1 / 24

Data Loss Is a Growing Risk… Managed File Transfer Can Help

Data Loss Is a Growing Risk… Managed File Transfer Can Help. Tony Perri, CISSP Solutions Architect Ipswitch File Transfer. Data loss is a growing risk. Companies are collecting, storing, and transferring more and more data. Collecting Data:

haru
Télécharger la présentation

Data Loss Is a Growing Risk… Managed File Transfer Can Help

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Loss Is a Growing Risk…Managed File Transfer Can Help Tony Perri, CISSP Solutions Architect Ipswitch File Transfer

  2. Data loss is a growing risk • Companies are collecting, storing, and transferring more and more data. • Collecting Data: • How many times have you filled out a Web form with personal information such as your name, address, date of birth, phone number, credit card number, etc. • Storing Data: • This data is “king” for companies looking to better understand their customers and their markets, so this data is stored and subsequently analyzed. • Transferring Data: • The “pace” of business has increased, so data must be transferred quickly between internal and external people and systems. www.IpswitchFT.com

  3. Data is most vulnerable during transfer • Technology focus has been on minimizing the risk of data loss during collection and storage. • Technology for protecting data during transfer is available, but adoption is not keeping pace with the threats. www.IpswitchFT.com

  4. The Information Visibility Problem • Companies are failing to secure and manage the flow of sensitive information moving internally and externally: • 65 percent of companies surveyed have no visibility into files and data leaving their organizations. • 52 percent have no real visibility into internal file transfers. • Only 19 percent say they have complete visibility into files and data moving inside and outside their organization. www.IpswitchFT.com

  5. The External Device Problem • Increased reliance on external devices in the workplace is partly to blame: • More than 80 percent of IT executives admitted to using easily lost or stolen external devices like USB drives, smartphones and tablets to move and backup confidential work files. • 57 percent save work files to external devices at least once a week, a major security and compliance concern for businesses. www.IpswitchFT.com

  6. The Email Security Problem • More than 75 percent of IT executives surveyed send classified files and information via email attachments. • 26 percent of employees use personal email instead of work accounts to mask file transfer activity from management. www.IpswitchFT.com

  7. The Policy and Tool Enforcement Problem • Creating policies and providing tools simply isn’t enough…. It’s the enforcement of that policy and tool that is the critical step. • 55 percent said their companies provide – but do not enforce – policies and tools around sharing sensitive information www.IpswitchFT.com

  8. WikiLeaks Fails to Drive Preventive IT Action • In wake of one of the most revealing breaches in U.S. history, most companies are not taking the risks of losing business-critical information seriously. • 43 percent of companies ignored the business implications of WikiLeaks altogether. • Only 16 percent of companies implemented new policies and tools to protect against similar breaches. • Slightly less than 30 percent of companies discussed the implications with employees, but made no major changes to the way information is shared or protected. www.IpswitchFT.com

  9. 2011 Information Technology Priorities • While many companies are still struggling to protect business-critical information, executives say that they’re making it a priority for 2011. Of the IT executives surveyed at the 2011 RSA Conference: • 40 percent ranked protecting sensitive information as a top priority in 2011. • 25 percent said securing cloud computing is important. • 20 percent said that managing the flow of information internally and externally is critical. www.IpswitchFT.com

  10. Employees will do what is necessary • Employees have proven that they will do whatever it takes to get their job done, with or without IT. • Employees whose job requires them to send information to other people such as co-workers, partners, vendors or customers have thousands of options at their disposal. • Personal email account • USB drive • Social media site • CD/DVD’s sent via courier www.IpswitchFT.com

  11. Risk is to the Business • File transfer supports core business processes • Ordering, claims processing, supply chain management, health care, financial transactions. • Data loss means • Orders don’t ship, claims don’t get processed, supplies don’t arrive, health care records are unavailable, and financial debits/credits don’t occur. • Compliance Threatened www.IpswitchFT.com

  12. Costs to the Business • Data loss incurs additional costs: • Average total per-incident costs in 2008 were $6.65 million • Average cost per data record in 2008 was $202 2008 Annual Study: Cost of a Data Breach, Ponemon Institute 20 February 2009 • Lost Revenue • Penalties • Damaged reputation www.IpswitchFT.com

  13. IT Needs… • IT needs solutions to: • Enable person-to-person, person-to-system and system-to-system file transfers • Create and enforce policies and rules that manage those file transfers • Encrypt transfers • Provide visibility into all data interactions • Enable compliance www.IpswitchFT.com

  14. MFT Capabilities • Protocols • FTP, FTPS, SFTP, HTTP, HTTPS, AS1/2/3 • Encryption • SSL/TLS, SSH, AES, PGP, S/MIME, PKI, SHA • Provide Confidentiality and Integrity • Access Control • Control who has access to what data • Least-Privileged • Auditing, Logging and Reporting • Track every activity associated with transferring a file • Automation, scheduling, workflow • Provide Availability www.IpswitchFT.com

  15. The Three Things That Matter Most

  16. Visibility 1. Provide visibility into all file and data transfer interactions, including files, events, people, policies & processes www.IpswitchFT.com

  17. Management 2. Manage, provision, and automate all file interactions, both internal and external to the company, organization or domain www.IpswitchFT.com

  18. Enforcement 3. Create and enforce administrator defined policies & rules • Server access rules • Security policies • Password policy • IP and user lockout rules • File extension rules • Domain rules • Encryption policy • Delivery notification rules • File size limitations • File expiration rules • Max server bandwidth (# files, storage space) • Max number of files that can be sent at a time • Max # of downloads • Multi-factor authentication • Guaranteed delivery • File Integrity • Non-repudiation www.IpswitchFT.com

  19. Real World Business Problems • Needs • Challenges www.IpswitchFT.com

  20. Two frequent scenarios • Regularly scheduled reoccurring transfers • Replace legacy or home-grown systems • Ad-Hoc person-to-person interactions • Send large or large sensitive data www.IpswitchFT.com

  21. Classic “bulk data transfer” • Used by Financial, Insurance and Health Care for years • Primarily B2B (not transactions) • Legacy Data Comm, FTP, MFT • Regularly scheduled, re-occurring transfers • Highly structured • Need • Encryption • Efficient on-boarding of partners and users • Policy Enforcement • Auditing and Reporting • Scheduling • SLA Monitoring • Sustainable key managment • Flexible deployment options (on-premises, hosted, hybrid) www.IpswitchFT.com

  22. Ad-Hoc Transfers • One-time or short-duration interactions between internal users and external customers, partners, clients, etc. • Examples • Marketing needs to send large image files to a contractor • Software vendor needs to send a patch to a specific customer • Sometimes a replacement for anonymous ftp • Bi-directional • Mortgage originator needs sensitive financial information from an applicant www.IpswitchFT.com

  23. Ad-Hoc Transfers • Need • Encryption • Self-service user provisioning • Client-less access for internal and external users • TTL and Max Download policies • Auditing and Logging • Appropriate file size limits (or no limits) • Archival for e-Discovery purposes. • Flexible deployment options (on-premises, hosted, SaaS) www.IpswitchFT.com

  24. Q&A For more information about Ipswitch File Transfer’s solutions, call 608-824-3600 or email MOVEitSales@ipswitch.com. www.IpswitchFT.com

More Related