Why organizations that don’t manage file transfers are reckless
Posted on | June 1, 2010 | add a comment
Think of all of the different types of digital files necessary to do many of the basic tasks of commerce. Think of all the ways you copy, move and manipulate digital files as you hustle to complete mission-critical tasks. Have you ever paused to contemplate some of the most basic security risks? In this LastWatchdog guest post, Taher Elgamal, CSO of business systems integrator Axway, contends too many organizations are not going through this basic exercise, though they should.
by Taher Elgamal
According to a new report – titled “Why Encrypt? Federal File Transfer Report†– most Federal employees simply don’t think twice before they send a file—don’t think twice about its value. This presents a big problem for the Federal government – and major implications for enterprises that use traditional file transfer protocol (FTP). Today, the organization that uses traditional FTP commits a reckless act. The specter of the consequences of this recklessness keeps many public officials awake at night, and rightly so.
The Federal Transfer Report uncovered reckless behaviors among government employees. Specifically, the report found that the majority of Federal employees regularly use unsafe methods to transfer files:
- 66% use physical media (e.g., tapes, CDs, DVDs, USB drives, etc.)
- 60% use FTP
- 52% e-mail work files through personal e-mail accounts (e.g., Gmail, Yahoo, etc.)
These findings have major implications across all industries. Putting a stop to this recklessness should be a priority – but here are two reasons it isn’t a major priority for so many executives.
First, executives and their staff simply aren’t aware of the risks they’re taking. Like teenagers engaging in dangerous social behaviors, they simply cannot imagine that their actions could have dire, expensive consequences. The Federal File Transfer Report indicates the importance of not only educating management within Federal agencies about solutions that best fit their environments, but also increasing awareness among employees so that they understand the importance of changing their practices and the security implications if they do not.
Second, the proper tools for conducting organizational communications are poorly understood—sometimes even unknown—to users in most industries, despite being widely available for many years now.
One industry fully understands the value of these tools: the banking industry. For a bank, file transfer is the mission-critical application that makes settling accounts by the close of business each day possible. To guarantee the privacy, integrity, and the timeliness of the data—a big consideration for meeting service level agreements, but merely wishful thinking when a file must journey through the wilderness of the Internet—the industry adopted managed file transfer, a type of file transfer solution.
Why is it called managed file transfer? Because file transfer is a business issue, not merely a privacy issue. It’s about meeting the agency’s mission or organization’s business need. Does the service level agreement demand that three recipients receive copies? Or that the file transfer must complete in less than a minute? Or that delivery receipts must be provided to the sender and logged for auditing purposes? Because if it does, traditional file transfer can’t help you with any of that.
Today, an organization’s staff doesn’t have to think twice before sending a file; doesn’t have to think twice about its value, thanks to managed file transfer solutions. Again, it’s all in the tools. The tools put a stop to the recklessness.
One final note: these tools are not new. They’ve had many revisions over the past decade. They’ve been fine-tuned to meet the business needs of specific industries. Once organizations are trained on these tools and recognize that using them effectively is incredibly easy, the threat of data insecurity will diminish dramatically. While the Federal File Transfer Report focuses on the Federal government – these same reckless behaviors can result in lost intellectual property, breached information, violated regulations, and missed service level agreements across industries. Awareness and the proper tools can allow most C-level executives to rest easy and not have to think twice.
About the Author
Dr. Taher Elgamal is the Chief Security Officer of Axway. He is a leading expert in computer, network and information security. Recognized in the industry as the “inventor of SSL,” Elgamal led the SSL efforts at Netscape and throughout the industry. He wrote the SSL patent and promoted SSL as the Internet security standard within standards committees and the industry. He invented several industry and government standards in the data security and digital signatures area, including the DSS government standard for digital signatures. Elgamal has public-company board experience with RSA Security, hi/fn, Phoenix Technology and Tumbleweed Communications. He holds a Ph.D. and M.S. in Computer Science from Stanford University and a B.S. in Computer Science from Cairo University.