Using a Managed File Transfer technology to prepare your customers for the GDPR (whatever is next) Richard Chapman Regional Manager MFT Division 4 th Nov 2015 November 19, 2015
Over two thirds of IT professionals surveyed say they need to invest in new technologies or services to help prepare their business for the impact of GDPR
The GDPR : what is it? 1 year ago 56% respondents did not know what GDPR meant What it s not Gross Domestic Product of a Region Global Defense Posture Realignment Group of deputy Permanent Representatives Grateful Dead Public Radio Ipswitch - GDPR research results 3
The GDPR : what is it? EU General Data Protection Regulation Replacing data protection regulations in 28 member states Implementation by the end of 2017 Covers all Personal Data held by an organisation Ipswitch - GDPR research results 4
GDPR: Key Points Consent From Customers, Staff & Suppliers Includes Data already held Privacy by design Data portability Customers right to have a copy of the data Data erasure The right to be forgotten Disclosure Notify authorities within 72 hours of a breach Notify affected users within 72 hours Penalties Fines of up to 1m or 2% of global turnover Ipswitch - GDPR research results 5
How will it impact your customers? All Parties involved with personal data are liable should a breach occur both a company and any service provider
VansonBourne Research 300 IT professionals were interviewed in July 2015, split in the following ways... organisation size from a range of sectors across three European countries Financial services 64 110 105 Manufacturing Telecommunicati ons 53 45 100 100 Retail 39 85 1,001-3,000 employees 3,001-5,000 employees More than 5,000 employees Distribution, logistics and Energy and utilities Other commercial 38 20 41 100 Germany UK France Ipswitch - GDPR research results 7
The financial burden of data protection 68% say that keeping up to date with data protection is a financial burden 12% 20% 68% Yes, it is a burden Not sure No, it is not a burden Ipswitch - GDPR research results 8
The financial burden of data protection 68% say that keeping up to date with data protection is a financial burden British businesses 77% 20% 12% 68% Yes, it is a burden Not sure No, it is not a burden Ipswitch - GDPR research results 9
Personal data usage in organisations Most businesses are using personal data Store 90% Email Secure managed file transfer (MFT) 62% 54% Process 86% Files sent through a business system 52% FTP transfer 43% Collect 85% Cloud sharing sites: Dropbox/Box/Use 43% Share 40% External storage such as USB keys Post/mail 28% 22% Ipswitch - GDPR research results 10
Investment is needed for GDPR New technologies will be important for the GDPR 16% 15% Encryption technologies Analytic and reporting technologies 62% 61% 69% Perimeter security technologies File sharing technologies 42% 53% Yes, there will need to be investment No, there will not be any investment needed Not sure Mobile device management Don't know 3% 39% Ipswitch - GDPR research results 11
Training needs for impact of GDPR A large proportion have not allocated training budget and resource 19% 51% 30% We havetraining budget allocated for GDPR preparations We do not have training budget allocated for GDPR preparations Not sure Ipswitch - GDPR research results 12
The impact of GDPR on businesses Businesses are likely to be impacted 18% 13% 69% Yes, it will have an impact No, it will have not have any impact Not sure Ipswitch - GDPR research results 13
What Should IT Professionals be Doing? Risk based approach Identify all the critical processes and assets Evaluate their vulnerabilities and threats Set the priorities towards compliance with GDPR Considerations Whether is data encrypted & backed up Vulnerability to Malware Potential for human error
How does MFT fit into the GDPR picture? November 19, 2015
Data protection requirements are becoming progressively more demanding. Strong encryption is generally expected for external transfers of personal data, as well as documented data flows, tighter control of administrators, and annual auditing. David Lacey - The Practical IT Director s Guide to Controlled & Compliant Information Exchanges
Moving Files is Business-critical Legal Documents Loan Information XML Data Files X-Rays Purchase Orders Patient Records Insurance Claims Account Statements Test Results Customer Information Large Video Files Credit Card Payments
When infrastructure is deployed a key step is often overlooked Ocean Carrier External Rail Operator Warehouse Internal Planning and Management Consolidator Inventory Express Carrier Forwarder Message Warehouse Accounting Agent ERP Shipping Air Carrier Customer Supplier Receiving
When infrastructure is deployed a key step is often overlooked What is that Line?
