Archive for the ‘FTP’ Category

« Older Entries

Learning from Morgan Stanley’s Data Breach

Wednesday, July 13th, 2011

Morgan Stanley Admits to Loss of Unencrypted CDs” reads the latest data breach headline in SC Magazine. I can’t help but shake my head as this could have been easily avoided.  The lost information contained 34,000 client account and social security numbers, among other confidential data.  The CDs were delivered in tact to the New York State department of taxation and finance’s mail room and disappeared somewhere between there and the intended recipient’s hands.

IT departments worry about data security and do their best to put systems in place to prevent this kind of data breach.  So how does it happen?  Some of the biggest risks come from employees who work around an IT mandated solution.  In this case, it looks like there was a file too large for either Morgan Stanley’s, the recipient’s, or both systems’ email restrictions.  For the employee who opted to mail the unencrypted CD, the magnitude of the potential loss and risk involved may have never crossed their minds or took a backseat to Getting the Job Done.

You, as an IT professional, can easily save the day and provide a way for your users to share information and collaborate securely.

In addition to banning CDs, thumbdrives, free dropbox-type of applications, FTP or USB sticks, implementing secure file sharing technology such as Accellion’s helps enterprises securely share files in a way that can be seamless to employees and their intended recipients.  With Accellion, you can track and manage who has sent and downloaded what file, where, and via what device.

Since Accellion supports any file format and size, I suspect Morgan Stanley’s CDs were used to transfer files an Accellion user would’ve been able to send easily.  With Accellion, shared files are stored securely on a server, so issues with the recipients’ email storage limits are also bypassed.  And the file is encrypted in transit and at rest.

Some of the world’s leading financial services organizations use Accellion to protect their sensitive data including: AEW Capital Management, American Capital, Australian Unity, Bank of Scotland, Bank of Spain-Miami (Banco Santander), Cigna WorldWide Insurance Company, Covenant Bank, Deloitte & Touche CA, Georgia Bank and Trust, Farmers Insurance Group, Federal Credit Union, HeathMarkets, IMA Financial Group, Inc., KPMG, MIB Solutions, PFS Global Ltd., Princeton Financial Systems, United Community Bank, ViewPoint Bank and Xpress Holding to name a few.

Financial services firms need to protect their sensitive data in a way that’s easy-to-use for employees and easy-to-manage for IT staff.  Accellion solutions can help.

Posted in Accellion, Data Breach, Data Security, Email Attachments, Financial, FTP | No Comments »

Forget the iPod, who wants a cassette deck?

Tuesday, April 19th, 2011

Last weekend marked the 40th anniversary of the introduction of the File Transfer Protocol (FTP). While FTP certainly isn’t pretty to use, it has served a purpose.  Originally designed to enable programmers to move files between systems, FTP has continued to serve that purpose nobly for the past 40 years.

However IT departments who have used FTP as the basis for employees to share files across the enterprise, have had less successful results.

Giving FTP to business users as a file sharing solution is akin to imagining your users would be happy using a 40 year old music player rather than an iPod.  As great as the high fidelity cassette deck was when introduced in January of 1971, which would you choose today: the cassette deck or the latest iPod?

 

Photo caption: On January 1, 1971 the high fidelity cassette deck was invented.

FTP sites are notoriously difficult for business users to use and time consuming for IT to administer.  They require too many IT hours for account set-up and there is no easy way to know who has active accounts and who has accessed a particular file. IT administrators are left responsible for creating and deleting accounts and files, an important but tedious process that too often gets pushed to the back burner.  When files and FTP accounts are not terminated in a timely manner, businesses are exposed to security risks.

It’s time to move on.  Technology continues to evolve. Think how much happier your users will be with the file sharing equivalent of the iPod – it’s called Accellion Secure File Transfer and Collaboration.

