B2B Managed File Transfer: The Business Value

29 04 2010

Managed File Transfer solutions enable you to securely send data to your business partners, suppliers and partners. But, is that all it does? In an effort to comply with regulatory mandates, to meet customers requirements and to improve customer and partner relationships, more and more organizations are looking for the complete package.  Managed File Transfer enables organizations to meet compliance standards and provide data security, whether the transfer is internal, external or ad hoc.

Many organizations are also using EDI (Electronic Data Interchange), a particular set of standards and security protocols, to send information such as purchase orders and invoices to customers, suppliers and partners. In fact, some of the data exchange might not be the norm: X-rays, CAD files, movies, etc.  The benefits to EDI are plentiful:

  • Reduced costs
  • Speed
  • Paper elimination
  • Data entry elimination
  • Greater accuracy

In close conjunction with EDI, VANs are value added networks. Approximately 90 percent of EDI transfers go through VANs. VANs act as the post office that stores, routes and delivers your files. While EDI and VANs are not new technology, integrating them with a complete MFT solution is. What if there was one solution that could handle all types of B2B communication?  There is.

Consolidate B2B Communication for Greater Visibility

B2B Managed File Transfer offers all of the above functionality, allowing you to consolidate your B2B communication workflows.  One advanced solution can centralize internal and external MFT as well as ad hoc file transfers and EDI transactions. With this solution, you benefit from greater community management, flexible integration capabilities, advanced transfer reporting, uninterrupted data flow and a centralized enterprise. The benefits of B2B MFT are:

  • Security and Compliance
  • Consolidation (no more silos of information)
  • Leveraging Investments and Growth

Reduce costs. Become more agile. Automate processes. Scale for growth. Realize quick R.O.I.

Ultimately, the most important business value of B2B MFT is improving partner, supplier and customer relationships.


Thoughts about the “Study: Frequent password changes are useless” article on Yahoo News

17 04 2010

I recently read the article Frequent password changes are useless

After giving this some thought, a couple of things struck me as being very important but easily overlooked. Both are related to this paragraph,

“Rather, frequent password changes are simply a waste of time and, therefore, money. According to the Microsoft researcher’s very rough calculations: To be economically justifiable, each minute per day that computer users spend on changing passwords (or on any security measure) should yield $16 billion in annual savings from averted harm. No one can cite a real statistic on password changes’ averted losses, but few would estimate it’s anywhere approaching $16 billion a year.”

The article says “frequent password changes are simply a waste of time” and it does not define frequent. By frequent do they mean daily, weekly, monthly? I would not think that changing passwords once a quarter would qualify as frequent.

Note that that $16 billion is not for each company! It’s for the national aggregate. If your company only looses $1 million, that’s simply a small piece of the aggregate pie; but, for many companies, it could mean bankruptcy or, potentially, years of expensive, personal data breach litigation. If memory serves correctly, defense against this type of litigation depends heavily on having taken every ‘reasonable’ precaution. If one of those reasonable precautions is deemed to be frequent changes of passwords, then never changing passwords or changing them only once per year could mean additional loss of millions in court battles. Oh, one must also remember the fines and penalties if data protection laws are violated and loss of credibility in the market place when it’s your company that gets compromised.

Something to think about.

Is the IBM i secure or irrelevant? IBM i object security vs. Win and UNIX file security

1 04 2010

A critical security consideration for any operating system is how it secures ‘files’. Although the contexts may deffer, both Windows and UNIX encapsulate all types of information in fies of various types. IBM i, on the other hand, encapsulates information in various types of objects. Different objects require different types of access.

If I know the name and path of a file under Windows or UNIX, I know its location and can access it by knowing how to read and navigate the file structures. Under IBM i, objects in the native, library file system are located and constructed via sets of pointers. Knowing how to read and navigate the file structures only leads you to bits and pieces of an object’s definition. As a result, hacking an IBM i system requires an order of magnitude greater knowledge and sophistication than hacking either Windows or UNIX.

UNIX secures files at owner, group and public levels for read, write and execute access. Older versions of Windows only secured files via read-only, hidden and archive permissions attributes. Newer versions of Windows and many UNIX systems also provide Access Control Lists (ACLs) to secure ‘objects’ against access via user’s without proper permissions or authority. From it’s earliest days, starting with System/38, the IBM i series provided true object access control at multiple levels of an object’s definition. At the higher object definition level, the system provides Operational, Management, Existence, Alter and Reference control. For objects containing data, the system additionally provides Read, Add, Update, Delete and Execute control. What is more, file definitions can extend access controls to the field level. For the UNIX and Windows like file systems which are part of the Integrated File System, native object access controls are used to emulate UNIX access controls.

At a higher level, authority lists provide the ability to control object access for multiple objects using a single, easy to manage object. And, IBM i supports ACLs in limited environments.

