L. Frank Kenney, Ipswitch File Transfer: The Data Breaches You Don’t See Are The Ones That Hurt The Most
February 2010 by L. Frank Kenney, VP Global Strategy, Ipswitch File Transfer
File transfer technologies have been around for over 30 years, but recent evolutionary changes in business needs have resulted in significant improvements to file transfer solutions from a security, management and governance perspective. Unfortunately, just as we become comfortable with modern managed file transfer solutions companies must now better manage how their employees share and exchange information. Today, IT departments not only need to enable person-to-server and system-to-system interactions, but also must create and enforce consistent policies and processes regarding how information is moved between people inside and outside a company.
Prosumers (a hybrid of the terms professional and consumer) will continue to bring their personal technology that makes them more productive into the corporate environment and the key will be for organisations to remain secure and have visibility into all information sharing activities. From the iPhone and i-Google portal pages to webmail and file-sharing websites to USB drives, corporate IT has to manage and control both sanctioned and ad-hoc applications, processes and systems. The result is a tectonic shift in the processes, methodologies and mechanisms companies must deploy to better manage their flow of information.
Unprecedented changes have also occurred in recent years that affect the fundamental way companies conduct business. Insidious threats to the security and reliability of critical data and business processes and the increasing velocity of privacy laws and regulatory compliance mandates increase the risks of sharing information. Regulatory compliance and government mandates, such as BASEL II, Conduct of Business rules (COB), European Data Protection directives, the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX) and the recommendations from the Organization for Economic Cooperation and Development (OECD) are forcing companies to document all their business processes. Information transfer is just one major business process that is receiving increased scrutiny.
Indeed, a typical company may need to provide proof of compliance to a number of different regulators, business partners and customers. At no other time in history has the very existence of businesses depended so crucially on its ability to manage the secure transfer of business information while maintaining compliance. Today’s economy is increasingly based on information flow. Getting the right information to the right person at the right time is the key strategy for businesses to be successful.
Demand has increased for information exchange solutions that not only ensure the end-to-end security and reliability of the file transfer process but also provide management visibility of the file transfer process via integrated application level security, compliance reporting, auditing and work flow monitoring and automation. Current solutions exist today that implement the managed file transfer approach and allow businesses to:
Reduce the cost and risk of providing access to critical data due to adherence to privacy and security regulations,
Gather information about processes relying on managed file transfer technologies to become more agile and quickly respond to changing business requirements,
Provide data management, monitoring and scheduling (including tracking auditing and guaranteed delivery, and
Reduce costs by composing in automating file transfer processes.
The good news is that companies can take steps to reduce the inherent business risk of sharing data by using file transfer solutions and best practices that are not only reliable and secure but also increase efficiency by integrating with existing business workflow processes.
The management of interactions, managing all facets of file/data/information movement and related information (metadata) about the transfer, sender, receiver and intermediary, means rethinking and changing how companies leverage security technologies, mechanisms and processes. Security is no longer, nor has it ever been, an off or on choice. There are degrees of security that correlate with degrees of risk; and because the amount of information and the speed of which that information travels is constantly growing, there is a need for agility and dynamism, not common in most infrastructure integration and collaborative technologies.
So just how challenging is it for an organization to manage interactions? Well, consider that:
More than 80% of all information that moves throughout companies today are flat files or in batch/batch mode,
An estimated $500 million was spent on managed file transfer in 2009, growing at a 23-27% year-over-year rate,
8 terabytes (or 2 million, 5 minute MP3’s) are moved via email systems (as attachments) every 4 weeks, and
Less than 20% of companies of all sizes have solved their issues of managing both integration and collaboration.
Additionally, organizations must enforce all of their policies on personal file sharing interactions in addition to the traditional batch and systematic data transfers – security, privacy, risk mitigation and more. Organizations need to manage file-sharing interactions and proactively apply encryption, access control and authentication, digital loss prevention, content management and be able to fully audit and report on all of these transactions. Platforms for managing interactions will come from a plethora of vendors including those from the managed file transfer space, the B2B space, the SOA space and finally from the systems management and collaborative spaces. Wherever they come from and regardless of implementation style (software as a service, an appliance or as package applications) the ability to manage the interactions of systems and people, interchangeably, as opposed to the best security, the best BPM, or the best transformation, will be the defining attribute of this emerging market segment.