Posted in Accellion, FTP, Product | No Comments »

Accellion in Action: National Park Service

Wednesday, March 9th, 2011

The Federal Times ran an article yesterday on how IT organizations can make information sharing easier by giving end users more control.  The article featured an interview with Accellion’s customer, The U.S. National Park Service.  An excerpt is here:

The National Park Service has some 140 projects in the works thanks to stimulus spending — everything from Everglades restoration in Florida to the rehabilitation of the Reflecting Pool on the National Mall.

All these projects come with paperwork. Documents, drawings, maps and blueprints all must be shared by architects, engineers, construction teams and management partners. E-mail won’t cut it, said Edie Ramey, division chief of information management at the Park Service’s Denver Service Center. Files are too big, security too uncertain and recipient lists too hard to keep current.

The Park Service solves the problem with a mix of technologies. It uses secure file transfer software from Accellion of Palo Alto, Calif., to manage the motion of so many very large documents, then makes the end product accessible in SharePoint for all the relevant parties to share.

The solution solves two integral questions in the world of collaboration: who gets in and who stays out.

“It’s all about the security,” Ramey said. “We used to have something that was basically a big old file-share. Anyone could get in with a generic password and address. They would have access to any files on the [shared space], not just their project files that I would give them permission to see.”

More and more we are seeing IT organizations work to provision their employees and external collaborators with  easy-to-use tools to increase productivity, while ensuring the enterprise organization the security protection it needs. With Accellion, this can be done easily while making the most of investments IT organizations have already made in technologies like SharePoint.

This means the US National Park Service can enjoy securely sharing information almost as much as we enjoy U.S. National Parks.

Posted in Data Security, Email Attachments, FTP, Government | No Comments »

7:19 am and I’m already in ftp hell

Thursday, September 2nd, 2010

It’s another bad day in the world of FTP – it’s 7:19 am and FTP is already acting up.  No one should have to start the day like this. Here are some of the tweets this morning bemoaning problems with FTP.

“7:19 am and I’m already in ftp hell.”
“Methinks I’ve got the slowest FTP server in the world.”
“30 mins to update a ftp password? It’s a lot of time…”
“Whyy must u be so slow ftp server!!”
“I hate slow FTP speeds :(
“These files are huge. It’s been a half hour and counting. One little blip in the FTP and I’m f’d.”
“The road to ftp hell is paved with bad connections.”

Perhaps tomorrow will be a better FTP day, but probably not.  Read why FTP is a Failure to Provision for file transfer.

With Accellion, every day is a great day to send files.

Posted in Accellion, FTP | No Comments »

Back to School – No File Left Behind

Tuesday, August 31st, 2010

It’s back to school time.  As I read through the stack of back to school forms, looking for the dotted lines for the parent signature, my eyes stopped abruptly at the sentence “flash drive strongly recommended”. Nooooooo – this is where it all begins.  Innocent young minds being corrupted with the idea that transferring files on a flash drive is a good idea.

Faculty, students and staff need to be able to easily collaborate, exchange ideas, and share data including student records, faculty and staff employee information, academic work and research data. However FaceBook, MySpace, IM, P2P and USB sticks are not the answer for secure file transfer.

We’ve had an educational initiative program at Accellion for a number of years that provides free student licenses to any educational institution that purchases licenses for all its faculty and staff.  Harvard, Stanford, UC Berkeley (Go Bears), University of Chicago, University of Tennesse, Pepperdine, Texas A&M, Kent State, University of Colorado are just a few of the universities using Accellion secure file transfer.

It’s never too early or too late to learn how to send files securely. No matter whether your users are students or employees, Accellion wants everyone to get an A grade for file transfer security so we are offering an Accellion Back to School promotion for purchases made before September 30,2010.  Contact Accellion sales at sales@accellion.com or 650 739 0095 before September 15, 2010 for details.

Posted in Accellion, Email Attachments, FTP | No Comments »

Data Breach Disease Strikes NHS – Again

Tuesday, August 24th, 2010

Yet again, an NHS trust is hit by a data breach, as reported in SC magazine today.  This time a CD of patient data was found at a bus stop. This is not to be confused with the data breach from the USB stick containing medical records that was found in a UK car park.

