What Would a $140 Million Loss Mean for Your Business?

14 05 2010

A recent Computerworld article, “Heartland breach expenses begged at $140M — so far,” discusses the devastating effects of the Heartland Payments Systems Inc. data breach, costing the company $139.4 to date. In Heartland’s case, credit card data was compromised from the company’s network last year. The 139.4m includes settlement money from class action law suits, data breach fines and ongoing litigation fees. Moreover, no price can be placed on the damage done to its reputation. Consider it a precautionary tale.

How can you prevent this from happening to your organization?

Security measures such as firewalls are not enough to prevent a data breach and while FTP might be a “free” file transfer solution, it’s not secure. The key to ensure a data breach doesn’t happen to your business is B2B Managed File Transfer and Communications.

  • Ensure security throughout the entire file transfer process
  • Verify that only authorized customers and partners can send data into your network
  • Protect your mission-critical data in and out of the DMZ
  • Verify authorization before data is passed through your internal firewall
  • Secure ad hoc communications including large files and attachments

How protected is your network?


Managed File Transfer: Not Just a FTP/sFTP Replacement

5 04 2010

Most seasoned IT support staff think of file transfer as a method of moving data between the mainframes of different companies. However, the scope and challenges involved have become much more complex, and accordingly, the space has become segmented.

  • B2B Transfers – This segment has grown tremendously as Web-based protocols have enabled companies to connect all their business partners without the need for dedicated lines, replacing transfers originally performed by exchanging physical media via courier or fax.
  • Internal File Transfers – With the advent of distributed computing, when some business applications moved away from the mainframe or were supplemented with server-based applications, the need arose to transport data in bulk to server-based applications for processing. Often, this need was addressed with free tools such as FTP/sFTP. However, while these tools were cost-effective and solved an immediate problem, little focus was given to the security and reliance these solutions could provide and to the bigger picture of the IT infrastructure.
  • Ad hoc File Transfers – Does you company need to facilitate infrequent, ad hoc data transfers – either between companies or between the data center and a larger user base such as your sales force? Then, you should look for solutions incorporating Web-based portals for this ad hoc data exchange.

Additionally, Managed File Transfer gives you the ability to meet security, compliance and audit requirements. With regulations such as Sarbanes-Oxley (SOX), the Heath Insurance Portability and Accountability Act (HIPAA) and Gramm-Leachy Bliley Act (GLBA), companies are under greater pressure to meet strict mandates. A Managed File Transfer solution should help you streamline the audit process by providing a central point for all audit information.

Through the automation of your file transfer infrastructure, you gain these benefits and more, including cost savings and reduced risk. As a final thought: You also don’t end up in the news. Stories of data breaches and the organizations that have to report them are picked up by major media outlets on a daily and increasing basis.

Is FTP/sFTP doing all this for you? More importantly, can you risk it?

FTP and SFTP vs. MFT for OS/400, IBM i, platforms

8 03 2010

Over the past few weeks, I have seen a lot of news group chatter regarding FTP, FTPS and SFTP relating to the IBM System i, i/OS. Although FTP(S) and SFTP provide workable options when limited file transfers are need, they lack the functionality and usability of a mature Managed File Transfer (MFT) solution. Let’s look at some of the advantages provided by a good MFT product verses FTP.

For the purpose of this post, the term OS/400 also refers to i5/OS, i/OS and IBM i.

Under OS/400, SFTP is provided via the PASE and its use is described in this IBM Systems magazine article.

FTP(S)/SFTP vs. MFT functionality

Transferring nested directories is time consuming without a good GUI interface. MFT solutions provide simple and easy-to-use methods for transferring nested directories.
FTP(S)/SFTP only provides two party transfers. MFT allows three party transfers. In a two party transfer, files are transferred between the server and the client. In a three party transfer, the client sets up transfers between two servers so that an intermediate transfer is not necessary.
With FTP(S)/SFTP, controlling end-of-line can be tricky at best. MFT provides straight forward means by which to specify the character or character sequence wanted for end-of-line.
Using OS/400 FTP(S)/SFTP, you may have to create files before doing the transfer to get the correct file settings. An advanced MFT product allows the user to set file appropriate attributes before the transfer or detect those attributes in an OS/400 to OS/400 file transfer. Also, a good product provides one or more methods for automated file creation for save files and database files requiring DDS.
FTP only provides basic scripting. Advanced MFT products provide a full fledged scripting language allowing automation of even the most sophisticated transfer processes.
FTP on OS/400 allows execution of simple commands. Modern, full function MFT products provide the ability, possibly via add-on technology, to not only execute OS/400 commands, but also commands on other systems. A really advanced product also provides logging and control options for the remote system.
OS/400 FTP allows setting a CCSID when opening the FTP session. MFT products go beyond initial CCSID settings by detecting and automatically setting the CCSID for each file transferred during a multiple file transfer whether transferring from the QSYS or IFS file system. A really great MFT product will also adjust end-of-line settings based on ASCII vs. EBCDIC file type.
SFTP only provides binary transfers. FTP supports Single Byte Character Set, SBCS, code pages and some FTP products support UTF-8 code pages. Cutting edge MFT products may support all of the Unicode variants as well as Double Byte Character Set code pages. Although the author knows of none, MFT products that fully supports Mixed Byte Character Sets may exist.
FTP(S) and SFTP provide limited, if any, fault tolerance. MFT products provide network fault tolerance allowing transfer completion following network connection failure and recovery. They may also provide manager fault tolerance for remote command execution whereby remote commands may complete during network outages. Following network recovery, output from reconnected processes is transferred back to the initiating system.