Files Move Across the Borderless Enterprise between Systems and People System-to-System System-to-Person Person-to-Person Person-to-System
I already have a File Transfer System. Why change? Improve Security End-to-end encryption Integrate to IT security infrastructure Push/pull files without direct external access to trusted network Data back-up with no data loss Improve IT Responsiveness Quickly automate file-based tasks without programming required Empower end-users to on-board partners and get file status 24/7 file transfer operations Reduce Costs Monitor all file transfer activity and track performance in one place Automate report creation and distribution for cost effective SLA and regulatory compliance Flexible scale to meet growing demand without configuring new systems
I already have a File Transfer System. Why change? Improve Security End-to-end encryption Integrate to IT security infrastructure Push/pull files without direct external access to trusted network Data back-up with no data loss Improve IT Responsiveness Quickly automate file-based tasks without programming required Empower end-users to on-board partners and get file status 24/7 file transfer operations Reduce Costs Monitor all file transfer activity and track performance in one place Automate report creation and distribution for cost effective SLA and regulatory compliance Flexible scale to meet growing demand without configuring new systems Demonstrate Compliance
Volume & Complexity Outrun Staff 9% 11% Year over Year File Transfer Growth 7% 2% End Users Needing to Transfer Files Volume of File Transfers Size of Files Transferred IT Staff Growth
Basic FTP is no longer enough FTP turned 44 years old early 2015. File Sizes are growing Volumes are increasing Compliance requires encryption
Impact of Digital Do-it-yourself File Transfer Cost of lost data is high. Cost of non-compliance with regulations is high. The cost to maintain existing systems is high. >$125,000 additional cost every year* Cost of traditional FTP systems vs a managed file transfer solution: Assuming 10,000 files transferred per year organization-wide 4% 5% of all transfers contain errors 4 5 hours per incident to troubleshoot/fix $55 / hr cost for IT admin (salary and overhead) * Aberdeen report, 2013
Secure automated file transfer - MOVEit Managed File Transfer
MOVEit supporting GDPR requirements Protecting Personally Identifiable Information (PII) Support for secure open standard transfer protocols End-to-end encryption, guaranteed delivery and non-repudiation Automated file management policies Managing PII Automated file exchange Managed ad hoc exchange Policy based file access and data loss protection (DLP) Managing System Exposure High availability and disaster recovery Monitoring and reporting for auditing and forensics Trading partner provisioning and management Ipswitch - GDPR research results 27
GDPR Compliance Checklist Requirement Existing Solution MOVEit Encryption of data in transit Encryption of data at rest Strong authentication Automate file based tasks User Ad Hoc secure file transfers Guaranteed delivery Integrates with existing security controls Tamper evident audit trail Monitor all file transfer activity Exception notification Automated report creation & distribution Ipswitch - GDPR research results 28
GDPR takeaways EU wide General Data Protection Regulation Privacy by design Data auditing Harsh penalties Data Protection regulations will be a driving force for the future of IT Security 42% of respondents investing in Secure File Transfer Ipswitch - GDPR research results 29
Richard Chapman Regional Manager MFT Division 4 th Nov 2015 November 19, 2015
FTPS, SFTP, HTTP/S HTTPS FTPS, SFTP, HTTPS MOVEit Managed File Transfer Partner integration: secure external access or automated push FTPS, SFTP, HTTPS, AS1/AS2/AS3 OPEN PGP, ZIP OR OTHER PROCESS FTPS, SFTP, HTTPS, AS1/AS2/AS3