It is barely a month since we blogged on this topic, NHS Trusts Failing to Protect Information, and the Information Commissioner’s Office (ICO) issued a press release with the ominous title Poor Data Security in the NHS.  Earlier in June, Mick Gorrill, head of enforcement at the ICO, said: “Everyone makes mistakes, but regrettably there are far too many within the NHS. Health bodies must implement the appropriate procedures when storing and transferring patients’ sensitive personal information. We have taken a number of steps to explain the importance of personal data to NHS bodies and help them comply with the law. We will continue to do so.”

Looks like Mike and the ICO have their work cut out for them. Here is a checklist of to-don’ts that the ICO might find helpful in their data protection enforcement efforts with the NHS trusts.

• Don’t use USB sticks for transferring confidential patient data
• Don’t use CDs for transferring confidential patient data
• Don’t post confidential patient data on unsecure FTP sites
• Don’t allow use of P2P file sharing on NHS computers

Also our earlier blog posting Top 3 File Transfer Security Mistakes should be required reading for all NHS trusts.

Posted in Accellion, Data Breach, Data Security, FTP, Healthcare, P2P, UK | No Comments »

FTP – Failure To Provision for File Transfer

Thursday, August 19th, 2010

For many organizations FTP is the only provision made for file transfer, yet FTP is actually a failure to provision.  Why is it that businesses do not think twice about provisioning their employees with a phone, an email account, a desk, a chair, yet provisioning an employee to send files is an after thought at best?

FTP has to rank among the worst business tools for file transfer.  Other than the occasional software developer is there really anyone who likes FTP?  FTP is not easy to use for business users, requires a lot of hand holding by IT, and the lack of file cleanup creates security risks for organizations.  Here are some tweets from the past 24 hours on the topic of FTP and the lack of love thereof …

I have ftp locked in a small dungeon underneath my apartment. Occasionally I throw it scraps of chicken.

Have to go into work and ftp is still acting up. Today will be so fun :-(

I just checked the FTP log. You downloaded “that what we don’t speak of in public”. The shame.

Just once I’d like to open an ftp client without it needing to update itself…

Real men don’t do backups, they just put their work on an FTP site and let the world mirror it. Linus Torvalds

If my FTP connection gets a bit faster I might be able to launch this site by christmas.

I couldn’t make this stuff up even if I tried.

Few would question that being able to make a phone call, or being able to send an email is considered an essential business tool, so too is the ability to easily and securely send a file.  Provisioning employees with the ability to send files securely is not a nice-to-have but a need-to-have so that we can get our jobs done and stay out of trouble.

Need to be reminded of the troubles you can get into with FTP? Here are some earlier blog postings on the security concerns with FTP:

• Good Ole FTP Just Doesn’t Cut it Anymore
• Top 3 File Transfer Mistakes
• Climategate – Stolen Emails Found on Public FTP Server, Climate Research Unit in Hot Water?

So next time someone says that FTP is available for file transfer – remind them that FTP stands for Failure To Provision for file transfer.

Posted in Accellion, Data Security, FTP | No Comments »

Federal Agency File Transfer Security Study

Wednesday, May 12th, 2010

A recent report by MeriTalk entitled “Why Encrypt? Federal File Transfer Report” offers interesting data and recommendations regarding securing the transfer of federal data.  Perhaps most alarming was the significant use by those surveyed of unsafe methods for transferring files:

•  66% use physical media (e.g. tapes, CDs, DVDs, USB drives)

•  60% use FTP

•  52% use personal e-mail accounts

and also the disappointing data that “currently just 58% say employees are aware of secure file transfer policies.”  The study was commissioned by Axway and illustrates the gaps between what should be happening to secure the transfer of data and what is actually happening.

