What is needed is a way to manage the source-to-consuming application file transfer life cycle on both sides of the enterprise gateway or portal.

Transcription

1 Managing a secure file transfer environment has become a complex task, which requires consideration of a large number of factors. Business functions dictate that information be managed between the source application and consuming applications. Most businesses only consider Managed File Transfer (MFT) among their customers, trading partners and clients, and often ignore MFT within their own enterprise. Regulations, best practices, and government-mandated policy and procedures don t address the internal and external aspects of information management as separate issues. Rules and regulations are written to address all aspects of the life of important sensitive information throughout the entire cycle. However, there are unique factors that must be taken into consideration, and unique policies that may apply, when addressing either internal or external file transfer. Many of the policy management details are often unintentionally ignored until an alarm is sounded. At best, shortfalls or problem areas become apparent due to a failed process, inexplicable behavior, or because an audit review finds a weakness or vulnerability. At worst, they become visible due to a security breach with severe penalty implications or outright financial loss. In far too many cases, when attempting to manage file transfer requirements, companies use disparate and uncoupled systems for managing internal and external transfers. Attempting to ensure compliance among multiple systems only complicates adherence to policy and is vastly less effective. Generally the focus is to the outside, ignoring the internal infrastructure in the often mistaken belief that all is secure. As a stopgap measure to better address these complexities, some companies have adopted point-to-point solutions that require licensed or named versions of the same product at both ends of the transfer. Often this means forcing a complex solution on customers and clients. Another disadvantage is that once licenses are deployed they are not reusable, or worse, lie dormant and unused creating a hidden security problem and wasted cost - after the original need has expired. Other so-called any-to-any solutions require embedded control statements in order to affect a file transfer. Changing content by embedding control statements may nullify the ability to authenticate and validate the file contents as they existed when produced by the source application. What is needed is a way to manage the source-to-consuming application file transfer life cycle on both sides of the enterprise gateway or portal.

2 The ideal file transfer life cycle should be maintained by a single secure and auditable system which: Seamlessly handles both internal and external Secure Managed File Transfer requirements Defines the steps/actions to perform Schedules when to perform the tasks Handles task expiration and resource cleanup Provides command and control, management and reporting tools DataExpress Agent (DX Agent) meets that goal of providing such a system. DataExpress Agent (DX Agent) Deployed within the DataExpress Open Platform framework, DMB has created a component called DataExpress Agent. DX Agent targets the managing relationships and procedures category where the management of file transfers resides. DX Agent is a small, stand-alone application deployable as a desktop or server agent. DX Agent enables secure bi-directional file transfer capabilities with a pre-defined DXOP system. DX Agent is able to better manage end-point relationships by deploying a small footprint Agent to the end-point location. Other products allow for peer-to-peer connectivity by requiring separately and specifically licensed products at both the internal host and end-point locations. These solutions are always expensive and require advanced technical skill sets, frequently at both host and end-point locations, to deploy and maintain. DX Agent deployment moves the function of administering an end-point to the managing relationship and procedures category, where the skill sets required to enable and manage secure file transfers are less than those of system administrators. DX Agent replaces native and third-party file transfer products with a DX Agent footprint that is pre-configured to communicate with a specific DXOP Core Server instance. DX Agents are well suited for internal business server deployments that allow for file exchanges with DXOP Core Server instances. In planning for and building the requirements for the DX Agent, DMBGroup, Inc (DMB) conferred with many of our major customers. As a result of those conversations, DMB established that a DataExpress administrator s time is broken down as follows: 50% general infrastructure knowledge: server Operating Systems administration, networks, file management, internal policy requirements, script writing, and firewall negotiation. 45% managing relationships and procedures with clients and internal business units, managing file transfer processes, service level management, set up, minor problem resolution, audit reconciliation, solving communication issues with remote sites. 5% managing DataExpress, severity 1 issues, user roles, software installation (updates, initial configuration)

