Securing Your Business with Managed File Transfer

Why FTP/SFTP solutions are no longer a viable option

Download PDF of "Securing Your Business with Managed File Transfer"

Introduction – Why FTP/SFTP is Insufficient
FTP (File Transfer Protocol) is a network protocol for delivering data via the Internet that was developed in the late 1970s¹ . While the technology is dated, many companies continue to use FTP to transfer files internally and externally. As a free solution, many companies do not realize the risks associated with this type of file transfer. So the question to ask is, “Is FTP really free?”

FTP is not a secure method for transferring your data, whether internally or externally. What is the cost of losing your clients’ or partners’ data to your business? What is the cost of paying penalties for not meeting compliance requirements? Besides the financial implications, companies should also consider the effect of lost or delayed data on its reputation. As the public and businesses become savvier to the potential threat, FTP is quickly becoming an obsolete method of data transfer.

According to Gartner, Inc.: “Numerous factors cause companies to re-examine how they manage the movement of information from system to system, partner to partner, and person to person. FTP [File Transfer Protocol] alone isn’t a viable option to give the insight, security, performance, and, ultimately, the risk mitigation necessary to responsibly conduct business.” (For more information, see Kenney, LF et al.: “Magic Quadrant for Managed File Transfer,” page 2, Gartner Research Publication ID Number G00157614, 23 June, 2008.)

Many vendors promote SFTP (secure file transfer protocol) solutions. The data is transferred through SSH, a network protocol that allows data to be exchanged using a secure channel. While SFTP offers a minimal amount of security, it still compromises both your data’s confidentiality and integrity. SFTP has inherent design flaws that are making this seemingly secure method of transfer as obsolete as FTP.

The solution to protecting and transferring sensitive or mission-critical data securely is Managed File Transfer (MFT). Managed File Transfer solutions provide a greater level of security, meet strict regulatory compliance standards and give you the reliability you need in a data transfer solution.

The key to minimizing risk to your corporation is to deploy a secure and compliant Managed File Transfer solution that enables you to track all data movement across the organization from a single point.

Market Drivers – Security and Compliance
Many federal regulations are making MFT not only a better option, but the only option. Data transfers are often performed by a myriad of file transfer products that vary widely in terms of robustness, security and audit capabilities. All efforts to provide an end-to-end view fail as long as file transfers are processed separately using different technology. The same issues that prevent the end-to-end view also prevent a streamlined approach for compliance management and auditing.

As the enterprise-wide deployment of legacy file transfer products is cost prohibitive, most organizations are riddled with file transfer products, tools and utilities that cannot interoperate. With the amount of data transferred by organizations increasing everyday, it is imperative to standardize on a modern, cost-effective solution that adheres to current security and audit requirements including:

• Sarbanes-Oxley Act (SOX)
• Gramm-Leach-Bliley Act (GLBA)
• Health Insurance Portability and Accountability Act (HIPAA)
  

---

SOX and Managed File Transfer	Title II consists of nine sections and establishes standards for external auditor independence to limit conflicts of interest. It also addresses new auditor approval requirements, audit partner rotation, and auditor reporting requirements. It restricts auditing companies from providing non-audit services (e.g., consulting) for the same clients.
GLBA and Managed	File Transfer Part of GLBA, The Financial Privacy Rule governs the collection and disclosure of customers’ personal financial information by financial institutions. It also applies to companies, regardless of whether they are financial institutions, who receive such information. The Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information.
HIPAA and Managed File Transfer	This legislation requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. It helps people keep their information private.

---

Download PDF of "Securing Your Business with Managed File Transfer"

Managed File Transfer solutions address all of these regulations and provide greater functionality, not only for security and compliance, but also by providing file transfer transparency throughout your entire organization.

Another issue driving the market to evaluate a Managed File Transfer solution is data breaches. Data security breaches occurring at reputable corporations with large IT budgets have become an increasingly common occurrence. Too many organizations underestimate the issues with data transfer, lacking a full understanding of how data moves internally throughout their enterprise and how data is exchanged with their business partners.

With an increasing number of data breaches worldwide, many companies are asking themselves if FTP/SFTP solutions are worth the risk despite the no-to-low cost.

According to the ITRC’s (Identity Theft Resource Center) 2009 Breach List Report, “only 2.4% of all breaches had encryption or other strong protection methods in use. Only 8.5% of reported breaches had password protection. It is obvious that the bulk of breached data was unprotected by either encryption or even passwords.”

For any organization that transfers sensitive data, this is a business-critical issue. Whether you are in the healthcare, financial or government sector, using unsecure methods of file transfer puts your business, partners and clients at risk.

Managed File Transfer – What Can It Provide Your Business?