Use of Accellion secure file transfer within the federal government has been steadily growing with recent Accellion government deployments at:

•  US Securities and Exchange Commission

•  NASA

•  State of Florida, Department of Transportation

•  Government of Newfoundland and Labrador

•  Government of Saskatchewan, Information Technology Office

It seems from the recent study there is still more work to be done in securing file transfers by Federal Agencies.  We are here to help.

Posted in Accellion, Data Breach, Data Security, FTP | No Comments »

Accellion Automation and the Black Eyed Peas

Thursday, April 8th, 2010

Last weekend I attended the sold out Black Eyed Peas concert with my 8 year-old daughter – it was her first concert experience. We had an awesome time!

After paying a small fortune for the tickets it got me thinking about the business of ticket sales and the Accellion customer who uses Accellion Automation to collect ticket sale data from their external vendors. Before Accellion, their IT department had to setup an FTP file share that was used by all of their external clients. They would each login at the end of the day and upload their ticket sales database. There were endless problems with forgotten passwords, transfers that didn’t complete, and confusion about which files to put where.

With Accellion installed the process goes much more smoothly. Accellion Envelopes were created for each vendor, pre-addressed to the correct automation process. The vendors were sent invitations to use Accellion. They login to the Accellion Web Client interface, choose the correct pre-addressed envelope for their transaction, load the file, and send. If they accidentally shutdown in the middle of the transaction, the next time they login, the transaction is resumed from where it left off. With the size of files they were sending, this was a big deal for them. They also didn’t have to learn a new FTP client, could manage their own passwords, and know that the files would make it safely and securely to their destination. And our customer was happy that they had the Accellion Automation Agent setup to automatically download files coming in and place them in the appropriate folder to be put into their business process.

Now I need to get back online and figure out the next great concert coming to town…

Mary Nicknish, Accellion Product Manager

Posted in Accellion, Automation, FTP, Product | No Comments »

Top 3 File Transfer Security Mistakes

Tuesday, March 9th, 2010

Thought it might be helpful to share our perspective on the Top 3 Security Mistakes related to File Transfer along with some tips on how to avoid them.  After all, staying out of trouble is half the battle.

Mistake #1  - Using P2P file sharing software at work.

Using P2P file sharing in the workplace is just not a good idea. Installing P2P file sharing on a work computer can get you into a heap of trouble by inadvertently exposing computer files externally. The FTC recently had to inform 100 organizations that personal customer and employee data was being shared on P2P networks.  Legislation is under review that would require stricter notifications on the security hazards of P2P file sharing.  The best advice here is to practice P2P workplace abstinence – don’t use P2P file sharing in the workplace.

Mistake #2 – Sending confidential information via an email attachment, USB stick or CD

Email attachments, USB sticks and CDs are not a secure means of file transfer. When sensitive information is sent unsecured then an organization is at risk for non-compliance with industry and government regulations including HIPAA, SOX, and GLBA.  Files containing confidential information need to be protected to avoid data breaches. USB sticks and CDs, can easily be misplaced or lost in transit as the UK Government discovered in 2009 when disks containing personal information on 25 million UK citizens went missing in the Royal Mail. Email attachments are not secure and do not provide the encryption required by HIPAA. If a file contains confidential information it needs to be sent via secure, encrypted channels.

Mistake #3 – Forgetting to cleanup files on un-secure FTP servers

Everyone knows that FTP is not the most user friendly business application, and cleaning up files previously uploaded to an FTP server probably ranks right up there in priority with cleaning out the lint from your trouser cuffs.  In the hands of business users, FTP servers become a security breach waiting to happen.  Files uploaded and left indefinitely on the FTP server, can result in many years worth of files sitting out on unsecured FTP servers.  Coupled with the commonplace sharing of FTP account names and passwords, FTP servers are often a weak link in an organization’s data security program.

The good news is that managed file transfer can keep you out of trouble in all these areas.

Posted in Accellion, Data Breach, Data Security, Email Attachments, FTP, P2P, UK | No Comments »

« Older Entries