member sign-in
Forgot password? Create new account Close

Manage and Secure file transfer

Definition

A set of technologies focused on secure data transfer and the exchange of information between companies and organizations. Solutions for automated exchange, ad-hoc transfers and permanent linkage are available. In each case, the aim is to replace comparatively insecure FTP (always a popular point of attack for hackers and crooks) and other simple file transfer processes with a sophisticated, highly secure conduit.
These technologies also allow management of communication partners and strong authentication capabilities. The solution aims at protecting especially sensitive data in compliance with legal and regulatory guidelines.
It is not to be confused with an Information Rights Management system since it does not actively regulate which activities may be performed by the rightful recipient of the data.

User Benefits

These technologies protect sensitive data sent over the internet allowing securely and efficiently exchange sensitive information with business partners, customers, suppliers and subcontractors using ad-hoc, manual or automated file transfer on a single platform and main benefits are:

  • Protect reputation: using security technologies that centrally protect all your sensitive files whether in transit over the internet or at rest within organizations.
  • Remove IT dependence to accelerate business: greater volumes of data are now transferred easily and a variety of file transfer interfaces allows organizations to select the most appropriate method for their business and all interfaces are managed on a single platform.
  • Visibility and control: better control all processes with central management and monitoring and meeting compliance and privacy requirements.

Business Impact

This type of technologies replaces FTP and homegrown file-transfer processes which are unsecured and suffer from high total cost of ownership. Using Secure File Transfer, companies allow the automation of file-transfer operations that are currently operated manually using disks, couriers, USB flash drives, which are expensive and vulnerable to security breaches and have secure solutions that enable users to send large files to outside parties, without relying on email servers to handle large attachments.
Implementation on this technologies decreased investigation data transfer time from days to hours and improve operational responsiveness and productivity.
As organizations understand the need to share proprietary, confidential information with outside parties, you must consider several key challenges:

  • Centralized management and complete visibility of all file transfer activity—regardless of the protocol being used and/or the type of transfer.
  • Secure file exchange to outside parties while minimizing IT overhead for each new connection.
  • Address threats to file transfers, connectivity security, and preventing sensitive information leakage.

Products supporting this technology

Cyber-Ark

FTP has made moving large volumes of bulk data between any two entities including file servers, applications, and partners. However, FTP (and other communication protocols such as HTTP and SMTP) does not, on their own, provide a way to secure or manage the payload or the transmission. Yet, regardless of the lack of security and management capabilities, many companies have continued to transport large batches of structured and unstructured data using these protocols.

Numerous factors cause companies to re-examine how they manage the movement of information from system to system, partner to partner, and person to person. The day-to-day needs of file transfer between the organization and users or systems which are not part of the enterprise are growing. Distributing data from back-end systems to customers, or sharing information with partners and other external users - these types of communications are becoming vital for e-Business.

Financial reports need to be distributed to business customers; legal and financial information need to be shared with lawyers or board members who are located outside of the enterprise; highly-sensitive clinical trial information is shared among research laboratories, medical professionals and federal institutions. Payment or salary wire-transactions are also examples of day-to-day file transfer needs, as well as contracts, patents, and other types of sensitive information that is exchanged or shared on a regular basis with external entities. FTP alone is not a viable option to give organizations the insight, security, performance and, ultimately, the risk mitigation necessary to responsibly conduct business.

Traditional e-mail, Peer-to-Peer (P2P) solutions and File-Servers, Share Point portals, FTP and FTP/S server, HTTP and HTTP/S file transfers, home grown solutions, couriers who carry tapes or CDs, and Value Added Networks (VANs) – all these transfer means are managed separately. Access control should be set, audit logs should be maintained, and monitoring tools should be deployed to make sure all transfer systems are available and operational, so business processes are not disrupted. Unnecessary IT efforts are invested in managing these systems separately, and security risks are imposed because there is no standard centralized system to manage all access control, provision all external users, audit and monitor all transfers, regardless of their protocol, and regardless of whether they are automated or manual transfers. In addition, some of these file-transfer methods impose a security risk, as they are either prone to human error or simply make sensitive data available on the Internet. For example, frequently P2P users will unintentionally expose sensitive data on their laptops, or the FTP server in the DMZ contains sensitive data received from or sent to a third party, but while on the FTP server the data is exposed to the internet.

