Archive for the ‘FTP’ Category

Federal Agency File Transfer Security Study

Wednesday, May 12th, 2010

A recent report by MeriTalk entitled “Why Encrypt? Federal File Transfer Report” offers interesting data and recommendations regarding securing the transfer of federal data.  Perhaps most alarming was the significant use by those surveyed of unsafe methods for transferring files:

•  66% use physical media (e.g. tapes, CDs, DVDs, USB drives)

•  60% use FTP

•  52% use personal e-mail accounts

and also the disappointing data that “currently just 58% say employees are aware of secure file transfer policies.”  The study was commissioned by Axway and illustrates the gaps between what should be happening to secure the transfer of data and what is actually happening.

Use of Accellion secure file transfer within the federal government has been steadily growing with recent Accellion government deployments at:

•  US Securities and Exchange Commission

•  NASA

•  State of Florida, Department of Transportation

•  Government of Newfoundland and Labrador

•  Government of Saskatchewan, Information Technology Office

It seems from the recent study there is still more work to be done in securing file transfers by Federal Agencies.  We are here to help.

Posted in Accellion, Data Breach, Data Security, FTP | No Comments »

Accellion Automation and the Black Eyed Peas

Thursday, April 8th, 2010

Last weekend I attended the sold out Black Eyed Peas concert with my 8 year-old daughter – it was her first concert experience. We had an awesome time!

After paying a small fortune for the tickets it got me thinking about the business of ticket sales and the Accellion customer who uses Accellion Automation to collect ticket sale data from their external vendors. Before Accellion, their IT department had to setup an FTP file share that was used by all of their external clients. They would each login at the end of the day and upload their ticket sales database. There were endless problems with forgotten passwords, transfers that didn’t complete, and confusion about which files to put where.

With Accellion installed the process goes much more smoothly. Accellion Envelopes were created for each vendor, pre-addressed to the correct automation process. The vendors were sent invitations to use Accellion. They login to the Accellion Web Client interface, choose the correct pre-addressed envelope for their transaction, load the file, and send. If they accidentally shutdown in the middle of the transaction, the next time they login, the transaction is resumed from where it left off. With the size of files they were sending, this was a big deal for them. They also didn’t have to learn a new FTP client, could manage their own passwords, and know that the files would make it safely and securely to their destination. And our customer was happy that they had the Accellion Automation Agent setup to automatically download files coming in and place them in the appropriate folder to be put into their business process.

Now I need to get back online and figure out the next great concert coming to town…

Mary Nicknish, Accellion Product Manager

Posted in Accellion, Automation, FTP, Product | No Comments »

Top 3 File Transfer Security Mistakes

Tuesday, March 9th, 2010

Thought it might be helpful to share our perspective on the Top 3 Security Mistakes related to File Transfer along with some tips on how to avoid them.  After all, staying out of trouble is half the battle.

Mistake #1  - Using P2P file sharing software at work.

Using P2P file sharing in the workplace is just not a good idea. Installing P2P file sharing on a work computer can get you into a heap of trouble by inadvertently exposing computer files externally. The FTC recently had to inform 100 organizations that personal customer and employee data was being shared on P2P networks.  Legislation is under review that would require stricter notifications on the security hazards of P2P file sharing.  The best advice here is to practice P2P workplace abstinence – don’t use P2P file sharing in the workplace.

Mistake #2 – Sending confidential information via an email attachment, USB stick or CD

Email attachments, USB sticks and CDs are not a secure means of file transfer. When sensitive information is sent unsecured then an organization is at risk for non-compliance with industry and government regulations including HIPAA, SOX, and GLBA.  Files containing confidential information need to be protected to avoid data breaches. USB sticks and CDs, can easily be misplaced or lost in transit as the UK Government discovered in 2009 when disks containing personal information on 25 million UK citizens went missing in the Royal Mail. Email attachments are not secure and do not provide the encryption required by HIPAA. If a file contains confidential information it needs to be sent via secure, encrypted channels.

Mistake #3 – Forgetting to cleanup files on un-secure FTP servers

Everyone knows that FTP is not the most user friendly business application, and cleaning up files previously uploaded to an FTP server probably ranks right up there in priority with cleaning out the lint from your trouser cuffs.  In the hands of business users, FTP servers become a security breach waiting to happen.  Files uploaded and left indefinitely on the FTP server, can result in many years worth of files sitting out on unsecured FTP servers.  Coupled with the commonplace sharing of FTP account names and passwords, FTP servers are often a weak link in an organization’s data security program.