Therefore, IBM i provides very mature and sophisticated access control mechanisms with a great deal of granularity. This is part of the reason IBM i systms are compromized far less often than are Windows and UNIX systems.

Is the IBM i secure or irrelevant? Intrusion detection and prevention

18 02 2010

Platform insecurity renders Managed File Transfer security meaningless. No matter how good your internal architecture your administrator requires protection policies and tools to detect, identify, isolate and mitigate or stop attacks.

Rather than cover what IBM Systems Magazine has well documented, I refer to the following two articles. The first is titled “Intrusion Detection on System i” with the introduction: “Hackers, crackers, intruders, oh my! And each with their pride at stake, But rest assured with a System i, You’ll have a host that they can’t break.” This August 2007 article by Jim Coon and Yessong Johng points our potential methods of intrusion and what to do about them.


The second article, “Intrusion Detection and Prevention on IBM i” written in March of 2009 by Jim Coon and Lindsay Avers, addresses how to set up detection and deal with intrusion, even on a real time basis.


As attackers become more inventive and pervasive, IBM i provides the ability to push back and defend your valuable resources.

Ensuring the Confidentiality of Your Insurance Data

12 02 2010

With the growing amount of headlines regarding HITECH and HIPAA compliance, insurance companies should take note: payor associations and related parties are required to comply with these mandates if they partner or work with healthcare organizations (HCOs) or Providers of Service (POS). Whether you work within the healthcare insurance industry or a different segment, insurance information is susceptible to many of the new data breach regulation laws growing strength at the federal, state and local levels.

How do you protect your customers' confidential information?

Can you show the securely transfer the following information?

  • Client and Patient Policy Information
  • Client and Patient Payment Information
  • Enrollments
  • Patient
  • Claims Adjudication
  • Communication of Benefits
  • Statement and Policy Distribution
  • Insurance Application Process

Whether you are in the automotive, healthcare, property or home insurance industries, you process, email, mail or send out sensitive or proprietary information on a daily basis. How do you protect your business from costly data breaches or worse, loss of reputation and customers?

HITECH – Show Me The Money!

19 01 2010

The pressure is on to automate clinical processes and exchange information electronically, and to do so in a secure environment. The negative impact of a data breach potentially outweighs government early adopter incentives and non-compliance fines.  With data breaches making headlines at an increasing rate, healthcare organizations face intense media scrutiny, customer churn and a tarnished reputation.

According to the Ponemon Institute’s report, “The 2008 Annual Study: Cost of a Data Breach”, breaches are costly events for an organization; the average total cost per reporting company was more than $6.6 million per breach (up from $6.3 million in 2007 and $4.7 million in 2006) and ranged from $613,000 to almost $32 million. Cost of lost business continues to have the highest financial impact with 69 percent of total data breach costs attributed to customer churn.

Conversely, HCOs stand to gain serious money by proving HITECH (The Health Information Technology for Economic and Clinical Health Act) compliance. Each physician will receive $44,400 a year for three years if they can prove they have completed an electronic data exchange to another entity. Early adopters of “meaningful use” of EHR systems will be the first to benefit from the government stimulus money. Non-adopters will be subject to penalties and fines up to $1.5 million if they fail to meet compliance requirements.

Help me. Help you.

How Colleges are Becoming Data Breach Gold Mines

15 01 2010

Image Courtesy of Fleming College

In the past few weeks, there have been four separate US collegiate data breaches announced.  The total number of records compromised was around 200,600.  From a successful phishing attempt to a malicious file sharing software installed on network machines to a malware assault and a direct hack into a university library system server, all of these breaches swiftly pilfered large amounts of data with ease.

So, why colleges?  What do universities have that make them so susceptible to massive data breaches?  The answer is in the body.  The student body, that is.  A university’s main source of income is people.  The best way to track these moneymakers is to contain their information.  As anyone who has ever filled out a college application knows, they receive every minute detail about one’s past and present, right down to mother’s maiden name and father’s yearly income.

Employees in universities need access to this information as well, since each department, whether it’s the health clinic or the registrar, deals with students.  The amount of users with access to it all is exponentially larger than an average organization containing such data.

The end result is a gold mine for data breaches.

As a college student, I know that we tend to have money trouble as it is.  To have our information then stolen by someone who plans to use it for monetary gain is just icing on the stale cake of financial problems.

So, as always, what’s the solution?  Well, it may be easier than we think.

For instance, instead of simply password protecting student information, perhaps encryption could help contain the information within the database.  Any hacker could phish a password, but to run into detailed encryption upon entry would deter many of them.  Also, the use of a secure and compliant file transfer solution would eliminate any holes during correspondence with the database and its users.  Whether in rest or in motion, the data could maintain security only accessible by the sender and receiver.

As we move forward, colleges should aim to secure all of their critical data and make 2010 safe for students everywhere.  Also, avoiding tuition hikes would be nice.  Just sayin’.