Posts tagged infrastructure
Time to consider MFT to mitigate the risk of data breaches and non-compliance with regulatory mandates

This a guest post by Saurabh Sharma, a Senior Analyst with Ovum IT and a member of Ovum’s Infrastructure Solutions team.

File transfer may seem to be a rather innocuous process from the perspective of business users, but IT keeps worrying about where the associated data will reside in the end and who would be able to access this data. Enterprise mobility and the emergence of cloud services have driven the uptake of ad hoc approaches to file transfer, which are well suited to the “working style” of business users. An often-neglected aspect is the lack of data security, governance, and reporting capabilities, which render file transfer protocol (FTP) and other traditional approaches to file transfer obsolete, especially from the perspective of customer service-level agreements (SLAs) and stringent regulatory compliance mandates.

A recent Ovum primary research survey revealed some interesting and not-so-innocuous trends and figures:

  • On average, 32% of business-critical processes involve file transfers and about 4% of FTP-based file transfers fail.
  • The average total cost of a data loss/breach incident is $350 per breached record (or $3 million, on an overall basis).
  • About a quarter of survey respondents revealed that their organization failed a security audit in the last 3 years.
  • 17% indicated “no confidence” in passing a compliance audit with the existing file transfer solutions.
  • There is little inclination to shift towards a “cloud-only” model for delivery of file transfer capabilities, with only 11% relying on software-as-a-service-based (SaaS-based) file transfer solutions for all of their file transfer needs.

These figures reveal the extent of vulnerability enterprises are exposed to when mission-critical data is knowingly or unknowingly shared with external parties without any appropriate data security and governance provisions. Clearly, to mitigate data breaches, enterprises need a more robust approach to file transfer. Managed file transfer (MFT) fits the bill for such requirements and can effectively meet stringent regulatory compliance mandates.

One might argue that with 80% of the IT budget being used for “keeping the lights on,” it is rather difficult to secure funding for a comprehensive MFT solution. However, given the level of business risk associated with data breaches and non-compliance to regulatory mandates, IT can effectively build a strong business case that specifies how a shift to MFT will add business value.

A comprehensive MFT solution will provide off-the-shelf integration with common middleware platforms and security products and end-to-end visibility into, and monitoring of, file transfers. It will help ensure rapid onboarding of new customers and partners, as well as governing interactions with trading partners. Clearly, there are “more than enough” reasons to abandon “islands” of file transfer infrastructure and shift to a comprehensive MFT solution.

Many IT leaders have so far failed to see the big picture and do not pay due attention to the need to govern the flow of data within, at, and beyond the edge of the enterprise. What enterprises need is a central governance layer on top of the different components of the existing middleware stack, and this could be realized with a suitable combination of MFT, B2B integration, and API management solutions. For IT leaders, there is a clear call for action to safeguard mission-critical data against unauthorized access, irrespective of the means used for transfer of this data, both within and outside the enterprise. Moreover, it is never too late to start bridging the gaps between enterprise integration infrastructure and data security and governance frameworks.

Saurabh is a Senior Analyst with Ovum IT and is a member of Ovum’s Infrastructure Solutions team. His research covers integration infrastructure and enterprise integration strategies that span across application-to-application (A2A), B2B, and cloud service integration. He also focuses on other associated disciplines such as API management, integration and solution architectures, and communications integration.

To review the whitepaper titled “The Imperative for Effective Data Flow Governance in Response to Data Security, Risk Mitigation, and Compliance Requirements,” please click here.

Is your integration vendor developing products designed to meet your strategic integration and governance requirements, or theirs?

If your vendor has announced a dramatic shift in direction, such as 100% outsourcing to the cloud, you could a) be pressured to adopt an integration paradigm that benefits your vendor, but doesn’t work for your business or meet your particular regulatory/governance requirements; and/or b) get stuck with an outdated integration product that languishes on your vendor’s R&D back burner. And if you hit a scalability wall, then what?

Either way, when your vendor stops actively investing in solutions that address your top concerns and future requirements, you do not have the agile foundation you need in order to:

  • Adapt to changes in technologies, standards, and government regulations. Your integration and governance product may seem comprehensive and secure now, but can it keep up with the ever-evolving technologies, standards, and regulations that impact your business ecosystem? For example, how does your current vendor handle API, mobile, cloud, and other evolving integration and governance technology requirements?
  • Modernize, consolidate, and scale your integration and governance infrastructure. Will your environment be able to keep pace with changing business conditions, new data paths like mobile and BYOD, and exponential growth of data volumes as your business continues to evolve and expand over the next 5-10 years? The last thing you need is to be close to maximum capacity and then have to rely on a sluggish vendor to move fast enough to handle expected — let alone unexpected — spikes in data volume. The bottom line is that if your vendor can’t scale quickly — or at all — then they aren’t set up to support the continued growth and success of your business.

Learn more here.