy and results in much less pollution. A secure file transfer solution is
"greener" than courier services relying on airplanes and trucks.
8. Audit file transfers to ensure best practices and industry regulations are being
met.
Once the secure file solution is deployed, IT manager and security officers
should communicate updated secure file transfer best practices. Then they
should audit the solution' use to ensure that users have genuinely changed their
habits and are transferring files securely. By monitoring file traffic and account
activity, while keeping an eye on the use of courier services, Gmail, and other
communication channels, IT and security personnel can gain an understanding of
which users and departments might be clinging to their old habits and putting
data security and regulatory compliance at risk.
Source...