Encrypted e-mail or Secure FTP are not the answer. Encrypted e-mail or Secure FTP may be considered to protect sensitive data exchange. However, organizations that have implemented such solutions find them complex and hard to maintain, as managing certificates and encryption keys is a complicated and resource-consuming task. Moreover, strict e-mail policies prevent customers from receiving encrypted e-mails, and content filtering systems prevent them from receiving encrypted FTP files. All these issues often make encrypted e-mail and FTP solutions not feasible for sharing files with external entities such as customers and partners.

Critical file transfers must be reliable and scalable. In many organizations, critical file transfer operations are based on home-grown systems and scripts, mostly using FTP or e-mail as the underlying technology. As the business grows and requirements are more demanding, these types of solutions often fail to meet business needs. In many cases, when an important file delivery fails, it is hard to track and quickly locate the problem. More importantly, it is almost impossible to prevent data corruption or leakage, as FTP or e-mail solutions do not provide data encryption on the file/FTP server which can be accessed by any administrator or when the FTP or e-mail server is hacked. In addition, the increasing amount of file-transfer conducted on a daily basis suggests that a file-transfer solution must be scalable and grow along with business needs, at no extra cost to the infrastructure.

Sensitive information file transfer requires extra care. Just as you would not keep your jewelry in your coins jar, sensitive information requires a different management approach. When sensitive information is compromised, the implications on the organization can be catastrophic. It could also affect the party with whom this information is concerned, and damage the organization's reputation. For example, imagine a next-generation's product design files being exposed, financial transaction files compromised or the results of an NDA agreement exposed before the deal is closed. Other than the implications on the organization itself, there are also regulation issues of personal liability for mismanaging sensitive information.

According to a data breach investigations reports, nearly 80% of data breaches were caused by someone outside of the organization, out of which 40% were caused by an external user who shared a business relationship with the victim. The rest of the data breaches (20%) were caused by insiders. Looking into the impact of these attacks, breaches caused by partners and breaches caused by insiders were those with the most significant impact. 60% of the breaches (40% causes by partners and 20% by insiders) yielded nearly 95% of the damages. The outcome is clear – a file-transfer solution must provide adequate security measures to protect the sensitive information and the internal network from trading partners, to assure that sensitive data cannot be accessed or modified by insiders, and provide strict audit that logs both file-transfer activity and administration activities, such as user management or changes of access control.

As more and more companies realize that traditional solutions are not anymore an option for secure file transfer Managed and Secure File Transfer is beginning to be perceived as a necessity, not an option.

From a business standpoint, a strategic file transfer solution should enable continuous and seamless business activities across all departments, users and systems. It should be reliable, scalable and flexible, so that instead of being a challenge to the business processes, it can support and improve them. It should do so by assuring a reliable file transfer that assures faster delivery, reducing business process cycle time, and by scaling up along with business expansion and its growing needs.

From an IT/operational standpoint, a strategic file transfer solution should provide a centralized way to manage all file transfers, regardless of the protocol or type. Whether FTP, HTTP, e-mail or courier, whether automated or manual, whether triggered by a system, application or an end user – centralized administration, monitoring and access control management is the only way to manage your file-transfers properly.

In addition, the solution should provide ways to simplify external user management, reduce overhead when connecting each and every one of the external users, and reduce ongoing costs of connecting new trading partners and customers.

From a security standpoint, the solution must provide the means to protect the data while waiting to be sent or retrieved and during its transmission. Adequate access control, auditing, encryption and strong authentication are security measures which need to be applied. Moreover, these security measures should also be applied not only to protect the data, but also in order to address compliance requirements for regulations such as PCI, SOX and HIPAA. In addition, the solution must ensure that the internal network will not be compromised by the increasing number of external users with whom the organization is conducting e-business.

