Securing Your Business with Managed File Transfer

Transcription

1 Why FTP/SFTP Solutions Are No Longer a Viable Option

2 Executive Summary This white paper sets out to explain the importance of a Managed File Transfer solution implementation within your IT infrastructure and focuses on the following subjects: Why FTP/SFTP is no longer a viable solution The market drivers leading IT professionals to a Managed File Transfer solution The benefits of Managed File Transfer and how it can save your business valuable time, money and resources What to look for when evaluating Managed File Transfer An introduction to Intelligent File Transfer, taking Managed File Transfer to the next level 2

3 Introduction Why FTP/SFTP is Insufficient FTP (File Transfer Protocol) is a network protocol for delivering data via the Internet that was developed in the late 1970s 1. While the technology is dated, many companies continue to use FTP to transfer files internally and externally. As a free solution, many companies do not realize the risks associated with this type of file transfer. So the question to ask is, Is FTP really free? FTP is not a secure method for transferring your data, whether internally or externally. What is the cost of losing your clients or partners data to your business? What is the cost of paying penalties for not meeting compliance requirements? Besides the financial implications, companies should also consider the effect of lost or delayed data on its reputation. As the public and businesses become savvier to the potential threat, FTP is quickly becoming an obsolete method of data transfer. According to Gartner, Inc.: Numerous factors cause companies to re-examine how they manage the movement of information from system to system, partner to partner, and person to person. FTP [File Transfer Protocol] alone isn t a viable option to give the insight, security, performance, and, ultimately, the risk mitigation necessary to responsibly conduct business. (For more information, see Kenney, LF et al.: Magic Quadrant for Managed File Transfer, page 2, Gartner Research Publication ID Number G , 23 June, 2008.) Many vendors promote SFTP (secure file transfer protocol) solutions. The data is transferred through SSH, a network protocol that allows data to be exchanged using a secure channel. While SFTP offers a minimal amount of security, it still compromises both your data s confidentiality and integrity. SFTP has inherent design flaws that are making this seemingly secure method of transfer as obsolete as FTP. The solution to protecting and transferring sensitive or mission-critical data securely is Managed File Transfer (MFT). Managed File Transfer solutions provide a greater level of security, meet strict regulatory compliance standards and give you the reliability you need in a data transfer solution. The key to minimizing risk to your corporation is to deploy a secure and compliant Managed File Transfer solution that enables you to track all data movement across the organization from a single point. 1 The TCP/IP Guide, URL 3

4 Market Drivers Security and Compliance Many federal regulations are making MFT not only a better option but the only option. Data transfers are often performed by a myriad of file transfer products that vary widely in terms of robustness, security and audit capabilities. All efforts to provide an end-to-end view fail as long as file transfers are processed separately using different technology. The same issues that prevent the end-to-end view also prevent a streamlined approach for compliance management and auditing. As the enterprise-wide deployment of legacy file transfer products is cost prohibitive, most organizations are riddled with file transfer products, tools and utilities that cannot interoperate. With the amount of data transferred by organizations increasing every day, it is imperative to standardize on a modern, cost-effective solution that adheres to current security and audit requirements including: Sarbanes-Oxley Act (SOX) Gramm-Leach-Bliley Act (GLBA) Health Insurance Portability and Accountability Act (HIPAA) SOX and Managed File Transfer Title II consists of nine sections and establishes standards for external auditor independence to limit conflicts of interest. It also addresses new auditor approval requirements, audit partner rotation, and auditor reporting requirements. It restricts auditing companies from providing non-audit services (e.g., consulting) for the same clients. GLBA and Managed File Transfer Part of GLBA, The Financial Privacy Rule governs the collection and disclosure of customers personal financial information by financial institutions. It also applies to companies, regardless of whether they are financial institutions, who receive such information. The Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information. HIPAA and Managed File Transfer This legislation requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. It helps people keep their information private. Managed File Transfer solutions address all of these regulations and provide greater functionality, not only for security and compliance, but also by providing file transfer transparency throughout your entire organization. 4

5 Another issue driving the market to evaluate a Managed File Transfer solution is data breaches. Data security breaches occurring at reputable corporations with large IT budgets have become an increasingly common occurrence. Too many organizations underestimate the issues with data transfer, lacking a full understanding of how data moves internally throughout their enterprise and how data is exchanged with their business partners. With an increasing number of data breaches worldwide, many companies are asking themselves if FTP/SFTP solutions are worth the risk despite the no-to-low cost. According to the ITRC s (Identity Theft Resource Center) 2009 Breach List Report, only 2.4% of all breaches had encryption or other strong protection methods in use. Only 8.5% of reported breaches had password protection. It is obvious that the bulk of breached data was unprotected by either encryption or even passwords. For any organization that transfers sensitive data, this is a business-critical issue. Whether you are in the healthcare, financial or government sector, using unsecure methods of file transfer puts your business, partners and clients at risk. Managed File Transfer What Can It Provide Your Business? Any credible Managed File Transfer vendor provides the following functionality: Security Visibility Manageability Reliability Compliance A true Managed File Transfer solution supports the most modern security standards and methodology including SSL encryption, X.509 certificates and proxy certificates. The solution should streamline the audit process while also being able to access that audit information from a central point, saving you time and money. Additionally, Managed File Transfer solutions should integrate with all components enterprisewide to increase automation and reduce the need for specialized staff. This allows your staff to follow all elements of a business process and determine the impact of problems or issues on your business from a central control point. Establishing the technical issue before it becomes a business/operational problem is key MFT functionality. Your Managed File Transfer solution should include functionality that allows data to be pre-and post-processed. You should be able to initiate action on any platform in your environment. Platform independent Managed File Transfer solutions lower your overall costs by reducing overhead. 5