3 In a non-managed file transfer environment, all of the tasks performed can be considered to be in the general infrastructure knowledge category. This usually requires one or more highly skilled system administrators to organize and manage the file transfer environment. This mode of operation usually results in custom scripts, poorly documented processes and procedures, limited scalability, and nearly no continuity, all translating to potential risk and end user frustration. Also, time and time again, we have seen system administrators with hard earned, expensive institutional knowledge leave or change jobs. More risk and more frustration. Moving to a centrally managed file transfer system alleviates issues that arise when system administrators with hard earned, expensive institutional knowledge leave or change jobs. Implementing DXOP with DX Agent technology provides a standardized solution where policy and procedure (implying compliance to mandates,) are documented, implemented, and audited within a defined area. This is far superior to attempting to enforce policy distributed to a number of discrete (usually undocumented and not inventoried) throughout the infrastructure. Often these types of implementation lead to missed compliance and risk while at the same time are far more expensive to build and maintain. Licensed versions of DX Agent Execution Defaults and Options DX Remote Agent (DXRA) Drag-and-Drop execution for desktop operation Polls Controlling DX Agent Server for taskst Task Execution (driven/delivered from DXOP Server) Pre/Post task processing DX Enterprise Agent (DXEA) Polls Controlling DX Agent Server for tasks Task Execution (driven/delivered from DXOP Server) Pre/Post task processing DX Agent Operational Modes All file transfer protocol operations are always SFTP File encryption/decryption tasks optional managed by DX Agent Manager Compression/decompression tasks managed by DX Agent Manager Folder or folders are selected at DX Agent installation but can be modified by reinstalling or upgrading the DXOP Agent Operation Mode is selected at DX Agent installation but can be modified by reinstalling or upgrading the DXOP Agent DX Agents have three modes: 1. Restricted Mode allows scanning of a single folder on the server or desktop. Data can be transmitted to any DXOP Instance or third-party SFTP-capable server. The folder is selected at DX Agent installation but can be modified at any time. Modification can only be made at the DX Agent installation site, thus preserving security. 2. Restricted+ Mode allows scanning of a single folder on the server or desktop. Data can be transmitted to only DXOP Instances. Data being transmitted or received by the Agent will only come from a single DXOP Server instance. As in Restricted Mode, modification can only be made at the DX Agent installation site, thus preserving security. 3. Unrestricted Mode allows scanning of any folder on the server or desktop. Data can be transmitted to any DXOP Instance or third-party SFTP-capable server.

4 Additional DX Agent Operating Components DataExpress Agent Manager 1. The DX Agent Manager validates DX Agent licensing 2. The DX Agent Manager also defines the tasks to be run by the DX Agents: Collection Distribution Encryption/Decryption Compression/Decompression Renaming File deletion Directory creation/ removal, File copying/file moving DX Agent Server task execution 3. DX Agent Manager interoperability with DXOP Core Server Real-time licensing/de-licensing of a remote agent Configuration Monitoring Relationships among DX Enterprise Agents DataExpress Open Platform (DXOP) DataExpress Agent Server 1. DX Agent Server handles remote Agent authentication 2. Dispatches Remote Agent task execution. 3. Sets polling intervals for DX Agents 4. Times frequency of task execution 5. Coordinates DXOP job processor interface 6. Manages sessions with DX Agents DataExpress Open Platform (DXOP) takes control of a non-managed and decentralized file transfer environment and converts it to a managed environment, where the appropriate skill levels can be applied to the task breakdown. Apart from the multitude of other benefits, this also frees the highly skilled resources previously assigned responsibilities within the general infrastructure knowledge category to be used more effectively. DXOP remains the heart of Secure Managed File Transfer and utilizes DX Agent technology to centralize File Transfer management within and without the enterprise. Using DXOP features coupled to DataExpress Agents affords an enterprise unparalleled file transfer management capabilities. Implementing DXOP with DX Agent technology provides a standardized solution where policy and procedure (implying compliance to mandates,) are documented, implemented, and audited within a defined area. This is far superior to attempting to enforce undocumented policy which has been distributed to a number of discrete entities throughout the infrastructure. Often these types of implementations lead to missed compliance targets and high risk while at the same time are far more expensive to build and maintain.

5 DX Agent Value Proposition 1. Significantly lowers complexity for sophisticated, secure, scheduled, or casual file transfer 2. Enables automated bi-directional file transfers with a DXOP Core Server instance 3. Enables file exchanges with non-dxop servers, under the control and management of the DX Agent Manager 4. Automatic session encryption 5. Full centralized auditing, reporting, and control features 6. Extended DX Agent logging from DX Agent Manager 7. Manages desktop and server deployment Licensing Terms 1. Subscription or direct licensing Remote Agent License Pack which is completely scalable as required 3. 2 Server Agent license Pack 4. Re-usable licenses, not to exceed total number of DX Agents licensed 5. DXRA implementation restricted to desktop operating systems 6. DXEA implementation may be to any supported operating system Deployment 1. DX Agent branding with custom logo 2. Optional DMB Distribution Services and Enabling Services 3. Self-service enablement and web distribution from DMB Use-case Examples 1. Distribution of files to remote users 2. Push pricing updates to all retail stores 3. Nightly point-of-sale data updates to the corporate office 4. Remote office updates 5. Daily backup of financial software data (Quicken, QuickBooks, backup files,) is stored to a local folder, uploaded to DXOP, and then archived from the DXOP Server Instance 6. Ad Hoc transfer of files between remote users. Drop in a folder, and it appears in the other user s folder when the transfer is complete

6