Current challenges for MSFT systems include adaptability to the wide variety of business and technical requirements for file transfers within a wide variety of organizations and the ability for the capacity of MSFT systems to expand along with an organization's growth.

Manage and Secure File Transfer refers to a class of product that manages, secures, centralizes, and automates the transfer of files inside and outside of an organization. There are numerous MSFT vendors, and at the core of an Managed and Secure File Transfer solution is often an FTP server or an SFTP (uses SSH) or FTPS server (uses SSL) that provides encrypted file transfers. Many MSFT solutions also include provisions for sending files via SMTP, HTTP, or HTTPS. Still others rely on proprietary file transfer protocols, and include separate compression and encryption capabilities.

But MSFT is not merely a collection of FTP, SMTP, or HTTP servers. On top of the transport layer, MSFT solutions produce and provide full audit trails showing who transferred what files to where, and how and when they did it. This adds security to basic file transfer activities, and gives MSFT a hand in regulatory compliance.

Managed and Secure File Transfer also includes elements of automation, such as the capability to execute jobs when specific files arrive in specific folders, and to alert IT managers of unexpected situations. This allows Managed and Secure File Transfer products to eliminate complicated scripting and reduce the need for expensive programming expertise.

Managed and Secure File Transfer also identifies and records successful and failed file transfers to a customer or a partner. This provides elements of non-repudiation, and can help prevent those embarrassing instances where an organization isn't sure if a critical transfer actually worked.
A good way to think of Managed and Secure File Transfer is as a "framework" for modern and secure FTP.

Automation Benefits of Managed and Secure File Transfer

Historically, programmers write scripts to automate batch-style FTP functions. This works fine on a limited scale, and if configurations rarely change. But relying on scripts can quickly become cumbersome when an organization is exchanging data with a lot of customers and partners, and when things like passwords, libraries, and IP addresses are constantly changing.

A solution was to write a script around FTP or SFTP. But what happens is that the companies will be limited by these protocols and the utilities that leverage those protocols. For example how do you know for sure a file has transferred completely without any corruption? That's something that's challenging to do in context of FTP or SFTP script.

Another example is when you encounter a network glitch. Knowing when that happens, when the failure occurs, and having file transfer agents automatically retrying that transfer, is something that's challenging to do with scripting and something that a good MSFT solution is going to offer."

A lot of vendors use proprietary protocols that drive more intelligence into file transfers with features like check point restarts and cyclic redundancy checks. Many MSFT products also resemble scaled-down job schedulers. For example, a Managed and Secure File Transfer product could be configured to perform several steps in response to the completion of a file transfer, such as convert a file into an Excel document, encrypt the document, and then distribute it via e-mail. Others can hook into schedulers via APIs or SOAP calls. Keeping up with all the different protocols, including FTP, SFTP, FTPS, HTTP, HTTPS, and SMTP, is also a challenge for the producers. It is also a  lot of effort to build all different connectors and to be able to handle all the different formats to truly be able to connect to just about any system.

Security Benefits of MSFT

Managed and Secure File Transfer provides better security over basic FTP in three main ways: authentication, encryption, and logging.

FTP relies on user names and passwords for authentication. Security is improved somewhat with FTPS, which delivers files securely over the Internet through an encrypted SSL tunnel, and implements certificate-based authentication. The competing standard SFTP, also creates an encrypted link, and uses passwords or keys for authentication.

But neither SFTP nor FTPS completely alleviates all security concerns if an organization has automated its FTP routines with scripts. Most companies don't know how to properly protect the user names and passwords and when the FTP script is opened user names and passwords can be seen right in the clear. It's something that companies are getting dinged on by auditors. It not only exposes you, but it exposes the business partners too.

Managed and Secure File Transfer solutions address this security concern by encrypting user names and passwords and storing them in a database. Regulatory compliance is a big driver for MSFT, not only in terms of encrypting data transmissions and providing a framework for authentication, but also in terms of logging. MSFT lets organizations know from an auditing point of view whose transferring sensitive information between systems and people, and whether those transmissions are successful and it also allows rolling that up into compliance report for PCI and other standards.

  • manufacturer