Can You Afford FTP/SFTP?

23 04 2010

As many IT organizations can testify, FTP and SFTP solutions are not free. While there may be no license fee attached to either of these file transfer solutions, many companies spend millions per year in hardware and resource costs in an effort to make them reliable and to ensure that critical files arrive on time and intact. Data files that arrive late, corrupted or incomplete negatively impact a business both financially and from a reputation perspective.

Many companies are realizing that the security and reliability of their data transfers are paramount to their IT organization and have made significant investments to replace FTP/SFTP solutions with a Managed File Transfer solution.

Whether an organization is moving files internally or to external partners and suppliers, they need to arrive securely, on time and intact. A Managed File Transfer solution ensures this end result through high levels of fault tolerance and automatic restart of transfers from any point of failure. Any MFT solution should include the most modern and secure protocols for file encryption (SSL encryption, X.509 certificates, proxy certificates, etc.). Additionally, MFT has the ability to perform third-party transfers, enabling it to execute and manage a file transfer between sender and receiver without either party having any direct knowledge of the other’s identification credentials.

When it comes to moving critical files within your organization or to business partners, it’s critical to have the ability to manage, monitor and audit every file transfer from a central point. It would be unfeasible, let alone an invalidation of compliance procedures, if file activity wasn’t monitored for failures or that a complete audit trail of file transfers wasn’t available. Moreover, delays in data transfer mean mission-critical delays for your business.

Can you afford that?





Why Tax Day and MFT Depend on You

14 04 2010

Tomorrow (4/15)  is tax day in the United States.  Thus, there will be plenty of checks running through the mail, all destined to reach their respective IRS offices.  This entire process is a parallel to the managed file transfer process.  Sure, I don’t want to have to send out a bunch of money either, but if I have to, then I should hope that it gets into the proper hands.

It all starts with the end in mind.  Destination address scrawled across the front of your envelope, you’re ready to “click the send button” and drop it into the mailbox.  Here is where the important part starts.  If your bank is keeping you secure, then your check should be safe; encrypted in a sense.  Sure, someone could manage to get to your check (it’s not a steel envelope after all), but that check then must be “hacked.”  With proper encryption, attempts will be futile.

Assuming that your check reaches its final destination, the IRS then has the password to open your check: permission.  This same concept is used in ad-hoc managed file transfer solutions by ensuring that only those who need access to the file will have it in the form of password protection and user verification.

As you drop your check into the mailbox on tomorrow’s tax deadline (you daredevil, you!), remember this analogy and notice that your role never changes.  As users, we are still responsible for ensuring that files are being sent to the proper destinations and through the proper methods.  Without you, security is merely something we wish we had.  Tax day and managed file transfer: both depend on you!  Who knew you were such a hero?





Migrating to a New MFT Solution: It Doesn’t Have to Be Painful!

9 04 2010

The importance and reliance upon Managed File Transfer solutions within organizations is growing at an extraordinary pace. A large number of companies are moving away from expensive incumbent file transfer solutions. Additionally, FTP/SFTP users are looking to implement a more secure and robust file transfer solution that offers them guaranteed delivery of their files.

Ultimately, that means these companies will be looking at a migration process for their new Managed File Transfer solution. The very word, “migration,” strikes fear in many an IT department.

Fortunately, with the proper analysis and evaluation of your existing file transfer infrastructure, you can avoid a time-consuming, risky or expensive migration process. Any Managed File Transfer vendor should be able to tell you up front how long the migration with take, how much it will cost and when you will see your return on investment.  For a seamless integration into your file transfer infrastructure, you need:

  • An immediate overview on all migration costs
  • An analysis of when a migration to your chosen Managed File Transfer solution will provide you with R.O.I.
  • No interruption to your running IT production
  • Very low impact on cost, time and personnel
  • Fast implementation and deployment

The analysis and evaluation of your existing file transfer environment is of critical importance during a migration. A detailed road map of the migration process should be provided to you to ensure the process covers all areas:

  • Migration
  • Services
  • Production
  • Abends
  • Maintenance

Addressing all of these issues can lead to seamless migration to your new Managed File Transfer solution, allowing to replace your existing file transfer solutions very quickly. Additionally, you should look for a Managed File Transfer vendor that offers consulting services to determine the needs for your particular file transfer environment and offers a full array of educational and technical services to ensure your future success.  The word “success” offers a happier expression!





FTP and SFTP vs. MFT for OS/400, IBM i, platforms

8 03 2010

Over the past few weeks, I have seen a lot of news group chatter regarding FTP, FTPS and SFTP relating to the IBM System i, i/OS. Although FTP(S) and SFTP provide workable options when limited file transfers are need, they lack the functionality and usability of a mature Managed File Transfer (MFT) solution. Let’s look at some of the advantages provided by a good MFT product verses FTP.

For the purpose of this post, the term OS/400 also refers to i5/OS, i/OS and IBM i.

Under OS/400, SFTP is provided via the PASE and its use is described in this IBM Systems magazine article.

