Posts tagged file transfer protocol
Time to consider MFT to mitigate the risk of data breaches and non-compliance with regulatory mandates

This a guest post by Saurabh Sharma, a Senior Analyst with Ovum IT and a member of Ovum’s Infrastructure Solutions team.

File transfer may seem to be a rather innocuous process from the perspective of business users, but IT keeps worrying about where the associated data will reside in the end and who would be able to access this data. Enterprise mobility and the emergence of cloud services have driven the uptake of ad hoc approaches to file transfer, which are well suited to the “working style” of business users. An often-neglected aspect is the lack of data security, governance, and reporting capabilities, which render file transfer protocol (FTP) and other traditional approaches to file transfer obsolete, especially from the perspective of customer service-level agreements (SLAs) and stringent regulatory compliance mandates.

A recent Ovum primary research survey revealed some interesting and not-so-innocuous trends and figures:

  • On average, 32% of business-critical processes involve file transfers and about 4% of FTP-based file transfers fail.
  • The average total cost of a data loss/breach incident is $350 per breached record (or $3 million, on an overall basis).
  • About a quarter of survey respondents revealed that their organization failed a security audit in the last 3 years.
  • 17% indicated “no confidence” in passing a compliance audit with the existing file transfer solutions.
  • There is little inclination to shift towards a “cloud-only” model for delivery of file transfer capabilities, with only 11% relying on software-as-a-service-based (SaaS-based) file transfer solutions for all of their file transfer needs.

These figures reveal the extent of vulnerability enterprises are exposed to when mission-critical data is knowingly or unknowingly shared with external parties without any appropriate data security and governance provisions. Clearly, to mitigate data breaches, enterprises need a more robust approach to file transfer. Managed file transfer (MFT) fits the bill for such requirements and can effectively meet stringent regulatory compliance mandates.

One might argue that with 80% of the IT budget being used for “keeping the lights on,” it is rather difficult to secure funding for a comprehensive MFT solution. However, given the level of business risk associated with data breaches and non-compliance to regulatory mandates, IT can effectively build a strong business case that specifies how a shift to MFT will add business value.

A comprehensive MFT solution will provide off-the-shelf integration with common middleware platforms and security products and end-to-end visibility into, and monitoring of, file transfers. It will help ensure rapid onboarding of new customers and partners, as well as governing interactions with trading partners. Clearly, there are “more than enough” reasons to abandon “islands” of file transfer infrastructure and shift to a comprehensive MFT solution.

Many IT leaders have so far failed to see the big picture and do not pay due attention to the need to govern the flow of data within, at, and beyond the edge of the enterprise. What enterprises need is a central governance layer on top of the different components of the existing middleware stack, and this could be realized with a suitable combination of MFT, B2B integration, and API management solutions. For IT leaders, there is a clear call for action to safeguard mission-critical data against unauthorized access, irrespective of the means used for transfer of this data, both within and outside the enterprise. Moreover, it is never too late to start bridging the gaps between enterprise integration infrastructure and data security and governance frameworks.

Saurabh is a Senior Analyst with Ovum IT and is a member of Ovum’s Infrastructure Solutions team. His research covers integration infrastructure and enterprise integration strategies that span across application-to-application (A2A), B2B, and cloud service integration. He also focuses on other associated disciplines such as API management, integration and solution architectures, and communications integration.

To review the whitepaper titled “The Imperative for Effective Data Flow Governance in Response to Data Security, Risk Mitigation, and Compliance Requirements,” please click here.

The Imperative for Effective Data Flow Governance

This is a transcript of the Axway podcast of the same name.

ANDREWS: One of the things that really comes through is that status quo, while it being the easiest thing for IT organizations to deal with…it’s problematic. The reason why is we don’t see technology remaining status quo in any environment or any part of our life, so why should it be that way for IT departments?YouTube Preview Image

ANNOUNCER: From Phoenix, Arizona, this is The Axway Podcast. Here’s your host, Mike Pallagi.

PALLAGI: Recently, Axway and Ovum — a leading global technology research and advisory firm — announced the results of a global study that examined data security, governance, and integration challenges facing organizations. The study highlighted how the growing complexity of governance and compliance initiatives challenge IT integration and C-level executives, and how isolation between IT integration and corporate governance forms economic and reputational risks. Of the 450 respondents from North America, Asia Pacific, and EMEA, 23 percent said their company failed a security audit in the last three years, while 17 percent either didn’t believe or didn’t know if they would pass a compliance audit today. The study also revealed that the average overall cost of a data breach was $3 million. So to learn more about the significance of these numbers, I caught up with John Andrews, Axway’s Director of Solution Marketing for Managed File Transfer. Here’s John again.

