The transition of data from a physical to digital format has been rapid and widespread. Once organisations exchanged folders, paper and CDs, now they send electronic files online, containing a huge range of information items in various formats. Communication, data, correspondence, images, texts and archives are now ‘digital assets’, which are created and maintained electronically?making life easier and data transportation faster and more accurate.
As a result, data is today’s business currency: most organisations’ success is closely associated with their ability to move, change, manipulate and use data to manage and run their operations. Dr. Paul Steiner, Managing Director, Accellion EMEA, explains.
While the switch to digital information has improved the speed and efficiency of business communication, it has highlighted concerns about the security of data transfer. Today, data is increasingly vulnerable to loss or theft, with accidental and malicious security breaches common place.
However, the value, confidentiality and importance of data in a digital format is exactly the same as physical data. Yet many organisations still don’t fully comprehend the need to store and secure digital assets with the same protection given to physical assets. The rise of global corporate networks combined with mobile and remote working has given many more employees access to vast amounts of data which they can view, change and transfer around the world from a PC, laptop or even mobile phone.
Data breaches galore
The consequences of inadequately managed file transfer can be severe. There is now a growing awareness that many organisations have not invested sufficiently in a robust business process to transfer data securely. Over the past 18 months, the UK’s Information Commissioners Office (ICO) has highlighted more than 275 data breaches across different markets.
The most high profile case was undoubtedly the Government’s loss of CDs containing personal information on 25 million recipients of Child Benefit. Similarly, The Ministry of Defence lost a laptop containing 600,000 records of UK residents interested in joining the armed forces, while Virgin Media and Marks & Spencer were ordered to encrypt portable mobile devices and laptops following serious data security breaches.
Impact of regulation
UK regulation is driving organisations to look closely at transferring data more securely. For instance, the Financial Services Authority (FSA) can now fine organisations that fail to manage client data securely?the fine of a total of £3.2 million to three HSBC companies for lost customer data as a result of security breaches in 2007 and 2008?is the most recent example.
Since 2007, there have been several such penalties where high-profile organisations have been fined, notably Norwich Union whose failure to manage customer data adequately resulted in a £1.26 million fine.
Additionally, while UK companies are not directly subject to US regulations such as Sarbanes-Oxley, the Securities & Exchange Act (SEC), Health Insurance Portability and Accountability Act (HIPAA) and Food & Drug Administration (FDA) laws, the legislations’ emphasis on accountability, audit, control and care of data, has made many UK organisations reassess their digital asset management.
The data file transfer challenge
Many organisations have deployed File Transfer Protocol (FTP) servers to transfer large files around networks and across the Internet. But, FTP was designed when security was much less of a concern. As a result, the same username and password is often shared among multiple users, representing a potential and significant security breach.
Additionally, simple FTP cannot provide audit trails which meet today’s compliance and audit legislation. Enhanced FTP systems (such as SFTP, FTPS and EFTP) offer genuine improvements over conventional FTP, but require specialist programs to be installed on users’ desktops?increasing overheads for IT departments and inconvenience for users.
Data management over FTP can also be problematic: once files are uploaded into FTP directories they need to be deleted manually, so they are rarely removed. The result is sets of directories containing hundreds of files, with little information about when they should be deleted. This creates a valuable digital asset which is left unprotected for extended periods and is accessed easily by unauthorised users.
A new business process: secure managed file transfer
With data confidentiality of such great important, organisations need to consider a dedicated solution that offers embedded security. Data encryption is essential, and systems should be capable of authenticating the recipient and managing each file and account lifecycle automatically. This will ensure that no confidential information is left exposed and no unauthorised user access takes place.
Managed file transfer solutions have emerged to meet the need for on-demand and automated, multi-office enterprise, secure file transfer. They are robust systems that securely send and receive files and folders up to 50GB. These solutions fully encrypt all files and control access to each document, eliminating the risk of data breaches. The resulting audit trails also meet the security and compliance standards of most regulatory requirements. They are extremely easy to use, can be installed in less than an hour and have minimal impact on IT resources. In fact, from their desktops, users are often unaware of their deployment, beyond a small email-type icon.
Today, many organisations are using managed file transfer technology, driven no doubt by the security it delivers, but also by its speed and simplicity. Construction companies such as Red Dot Building Systems have found it ideal for transferring large files containing blue prints and building specifications. HIT Entertainment, makers of children’s TV programmes such as Bob the Builder has found that such a solution has allowed it to transfer large video files between staff, production studios and international broadcasters quickly and easily.
As well as cutting production times, the solution also safeguards the secrecy of new episodes of favourite children’s TV programmes. Similarly, advertising agencies, law firms, universities, insurance brokers, and medical research organisations are using such solutions to transfer files faster and more securely.
As organisations become more reliant on information for their success, their ability to move data securely and effectively from one location to another becomes paramount. Organisations can mitigate data security risks by integrating secure, file transfer capabilities as a core business process and fundamentally changing the way they move confidential data. Managed secure file transfer solutions allow organisations to achieve this in a cost effective and unobtrusive way.