FTP(S)/SFTP vs. MFT functionality

FTP(S)/SFTP MFT
Transferring nested directories is time consuming without a good GUI interface. MFT solutions provide simple and easy-to-use methods for transferring nested directories.
FTP(S)/SFTP only provides two party transfers. MFT allows three party transfers. In a two party transfer, files are transferred between the server and the client. In a three party transfer, the client sets up transfers between two servers so that an intermediate transfer is not necessary.
With FTP(S)/SFTP, controlling end-of-line can be tricky at best. MFT provides straight forward means by which to specify the character or character sequence wanted for end-of-line.
Using OS/400 FTP(S)/SFTP, you may have to create files before doing the transfer to get the correct file settings. An advanced MFT product allows the user to set file appropriate attributes before the transfer or detect those attributes in an OS/400 to OS/400 file transfer. Also, a good product provides one or more methods for automated file creation for save files and database files requiring DDS.
FTP only provides basic scripting. Advanced MFT products provide a full fledged scripting language allowing automation of even the most sophisticated transfer processes.
FTP on OS/400 allows execution of simple commands. Modern, full function MFT products provide the ability, possibly via add-on technology, to not only execute OS/400 commands, but also commands on other systems. A really advanced product also provides logging and control options for the remote system.
OS/400 FTP allows setting a CCSID when opening the FTP session. MFT products go beyond initial CCSID settings by detecting and automatically setting the CCSID for each file transferred during a multiple file transfer whether transferring from the QSYS or IFS file system. A really great MFT product will also adjust end-of-line settings based on ASCII vs. EBCDIC file type.
SFTP only provides binary transfers. FTP supports Single Byte Character Set, SBCS, code pages and some FTP products support UTF-8 code pages. Cutting edge MFT products may support all of the Unicode variants as well as Double Byte Character Set code pages. Although the author knows of none, MFT products that fully supports Mixed Byte Character Sets may exist.
FTP(S) and SFTP provide limited, if any, fault tolerance. MFT products provide network fault tolerance allowing transfer completion following network connection failure and recovery. They may also provide manager fault tolerance for remote command execution whereby remote commands may complete during network outages. Following network recovery, output from reconnected processes is transferred back to the initiating system.

The above information primarily addresses MFT functionality; however, all of the functionality potentially included in an MFT product is not covered. Look for such things as the ability to move files as opposed to only copying files and the ability to list files to name only a couple of items. Security options are referred to but not discussed in detail since they are limited in regard to FTP. The issue of data integrity was not discussed and should be carefully considered before purchasing an MFT product.





Repeat Data Breaches Not Always a Result of Negligence – Spotlight: Wyndham Hotels

5 03 2010

Wyndham Hotels has been hit with the third data breach in a year and has once again compromised sensitive customer data.  While frustration sets in for Wyndham, as well as it’s customers, one thought comes to mind: why?  Why is it that, after two data breaches, the organization is still facing hackers and their onslaught of effective attacks?  Well, as with anything of this magnitude, there are many possible answers.

People point fingers at organizations and their lack of security.  Or, perhaps its negligence from insiders who fail to control their data exchange and management.  Human error is a leading cause in data breaches, but perhaps it’s more than that.  It’s time to stop pointing fingers and start analyzing where the root of the problem lies.

Wyndham communicates with franchisees and managed communities, which puts countless people in charge of sensitive data.  Simply put, there are too many points of entry.  Sure, it’s great to have free flow of data from a convenience standpoint, but when that puts data out for nearly anyone to access, convenience then becomes a hassle.  Luckily, there are plenty of ways to prevent this and still maintain multiple points of entry.

Encrypting data so that it remains secure when at rest, in motion or even in the deleted file can put a huge barrier against hackers even after they enter one’s database.  Thus, it’s important to have detailed security on each file, rather than just on the database.  What may seem tedious can actually be quite simple with the right solution.

Using streamlined encryption tools, users can then have peace of mind knowing that their data will remain secure, no matter who can access it.  While human error will never be completely eradicated from data exchange, these security measures can make this margin of error shrink to a miniscule amount.





Ensuring the Confidentiality of Your Insurance Data

12 02 2010

With the growing amount of headlines regarding HITECH and HIPAA compliance, insurance companies should take note: payor associations and related parties are required to comply with these mandates if they partner or work with healthcare organizations (HCOs) or Providers of Service (POS). Whether you work within the healthcare insurance industry or a different segment, insurance information is susceptible to many of the new data breach regulation laws growing strength at the federal, state and local levels.

How do you protect your customers' confidential information?

Can you show the securely transfer the following information?

  • Client and Patient Policy Information
  • Client and Patient Payment Information
  • Enrollments
  • Patient
  • Claims Adjudication
  • Communication of Benefits
  • Statement and Policy Distribution
  • Insurance Application Process

Whether you are in the automotive, healthcare, property or home insurance industries, you process, email, mail or send out sensitive or proprietary information on a daily basis. How do you protect your business from costly data breaches or worse, loss of reputation and customers?





Got Encryption?

27 01 2010

From State to Federal? Massachusetts Regulation 201 CMR 17.00 mandates that all personal information of Massachusetts residents must be digitally encrypted and other states as well as the national government are taking notice. Senator Patrick Leahly is sponsoring a bill entitled, The Personal Data Privacy and Security Act of 2009 that  if passed would require private and government entities ensure that personal data is kept confidential. In addition, they would be tasked with developing measures for controlling access to sensitive information, detecting and logging unauthorized personal information access and protecting personal data both at rest and in transit.

So why is it important to encrypt data at rest and in motion?It ensures your data is encrypted before it leaves your computer and is only decrypted once it is delivered to the recipient’s machine. There are no “man in the middle” attacks and your business and organization will be compliant with regulations that are becoming increasingly strict in the healthcare, financial services, legal and insurance industries.  Will you be ready if the federal law is passed?