Three Words to Say to C-Level Management About Complete MFT Data Security (Pt. 1)

by Shawn Ryan
VP Technology Marketing & Chief Architect
Axway

Cost, risk and brand.

In other times, the first on the list in terms of drivers is obvious: revenue. But now, three words at the top of mind are cost, risk and brand.

First, cost. Cost and benefits associated with consolidation are essential drivers to surviving and thriving. In any organization, various one-off solutions handle file transfers. Various solutions stay nailed down and in place just because they are there. They arrive when a project demands a fast solution where one does not exist. They arrive due to mergers and acquisitions. They arrive because “files” were not thought to be strategic, because “files” have not had the sizzle, and thus “files” are neither the focus of SOA projects nor the focus of technology that could bring them into a services oriented approach. But times are different, and with files representing eighty-plus percent of an organization’s data, it’s time to gain control. Various one-off solutions are costly to an organization and filled with security flaws, just as Swiss cheese is filled with holes.

By focusing managed file transfer and transmissions through a single service oriented framework, MFT consolidates the overhead of one-off services and reduces costs—a concern of all C-level management.  While cost creates a convincing argument for complete MFT data security, unified governance across the different types of interaction patterns that comprise managed file transfer brings in security and controls and is simply the best way to go.

The second point: risk. More specifically: governance, risk and compliance. GRC. Cybercrime is a trillion-dollar industry. That alone should be enough to wake C-level management up and seriously consider data security. Add compliance mandates to that, breach notification laws with safe harbors for encrypted data, and now encryption mandates like HITECH and the Massachusetts state laws coming on line, and a response is not only wise, it’s mandatory. Massachusetts 201 CMR 17, like California SB1386, is a precedent-setting mandate. It states that any data containing personally identifiable information of a resident of Massachusetts must be encrypted. A challenge like this is a formidable one that your company must not take lightly.

Third, brand. Closely paired with the topic of risk, but it deserves a front-row seat in the discussion. Data is the lifeblood of your business. Anytime you have a breach, your company makes headlines for a terrible reason, thanks to the 45-plus states that have notification laws in place. What do you want to be known for? You must protect your brand.

Complete MFT data security is essential. The only answer is to look for a complete solution that can cover all interaction patterns. Sure, start where you feel the most risk, but stop to be sure you will address the risk strategically, and have a plan to cover the entire spectrum of interaction patterns. Sure, cybercrime is on the rise, but internal jobs account for eighty-plus percent of publicized breaches. Are you just going to cover B2B? Human interactions? Portal based? You must cover them all.

But which interaction patterns demand complete MFT data security?

(To be continued.)