• Any credible Managed File Transfer vendor provides the following functionality:
• Security
• Visibility
• Manageability
• Reliability
• Compliance

A true Managed File Transfer solution supports the most modern security standards and methodology including SSL encryption, X.509 certificates and proxy certificates. The solution should streamline the audit process while also being able to access that audit information from a central point, saving you time and money.

Additionally, Managed File Transfer solutions should integrate with all components enterprise-wide to increase automation and reduce the need for specialized staff. This allows your staff to follow all elements of a business process and determine the impact of problems or issues on your business from a central control point. Establishing the technical issue before it becomes a business/operational problem is key MFT functionality.

Your Managed File Transfer solution should include functionality that allows data to be pre-and post-processed. You should be able to initiate action on any platform in your environment. Platform independent Managed File Transfer solutions lower your overall costs by reducing overhead.

What happens if there is a network failure? Managed File Transfer solutions ensure that all interrupted file transfers resume where they left off after a connection failure without manual intervention. Your Managed File Transfer solution should tightly integrate with your existing job scheduling solution to issue alerts if connections are not re-established after an acceptable time interval.

As previously mentioned, the red flag question for companies is: “Are your processes compliant and secure?” All Managed Transfer solutions should adhere to current security and audit requirements including SOX, GLBA and HIPAA.

Benefits of Managed File Transfer
A Managed File Transfer solution provides the aforementioned benefits and addresses the holes in a FTP/SFTP solution. Your compliance needs are met, avoiding costly mistakes from non-compliant and insecure solutions that will cost your company more in time, money and resources. A Managed File Transfer solution implemented enterprise-wide makes the most business sense as it provides secure internal, external and ad-hoc data transfers.

What To Look For
So now that you know what a Managed File Transfer solution should provide, what do you look for when selecting a vendor?

Besides the functionality listed above, make sure the following points are answered before implementing a Managed File Transfer solution:

• What is the vendor’s experience?
• Do they have client references that you can call?
• Is the vendor flexible and cost-effective?
• Does the vendor’s Managed File Transfer solution integrate with other workload
  processes?
• Does the vendor enable consolidation and automation of all file transfers?

While this functionality helps your company remain compliant, secure and reliable, should you be looking for more? At Stonebranch, we believe in Intelligent File Transfer.

Download PDF of "Securing Your Business with Managed File Transfer"

Infitran™, Stonebranch’s Intelligent File Transfer Solution
While you may or may not have a Managed File Transfer solution in place, you may still be having one or more of the following issues:

• Your existing tools lack functionality, causing you to spend too much time and
  manual effort to compensate for this lack of functionality.
• You have products with the above functionality, but the solution is too complex
  and expensive to be deployed everywhere the business requires.
• Your existing vendor is overcharging you and is too inflexible to meet all of your
  needs.
• You have too many products and need an intelligent strategy to consolidate and
  move forward.

Stonebranch’s Intelligent File Transfer solution addresses and meets your critical business needs through the ABCs of Managed File Transfer:

• Adaptive
• Business-driven Visibility
• Complete Management
  • Rapid Provisioning
  • Proactive Monitoring
  • Enforcement
  • Measurement

Adaptive
A Managed File Transfer solution must be adaptable to your IT infrastructure to satisfy your business needs. Infitran does not need to be redesigned every time there is a change in your environment.

Business-driven Visibility
Issues arise everyday when securely exchanging data within your data center. Some issues impact your business operations directly and others are less critical. Does your current Managed File Transfer solution let you know which issues are critical and which aren’t? Infitran focuses on driving visibility for decision makers, stakeholders and operational teams to ensure improved business operations and agility.

Complete Management
Our Intelligent File Transfer solution interoperates with your existing workflow automation and job scheduling tools, to allow you to manage by exception. Infitran leverages your existing policies and procedures to ensure compliance and rapid issue remediation. The following core components are required to deliver a holistic platform for your Managed File Transfer requirements:

• Rapid Provisioning
  Rapidly deploy and scale to your organization to meet the demands of your business and the marketplace, streamlining business processes.
  
• Proactive Monitoring
  Time to awareness is critical when resolving a technical issue, impacting your business. Infitran’s alerts capability reduces speed to resolution and decision-making.
  
• Enforcement
  Infitran enables businesses to define, implement and enforce policies that ensure the security and integrity of data, servers and networks.
  
• Measurement
  Infitran’s rich reporting and audit trails provide the necessary information for compliance reporting, third party audits and ongoing secure operations.

Software cost does not stop with the purchase price. Infitran provides real value through our pricing model, integration capabilities and ease of use. A global reinsurer company uses Stonebranch to run transfers over three continents to more than 1,000 servers and manages workloads with 2.5 FTEs. Another customer found that deploying Stonebranch was more cost effective than the administration overhead of managing SFTP.

Download PDF of "Securing Your Business with Managed File Transfer"

¹ The TCP/IP Guide, URL – http://www.tcpipguide.com/free/t_FTPOverviewHistoryandStandards.htm