Last October a large company revealed that an employee mistakenly sent an email to an unauthorized recipient containing the names and Social Security numbers of former employees. Six months earlier, a larage Texas university accidentally exposed personal information about as many as 4,000 alumni in an electronic file accidentally attached to an email sent to one person who had requested a transcript. That's just the tip of the iceberg in insider-triggered security breaches.
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
Last October a large company revealed that an employee mistakenly sent an email to an unauthorized recipient containing the names and Social Security numbers of former employees. Six months earlier, a large Texas university accidentally exposed personal information about as many as 4,000 alumni in an electronic file accidentally attached to an email sent to one person who had requested a transcript. That's just the tip of the iceberg in insider-triggered security breaches.
In fact, a 2012 Forrester survey found that 47% of security breaches in the previous 12 months were caused by either inadvertent misuse (32%) or deliberate abuse (15%) by an insider or business partner. The problem can be traced in part to a lack of control over data sharing with conventional strategies such as email, FTP and consumer-grade cloud services like Dropbox and YouSendIt. [Also see: "Five misconceptions about file transfer security"]
An alternative that is gaining ground is managed file transfer (MFT), a technology that mitigates risk in data sharing by centrally managing, securing and tracking both ad hoc and scheduled data transfers. That includes user-to-user exchange between colleagues or with third parties such as customers; system-to-system transfers that move application data between servers; user-to-system transfer scenarios for data updates; or even desktop-to-mobile file transfers for users on the road.
[ ROUNDUP: 6 tools to manage large file transfers ]
MFT solutions offer four major data protection benefits that apply to information that moves both inside and outside the corporate firewall.
First, MFT controls every aspect of the data exchange process, enabling administrators to set rules, monitor and audit the entire enterprise data flow from a central location without the fragmentation and lack of oversight of FTP and cloud services.
Second, MFT products make it possible to restrict senders and recipients by privilege level or type of file to help ensure that data doesn't fall into the wrong hands. For example, administrators might bar groups of users from sending or receiving HR files, customer lists or CAD drawings, or prohibit those files from being sent outside the enterprise.
Third, instead of sending information in clear text, MFT adds a security layer by automatically encrypting data transfers.
Fourth, some MFT products provide direct integration with data loss prevention (DLP) products that filter messages for forbidden content, allowing even more granular control over the types of data that may be exchanged and permissible destinations.
These protections also apply to large files that exceed email attachment limitations, prompting users to resort to cloud services that cause administrators to lose both control and visibility over the file exchange process. Using cloud services also puts your data at the mercy of the provider's security vulnerabilities. In June 2011, for example, Dropbox inadvertently dropped password requirements on all accounts for four hours, exposing every user's files to the public.
For reasons like these, many organizations are now either already using MFT products to control file transfers or considering the purchase of an MFT solution. In fact, Gartner estimates that 50% of midsize and large organizations will deploy products in this category over the next three years.
If you're considering deploying an MFT product for your organization, here are a few questions to ask vendors:
- What type of access restrictions may be placed on exchanges moderated by the MFT solution? Can access be restricted by user, domain, time, file type and other attributes?
- Does the solution allow the aggregation of information about human-to-human, human-to-system and system-to-system file transfers in a single repository?
- What workflow capabilities does the solution provide? Can it perform rules-based routing of files?
- Will the MFT solution integrate effectively with your organization's DLP technology?
Using a managed file transfer product can help your organization avoid data leak horror stories. You'll gain the ability to restrict permissible senders and receivers, centrally log data transfers, securely encrypt your data, and integrate with data loss prevention products. Considering the business value delivered by MFT in conjunction with the answers to the four questions outlined above will help you determine whether MFT has a role in your enterprise.
SEEBURGER AG is a provider of business-to-business integration technology.