ANDREWS: Business environments are changing, external threats are changing. If you don’t look at your key technology and adapt it to these upcoming threats in business environments, it exposes problems that may have already been there or it can show new problems that the changing environments have occurred. So what we really want people to look at is, using things like FTP and other traditional file transfer approaches, staying status quo, will ultimately lead to problems in their overall environment.

PALLAGI: The Ovum report pointed out that a comprehensive MFT solution is essential for meeting increasingly complex data security governance requirements.

ANDREWS: It used to be enough to just secure transfers, and what organizations worried about was the delivery. Now, that’s not enough. You have to be able to deliver, track, and audit every transfer that you make. And it has to be done securely, not only for the transport, but securely for the data as well. The only way you really can do this is by implementing a comprehensive governance solution that (not only) manages policies and configurations, but is also easy to manage with updates and changes based on the way that business environments and external threats change. So this ties into that initial point of “staying status quo doesn’t really help organizations.”

PALLAGI: And what about community management and how MFT simplifies it?

ANDREWS: This is probably one of the biggest challenges I think companies experience. It used to be that interactions were dealt with…just external partners, but only a handful of partners. You had key people that you worked with, and you worked with them consistently all year around. Again, with the way the business environments have changed, you still have your core partners, but you have seasonal partners or transitory partners. This is because of the diversification of the way that people are doing business, cost competition in supplying parts, and supplying a product that companies use. And sometimes it’s just timing.

PALLAGI: So, for example, your core partner may not have something that you need at the right time so you’ll engage for a short period of time with a new partner. The problem is that the onboarding process has always been somewhat complex and cumbersome, so if there’s a way to simplify that through a governance process, then THAT can create significant business opportunities for organizations by giving them flexibility on how they interact with different partners.

ANDREWS: Then the Ovum report moves on to talk about a consolidation strategy for file transfer infrastructure, used to reduce footprints and maintenance and support costs. What we’ve seen in the past two to three years is that IT budgets have rebounded somewhat, and because of the security concerns that have been raised through data breaches, the events like Target and most recently JP Morgan Chase have really exposed that there are security concerns. The problem is that money isn’t being thrown at these problems, so IT departments need to come up with cohesive and comprehensive strategy that allows them to address these security needs. And it’s key from when you dig into the facts that file transfer technology has to be part of this. Companies still using FTP are at greater risk of data breaches, and because of this, file transfer technology is probably even more crucial to businesses than it has been in the past.

PALLAGI: Also, the report indicated that there’s a transition going on from governance silos to a central governance layer.

ANDREWS: This is something that, at Axway, we’ve been talking about for a while in that companies need a comprehensive strategy for their file transfer technology. If you look at one of the aerospace companies that we work with, they have both military and civilian divisions. While a civilian divisions does not have the same kind of security requirements as the military divisions, they’re both within the same organization. And by one of the divisions having a more lax environment, it could cause trouble for the military division because they are interconnected.

PALLAGI: That organization took a centralized approach to the way that they do file transfers and made sure that each of the divisions actually adhered to the policies that they laid out.

ANDREWS: This centralized vision and control of information is then independent of the divisional silos, and it makes sure that the data that’s moving in and around the environment, and externally, is secured. Finally, the Ovum report identifies that there needs to be a more thought-out process to MFT, B2B integration, and API management solutions. The way I summarize this is, just like you don’t want corporate silos in your organization for IT, you don’t want technology silos within your IT organization. Meaning, you have a separate MFT group, a separate B2B group, and a separate API group. Those technologies, the technologies that span firewalls, need to be thought of more holistically in the way that they’re managed. This means that they need to have policies that can be applied across all the technologies with similar or the same level of security, and that you should be able to govern them centrally so that you can ensure that there’s consistency in the way that data is moved in and out your environments.

To review the whitepaper titled “The Imperative for Effective Data Flow Governance in Response to Data Security, Risk Mitigation, and Compliance Requirements,” please click here.

To listen to the podcast on YouTube (audio only), please click here.