What can CSOs do to implement a secure file transfer strategy?
Ipswitch File Transfer offers secure, managed file transfer (MFT) solutions that are fast to implement, easy to use, and backed by exceptional customer support. Ipswitch solutions are used around the world by thousands of organizations, including more than 90% of Fortune 1000 enterprises, many government agencies and millions of individuals.
Info Security PG: Why is that even with all the online storage solutions now available, sharing files, including employees personal file sharing can still be a security risk?
Rich Kennelly: It’s actually the ready availability of all these file-sharing solutions that create the problem. We recently conducted a survey of over 200 IT leaders with security responsibilities about person-to-person file-sharing practices. And the results should alarm IT and security professionals.
Findings show that employees are circumventing IT staff by sending confidential and highly sensitive company files via means that are insecure and lack auditability. The results serve as a graphic reminder that when company systems hinder employee productivity, it’s both a security risk and bad for business.
There’s no way to sugarcoat the results of the survey:
84% of employees are using personal emails to send sensitive files, often because the file size exceeds corporate mailbox quotas, or because they want to use documents at their next place of employment without the company’s knowledge
More than 50%of respondents expose company files or data by uploading to a cloud-based service such as Dropbox or YouSendIt
More than 30% of employees have lost a USB drive containing confidential information
Over half of IT managers lack any visibility into file and data transfer within their organizations
Many respondents also reported feeling pressure from their customers and partners to improve the way they send and receive files.
About Rich Kennelly
Rich is the president of the Ipswitch File Transfer Division of Ipswitch. Prior to Ipswitch, Rich led Akamai's Media Business Unit - responsible for video, software, and object delivery. Prior to that, Rich held numerous roles in his 9 years at Akamai, including VP of Product Management.
Rich began his career as a software engineer. He helped found ImagineLAN, Inc., a network diagnostics startup. He was also a key software architect and engineering leader at New Oak Communications - credited with creating the industry's first VPN switch. He went on to manage engineering for Nortel's VPN division, after it acquired New Oak.
Info Security PG: What are some of the most common but critical mistakes still happening with file transfers, internally within an organization, and with others?
Rich Kennelly: The most critical mistake is that we aren’t listening to the needs to our users. Business users are sending a clear message: they have jobs to do – for example, sharing product information with customers or sending purchase orders to partners – and don’t want to deal with the consequences of not getting their work done. They can’t afford the delays associated with jumping through perceived hoops to send out information and files that keep business humming. And if IT doesn’t provide the tools they need to send large and confidential attachments – or if the processes and technologies are too difficult to use – users will take matters into their own hands.
Info Security PG: What are the range of secure file transfer types and how even the same organization may have needs for all of them?
Rich Kennelly: Organizations have many different types of secure file transfer needs, including secure FTP servers, enterprise managed file transfer, secure email messaging, and B2Bi.
FTP servers are a great solution when people need basic file transfer capabilities at the lowest cost. It can provide proven, secure and guaranteed file delivery.
Enterprise MFT End to end managed file transfer solutions provide stronger security and more features enabling IT to govern and automate the secure exchange of files between organizations and people as well as helping to automate workflow. Additionally, MFT solutions often provide secure email messaging enabling employees to overcome the security and file limits common to email systems.
B2Bi systems provide an enterprise MFT framework complemented by sophisticated workflows, integration with systems and applications as well as data translation.
Info Security PG: What can CSOs do to implement a secure file transfer strategy?
Rich Kennelly: CSOs have a hard job working to strike the right balance between productivity and security. One popular answer is to provide IT-sanctioned methods and tools that protect data while making it easy for business users to get their jobs done. In many cases, the solution can be found using ad-hoc, person-to-person managed file transfer technologies that allow non-technical users to send files of any size simply and securely to anyone at any time in a well-governed way.
This represents a win-win for the CSO and the business, provided that these file transfer solutions:
1. Are as easy to use as the consumer-focused tools business users have opted for
2. Enable IT to be in full control of how and where information is shared
3. Can adapt to address changing regulatory and compliance requirements
Additionally, CSOs should be comfortable that the file sharing practices of their IT systems provide the administrative control, the compliance auditing and reporting, the security and the visibility into the file sharing process. If not, once again, an enterprise managed file transfer solution should be considered.
Company: Ipswitch File Transfer
83 Hartwell Ave, Lexington MA 02421 U.S.A.
Founded in: 1990 CEO: Rich Kennelly Public or Private: Private Head Office in Country: United States Products: Managed File Transfer Software Company's Goals: Provide practical but power solutions to address the breadth of an organizations managed file transfer needs.
JOIN NOW THE CYBER SECURITY WORLDWIDE COMMUNITY ON LINKEDIN