180 likes | 379 Vues
The Data Breaches You Don’t See Hurt You Most. Tony Perri, CISSP Solutions Architect Ipswitch File Transfer. Data loss is a growing risk. Companies are collecting, storing and transferring more and more data.
 
                
                E N D
The Data Breaches You Don’t See Hurt You Most Tony Perri, CISSP Solutions Architect Ipswitch File Transfer
Data loss is a growing risk • Companies are collecting, storing and transferring more and more data. • How many times have you filled out a Web form with personal information such as your name, address, date of birth, phone number, credit card number, etc… • This data is “king” for companies looking to better understand their customers and their markets, so this data is stored and subsequently analyzed. • The “pace” of business has increased, so data must be transferred quickly between internal and external people and systems. • We expect an order placed on an eCommerce web site to ship that day and be immediately trackable via the carrier’s tracking system. • We expect a debit-card transaction performed at an ATM or POS terminal is immediately reflected on our mobile phone (I think there was even a commercial at one time that demonstrated this). • Employees expect to work remotely and have access to data anytime and anywhere. • We expect more than what systems deployed even 5 years ago we’re ever designed to do. www.IpswitchFT.com
Data is most vulnerable during Transfer • Technology focus has been on minimizing the risk of data loss during collection and storage: • Data is typically encrypted during electronic collection using SSL/TLS, or is collected through paper, faxes and mail. • Data stored in its “system of record” is protected by strict access control permissions and encryption. • Technology for protecting data during transfer is available, but adoption is not keeping pace with the threats: • FTP is still in widespread use for transferring data, even across the Internet, despite providing no security. • Email is still the predominant way Person-To-Person data exchanges occur, once again, despite providing no inherent security. • Data is frequently transferred outside of its protected enclave where data owners have less control. www.IpswitchFT.com
Data is transferred to provide ACCESS • In a perfect world, data would remain in its protected enclave where all access is centrally controlled. • In the real world, data must be transferred to enable remote, off-line and cross-domain access. • Employees transfer documents and spreadsheets from the file server to their laptops and USB drives for remote, off-line access. • Systems extract data from the database and transfer it to other internal and external systems. • Trading partners exchange messages and files with each other in the form of transactions. • Specific examples later on that span all industries. www.IpswitchFT.com
Enter Prosumers’ personal technology • Employees want to use the same technology at work as they use at home • Remote employees often supply their own computing environment yet have VPN access to the corporate network. • Consumer “smartphones”. • Personal USB drives. • Consumer email and file sharing services. • Remember when AIM was the business tool of choice? • Companies enjoy the productivity gains Prosumer technology provides, but fail to recognize the risk this technology exposes them to. www.IpswitchFT.com
Employees will do what is necessary • Employees have proven that they will do whatever it takes to get their job done, with or without IT. • Employees whose job requires them to send information to other people such as co-workers, partners, vendors or customers have thousands of options at their disposal. • Personal email account • USB drive • Social media site • CD/DVD’s sent via courier www.IpswitchFT.com
Risk is to the Business • File transfer supports core business processes • Ordering, claims processing, supply chain management, health care, financial transactions. • Data loss means • Orders don’t ship, claims don’t get processed, supplies don’t arrive, health care records are unavailable, and financial debits/credits don’t occur. • Besides lost business, data loss incurs additonal costs: • Average total per-incident costs in 2008 were $6.65 million • Average cost per data record in 2008 was $202 2008 Annual Study: Cost of a Data Breach, Ponemon Institute 20 February 2009 www.IpswitchFT.com
IT Needs… • IT needs solutions to: • Enable person-to-person, person-to-system and system-to-system file transfers • Create and enforce policies and rules that manage those file transfers • Provide visibility into all data interactions • Compliance with industry regulations such as SOX, HIPAA, HITECH, PCI-DSS, FISMA, etc. is important too. www.IpswitchFT.com
Managed File Transfer (MFT) • Technology that historically dedicated “transmission” teams in Finance, Insurance and Health Care have used. • Through recent evolution now scales from small projects to enterprise-wide strategic deployments. • Gartner believes that purchases of MFT technology and services account for about $500MM per year and is growing by about 25% annually. (IDC analysts also cover this space.) www.IpswitchFT.com
Why Protocols & Security Matter Less BECAUSE YOU HAVE TO SUPPORT EVERYTHING
The Three Things That Matter Most BECAUSE YOU HAVE TO SUPPORT EVERYTHING
Visibility 1. Provide visibility into all file and data transfer interactions, including files, events, people, policies & processes www.IpswitchFT.com
Management 2. Manage, provision, and automate all file interactions, both internal and external to the company, organization or domain www.IpswitchFT.com
Enforcement 3. Create and enforce administrator defined policies & rules • Server access rules • Security policies • Password policy • IP lockout rules • File extension rules • Domain rules • Encryption policy • Delivery notification rules • File size limitations • File expiration rules • Max server bandwidth (# files, storage space) • Max number of files that can be sent at a time • Max # of downloads • Guaranteed delivery • File Integrity • Non-repudiation www.IpswitchFT.com
Real World Business Problems • Needs • Challenges www.IpswitchFT.com
Recent Case Study • Network Infrastructure provider replaces FTP with a leading MFT solution www.IpswitchFT.com
Ipswitch View – Continued Evolution Core FT • Protocol level security • Access control • Guaranteed delivery • Checkpoint restart • Multiple protocol support MFT MessageWay AFS • Data encryption • Identity and access mgt. integ. • Partner and profile management • 3rd party encryption and admin. • Interoperability • Multi platform support • Monitoring • Simple automation • Simple field based transformation WS_FTP Server MOVEit DMZ & MOVEit Central MFT with AFS MessageWay MFT Sendable MFT with Advanced File Services WS_FTP Professional • “Destination ready” file delivery • Advanced analytics • Community management • Event tracking management • Process definition and execution • API and interfaces • Schema and map based transformation • Multiple tenancy • Support for HA arch. and scenarios • Integrated composition environment • Extensible GUIs MFT Ipswitch Product and Solution Portfolio Core FT www.IpswitchFT.com
Q&A • Any questions? For more information about Ipswitch File Transfer’s solutions, call 608-824-3600 or email moveitsales@ipswitch.com. www.IpswitchFT.com