The above information primarily addresses MFT functionality; however, all of the functionality potentially included in an MFT product is not covered. Look for such things as the ability to move files as opposed to only copying files and the ability to list files to name only a couple of items. Security options are referred to but not discussed in detail since they are limited in regard to FTP. The issue of data integrity was not discussed and should be carefully considered before purchasing an MFT product.

Why move to Managed File Transfer when FTP works for me today?

15 12 2009

This is a question often heard in the market and on the surface it looks pretty straightforward.  If it’s not broke, don’t fix it!

When you dive deeper into the purpose of a file transfer operation a bigger picture becomes clear.

Is the only purpose of a file transfer to get isolated data from point A to point B?  Or perhaps, is the purpose part of a much bigger business process impacting the success of the company?

All data movement should be looked at as being part of something bigger than itself.  There is no isolated movement of data in an organization.  Even backups are the final step in a business process ensuring recoverability.  The process of moving data from the creating application to the next application that requires it until the business at hand is complete and the data rests must be managed.  It must be part of an integrated process that is secured, timely, guaranteed, optimized, automated, auditable, and visible to the organization.  The success of the business depends on it.

While products such as FTP provide the ability to move a single file from point A to point B, only a true managed file transfer solution can offer the necessary means to guarantee the data is managed as part of a bigger picture directly related to the business.

In addition to getting the data from point A to point B in a secure manner, a managed file transfer product should offer:

  • Guaranteed delivery
  • Integration to pre and post processing of the data transfer operation providing streamlined workflow execution
  • Event triggered file transfer operations ensuring timely and automated execution
  • Logic based decision making during data transfer operations
  • Customized logging to satisfy any internal or external audit requirements
  • Central visibility to data movement
  • Bulk and wildcard file transfers optimizing implementations and operations
  • A portable application means faster on boarding regardless of platform

When it comes down to the big picture when looking at file transfer the answer becomes clear.  Staying with a product like FTP because it is ‘not broken’ means missing the importance of data movement as an integral part of your business process impacting your success.

FTP is no fun – Not easy to manage, no security and just too hard to implement

9 12 2009

Securing FTP from the OS is not easy due to platform differences and managing the production activity can be impossible. Many IT organizations continue to implement more and more rogue servers to just send 1 file and there has to be a better way!

Where’s my File?

19 09 2009

When most IT folks ask the question, “Where’s my file?”, they mean text files, executable files, DLL files, INI files, and many other types of files. However, that question is just a “little” more complicated on the IBM i platform. “How so?” To IBM i, everything’s an object. There are program objects, class objects, job description objects, subsystem objects and many more object types. And, file objects are actually made up of multiple system objects. “What does that have to do with file transfer?” IBM i file transfer programs normally only handle database files, save files and physical source files which are actually a type of database file.

“As long as I get my data, why should I care?” IBM i objects, as with modern languages, have attributes associated with them. These attributes establish record length, maximum number of file members, access path characteristics, sorting sequence, authority inheritance, data definition specification source file name and many other things. “Why do so few managed file transfer programs handle IBM i attributes?” To do so the file transfer program must be aware of file object attributes and their associated fields. Handling file object attributes requires that file transfer programs carry attribute information as part of the file transfer process. Providing this level of sophistication requires a level of technical expertise unavailable to most companies and a high commitment to customer satisfaction.

“So what?” To make up for the file transfer program’s inability to properly handle file attributes and fields, users have to spend a lot of ‘wasted’ time setting up files prior to the actual transfer. They must then transfer the files in binary which does not allow text field translations. Without a sophisticated IBM i file transfer program, transferring thousands, or even hundreds, of files a day can quickly become prohibitive or require a lot of special automation.

Is “Where’s my file?” the only question to ask? What about where’s the meta-data, audit trails and process visibility? There’s also how do I cost effectively handle multiple-platform and multiple-system configurations. These are critical questions for companies with thousands, hundreds or even tens of of systems that may be spread around the globe.

Is your MFT Smarter than my MFT?

24 07 2009

Managed File Transfer and secure data exchange requirements continue to grow.  More data, more systems and more processes and FTP just isn’t the right solution, in fact it has limited/no management or retry capabilities.

According to Gartner:

Numerous factors cause companies to re-examine how they manage the movement of information from system to system, partner to partner, and person to person. FTP [File Transfer Protocol] alone isn’t a viable option to give the insight, security, performance, and, ultimately, the risk mitigation necessary to responsibly conduct business.” (For more information, see Kenney, LF et al.: “Magic Quadrant for Managed File Transfer,” page 2, Gartner Research Publication ID Number G00157614, 23 June, 2008.)

Many vendors promote SFTP (secure file transfer protocol) solutions. The data is transferred through SSH, a network protocol that allows data to be exchanged using a secure channel. While SFTP offers a minimal amount of security, it still compromises both your data’s confidentiality and integrity. SFTP has inherent design flaws that are making this seemingly secure method of transfer as obsolete as FTP.

So the net is organizations today are looking to deliver more capabilities to the business in a centralized solution for managing secure file exchange.   The realities of most organizations today:

  • Your existing tools lack functionality, causing you to spend too much time and manual effort to try to compensate for this lack of functionality.
  • You have products with the above functionality, but the solution is too complex and expensive to be deployed everywhere the business needs it.
  • Your existing vendor is overcharging you and is too inflexible to meet all of your needs.
  • You have too many products and need an intelligent strategy to consolidate and move forward.

There needs to be a better way to do this, a more intelligent way.  So what’s your strategy?