1 / 11

Secure Data Transmission

Secure Data Transmission. James Matheke Information Security Architect Ohio Department of Job and Family Services. IT Security Management Critical Success Factors. Managing Confidentiality, Integrity, and Availability of IT Services and Data Providing Security Cost Effectively

myra
Download Presentation

Secure Data Transmission

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services

  2. IT Security ManagementCritical Success Factors • Managing Confidentiality, Integrity, and Availability of IT Services and Data • Providing Security Cost Effectively • Proactively Addressing Security Improvements Where Needed Source: ITIL

  3. How to Share Data Securelywith Other Organizations • Key Findings • If the IT organization does not proactively address the issue with policies and practical alternatives, then end users will obtain their own mechanisms for sharing sensitive information externally, resulting in unwanted and potentially harmful data leakage. • A growing variety of convenient and cost-effective technologies enable data owners to control the use of their data, even when it is accessed and modified on noncorporate PCs. • Despite availability of technical solutions, lack of appropriate care is the primary cause of unintended data leakage. The most significant control is to ensure that your staff and their external partners are aware of the problem, are willing to help prevent data leakage and know how to share information safely.

  4. How to Share Data Securelywith Other Organizations • Recommendations • Implement a policy and educational campaign to ensure that employees perform a careful risk analysis before sharing sensitive data with external audiences. • Begin experimenting with mandatory forms of data protection technology. • Look for practical mechanisms to detect and reduce inappropriate use of information through access controls and activity monitoring, remembering that highly motivated persons will always find ways to circumvent controls. Source: Gartner

  5. What are Your Four GreatestFile Transfer Concerns? Source: Ziff Davis

  6. FTP Use is GrowingDespite the Risks • FTP is not secure • FTP is not free • FTP is unreliable • FTP is unmanaged • FTP is susceptible to security breaches

  7. Secure File TransferControl • End User • Manual • Automated • System-to-System • Centralized System

  8. Secure File TransferMechanics • File Encryption (e.g. WinZip) • Network • Private Line with or without Encryption • Virtual Private Network (VPN) • Site-to-Site • State Wide • Remote Access Source: Gartner

  9. Secure File TransferMechanics • Application/Protocol • SFTP (Secure FTP over SSH) • Private/Public Keys • FTPS (Secure FTP over SSL) • Certificate • HTTPS (HTTP over SSL) • Password • Proprietary (e.g. Sterling Connect:Direct Secure+) • Private/Public Keys

  10. Secure File TransferBest Practices • Ensure Confidentiality and Integrity of data both at rest and in transit. • Ensure authenticity of all users and processes involved in your transactions. • Implement appropriate access control and authorization throughout the transaction lifecycle. • Minimize performance and availability cost created by the security controls. • Implement a centralized system to deploy, maintain, and monitor security components. Source: SSH

  11. Secure File TransferChecklist • Contract/Agreement for data sharing • Ensure perimeter security at the DMZ • No storage of data in the DMZ • Harden the System/Server • Log and audit usage • Eliminate anonymous users • Leverage existing security infrastructure (e.g. LDAP) • Use strong authentication • No hard coding of credentials in scripts

More Related