6 What happens if there is a network failure? Managed File Transfer solutions ensure that all interrupted file transfers resume where they left off after a connection failure without manual intervention. Your Managed File Transfer solution should tightly integrate with your existing job scheduling solution to issue alerts if connections are not re-established after an acceptable time interval. As previously mentioned, the red flag question for companies is: Are your processes compliant and secure? All Managed Transfer solutions should adhere to current security and audit requirements including SOX, GLBA and HIPAA. Benefits of Managed File Transfer A Managed File Transfer solution provides the aforementioned benefits and addresses the holes in a FTP/SFTP solution. Your compliance needs are met, avoiding costly mistakes from noncompliant and insecure solutions that will cost your company more in time, money and resources. A Managed File Transfer solution implemented enterprise-wide makes the most business sense as it provides secure internal, external and ad-hoc data transfers. What to Look For So now that you know what a Managed File Transfer solution should provide, what do you look for when selecting a vendor? Besides the functionality listed above, make sure the following points are answered before implementing a Managed File Transfer solution: What is the vendor s experience? Do they have client references that you can call? Is the vendor flexible and cost-effective? Does the vendor s Managed File Transfer solution integrate with other workload processes? Does the vendor enable consolidation and automation of all file transfers? While this functionality helps your company remain compliant, secure and reliable, should you be looking for more? At Stonebranch, we believe in Intelligent File Transfer. 6

7 Opswise Managed File Transfer, Stonebranch s Intelligent File Transfer Solution While you may or may not have a Managed File Transfer solution in place, you may still be having one or more of the following issues: Your existing tools lack functionality, causing you to spend too much time and manual effort to compensate for this lack of functionality. You have products with the above functionality, but the solution is too complex and expensive to be deployed everywhere the business requires. Your existing vendor is overcharging you and is too inflexible to meet all of your needs. You have too many products and need an intelligent strategy to consolidate and move forward. Stonebranch s Intelligent File Transfer solution takes Managed File Transfer to the next level by addressing and meeting your critical business needs through: Business-driven Visibility Proactive Monitoring Streamlined Business Processes Informed Decision Making Affordable Total Cost of Ownership (TCO) Business-driven visibility enables your business to drive your visibility requirements, not your vendors. Stonebranch s Intelligent File Transfer solution delivers flexible visibility tools and capabilities to meet your own business and operational needs. Whether it s a large North American retail chain that depends on us for centralized data center file transfers or a global automobile manufacturer that needs to transfer data to various business partners, Opswise Managed File Transfer meets the increased demand for transparency across your organization. Why wait until a technical issue becomes a business problem? Opswise Managed File Transfer s proactive monitoring gives you the maximum possible time to address a technical issue. An international financial company transfers data with Stonebranch for 500 partner banks to more than 4,000 servers. Daily volume exceeds 50,000 files transferred. If they wait until a failed transfer to discover the problem with their partner s servers or networks, it is too late. As the old adage goes, Time is money. Does waiting for data cost your business revenue? Stonebranch s Intelligent File Transfer solution optimizes the integration of file transfers with your business processes to avoid delays and help you maximize revenue. A global financial institution using Opswise Managed File Transfer is able to securely transfer files to its external trading partners without disruption to its partner s current business processes. Additionally, they are able to incorporate their back-end processing with no interruptions to their daily operations. 7

8 Intelligent File Transfer means that you have intelligent data to support your ability to analyze and plan. Stonebranch s Opswise Managed File Transfer ensures that your Managed File Transfer environment runs effectively and efficiently, providing historical data to make informed decisions. One Stonebranch customer, a global reinsurer company, analyzes trending data for financial application files to keep track of projected file system needs in order to prevent failures. Software cost does not stop with the purchase price. Opswise Managed File Transfer provides real value through our pricing model, integration capabilities and ease of use. A global reinsurer company uses Stonebranch to run transfers over three continents to more than 1,000 servers and manages workloads with 2.5 FTEs. Another customer found that deploying Stonebranch was more cost effective than the administration overhead of managing SFTP. Next Steps Contact Stonebranch Want to learn about how Opswise Managed File Transfer enables Stonebranch s clients to save valuable time money and resources? Visit us at Join us for a technical overview on Opswise Managed File Transfer by visiting our Web site and registering for a Webinar: 8