The good news is that managed file transfer can keep you out of trouble in all these areas.

Posted in Accellion, Data Breach, Data Security, Email Attachments, FTP, P2P, UK | 1 Comment »

Email Attachments – Misconceptions Compromise Security

Wednesday, March 3rd, 2010

Are organizations aware of the security risks from email attachments? Generally not.

With email attachments typically accounting for more than 70% of e-mail volume, the bulk of data on email systems resides in the email attachments not email messages. Unfortunately in many organizations the management of email attachments is an afterthought leading to security vulnerabilities.

The disturbing reality is that users will try to force as much information through email as they can get away.  Without adequate security controls in place users commonly send confidential information unprotected through email attachments.  In cases where users hit email attachment size limits, they rapidly seek out unsecure IT workarounds such as thumb drives, CDs, P2P file sharing, just to get their job done.

So why the apparent lack of concern regarding the security of email attachments?  Here are just 3 of the common misconceptions:

•  Misconception #1: E-mail attachments are limited to 10MB; therefore, the risk of a data breach from file transfer is minimal.
•  Misconception #2: FTP is available; therefore, the risk of a data breach from file transfer is minimal.
•  Misconception #3: We haven’t experienced a security breach from unsecure file transfer, so the risk of a data breach from file transfer is minimal.

To learn how these common misconceptions compromise security read the full article published in Enterprise Systems this week.

Given the increased profile of data breaches and updated and extended compliance regulations such as HIPAA, now is not the time to ignore security vulnerabilities. Organizations, large and small, are waking up to the hazards of email attachments and are deploying managed file transfer solutions to protect confidential information and ensure compliance.

Give us a call if you would like to review the security of email attachments and investigate deployment of a managed file transfer solution to protect your organization.

Posted in Accellion, Data Breach, Data Security, Email Attachments, FTP, HIPAA, P2P | No Comments »

Good old FTP just doesn’t cut it anymore

Thursday, January 14th, 2010

We enjoyed reading the recent CIO article regarding taming the transfer of monster files.  Perhaps it was the mind boggling opening line that tipped us off that we were in for a good read “Despite being outdated and insecure, FTP continues to be a popular method for file transfer…” ?

This article is a must read for any IT department who is still relying on FTP for business file transfer.  The reasons for ditching FTP in favor of a managed file transfer solution are all in this article:  failure transmissions, compliance concerns, collaboration benefits.

Using FTP for file transfer is analagous to hitching a wagon to go across country versus flying.  Cross country wagon rides used to be popular but today they are considered a lot more difficult, less secure and time-consuming than an airline ride. 

Is FTP finally going the way of the cross country wagon ride?

Posted in FTP | 1 Comment »

Could FTP Replacements Outpace FTP Deployments in 2010?

Tuesday, January 5th, 2010

Reading through all the top ten lists and top ten trend predictions for 2010 got us thinking at Accellion about file transfer trends for 2010, and the topic of FTP came up.  Now wouldn’t that be an interesting 2010 trend if the number of FTP replacements outpaced the number of FTP deployments.  Then the end of FTP misery could be in sight.

Perhaps it was the recent tweet we responded to where someone was apologizing for just not getting FTP…  “Sorry, like too many users I have no idea how to actually operate ftp.”  

For years FTP has been the standard generic IT stop gap for file transfer.  If the only drawback for FTP was that business users don’t have a clue how to use it, FTP file transfer misery could continue on for years.  But more recently the security issues with FTP are finally raising questions on whether FTP really is an appropriate file transfer solution for business users.

Could 2010 be the year where FTP is finally on its way out?  Stay tuned.

Posted in FTP | No Comments »

Climategate – Stolen Emails Found on Public FTP Server, Climate Research Unit in Hot Water?

Thursday, December 10th, 2009

The recent data breach at the Climate Research Unit at the University of East Anglia continues to pick up steam.  Emails, source code and data files related to climate change research recently appeared on a public FTP server as reported in The Register and now it’s become a public relations nightmare dubbed Climategate.

Climategate just happens to be the latest embarrassing leak of sensitive info – in this case it’s of global interest.  While we aren’t in a position to voice an opinion on climate change, we definitely have an opinion on unsecure FTP servers – they’re unsecure and leave sensitive data exposed for anyone to view.   If you are at an organization that stills uses FTP for sharing files and this story is making you a little uncomfortable, there’s still time to add FTP Replacement to your to-do list for your 2010 – we could even get you sorted out before year end, so you can sleep better over the holidays.

Posted in Data Breach, FTP, UK | No Comments »