Combating security breaches with managed file transfer technology

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Last October a large company revealed that an employee mistakenly sent an email to an unauthorized recipient containing the names and Social Security numbers of former employees. Six months earlier, a large Texas university accidentally exposed personal information about as many as 4,000 alumni in an electronic file accidentally attached to an email sent to one person who had requested a transcript. That's just the tip of the iceberg in insider-triggered security breaches.

In fact, a 2012 Forrester survey found that 47% of security breaches in the previous 12 months were caused by either inadvertent misuse (32%) or deliberate abuse (15%) by an insider or business partner. The problem can be traced in part to a lack of control over data sharing with conventional strategies such as email, FTP and consumer-grade cloud services like Dropbox and YouSendIt. [Also see: "Five misconceptions about file transfer security"]

An alternative that is gaining ground is managed file transfer (MFT), a technology that mitigates risk in data sharing by centrally managing, securing and tracking both ad hoc and scheduled data transfers. That includes user-to-user exchange between colleagues or with third parties such as customers; system-to-system transfers that move application data between servers; user-to-system transfer scenarios for data updates; or even desktop-to-mobile file transfers for users on the road.

[ ROUNDUP: 6 tools to manage large file transfers ]

MFT solutions offer four major data protection benefits that apply to information that moves both inside and outside the corporate firewall.

First, MFT controls every aspect of the data exchange process, enabling administrators to set rules, monitor and audit the entire enterprise data flow from a central location without the fragmentation and lack of oversight of FTP and cloud services.

Second, MFT products make it possible to restrict senders and recipients by privilege level or type of file to help ensure that data doesn't fall into the wrong hands. For example, administrators might bar groups of users from sending or receiving HR files, customer lists or CAD drawings, or prohibit those files from being sent outside the enterprise.

Third, instead of sending information in clear text, MFT adds a security layer by automatically encrypting data transfers.

Fourth, some MFT products provide direct integration with data loss prevention (DLP) products that filter messages for forbidden content, allowing even more granular control over the types of data that may be exchanged and permissible destinations.

These protections also apply to large files that exceed email attachment limitations, prompting users to resort to cloud services that cause administrators to lose both control and visibility over the file exchange process. Using cloud services also puts your data at the mercy of the provider's security vulnerabilities. In June 2011, for example, Dropbox inadvertently dropped password requirements on all accounts for four hours, exposing every user's files to the public.

For reasons like these, many organizations are now either already using MFT products to control file transfers or considering the purchase of an MFT solution. In fact, Gartner estimates that 50% of midsize and large organizations will deploy products in this category over the next three years.

If you're considering deploying an MFT product for your organization, here are a few questions to ask vendors:

  • What type of access restrictions may be placed on exchanges moderated by the MFT solution? Can access be restricted by user, domain, time, file type and other attributes?
  • Does the solution allow the aggregation of information about human-to-human, human-to-system and system-to-system file transfers in a single repository?
  • What workflow capabilities does the solution provide? Can it perform rules-based routing of files?
  • Will the MFT solution integrate effectively with your organization's DLP technology?

Using a managed file transfer product can help your organization avoid data leak horror stories. You'll gain the ability to restrict permissible senders and receivers, centrally log data transfers, securely encrypt your data, and integrate with data loss prevention products. Considering the business value delivered by MFT in conjunction with the answers to the four questions outlined above will help you determine whether MFT has a role in your enterprise.

SEEBURGER AG is a provider of business-to-business integration technology.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags cloud file transferfile transferdropboxsecuritydata loss preventionManaged File Transfersecurity breachFTPMFT

More about DLPDropboxGartner

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Rohit Khanna, executive vice president of global strategy and corporate development, SEEBURGER AG

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts