Data loss is a growing risk managed file transfer can help
1 / 24

- PowerPoint PPT Presentation

  • Uploaded on

Data Loss Is a Growing Risk… Managed File Transfer Can Help. Tony Perri, CISSP Solutions Architect Ipswitch File Transfer. Data loss is a growing risk. Companies are collecting, storing, and transferring more and more data. Collecting Data:

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '' - haru

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Data loss is a growing risk managed file transfer can help

Data Loss Is a Growing Risk…Managed File Transfer Can Help

Tony Perri, CISSP

Solutions Architect

Ipswitch File Transfer

Data loss is a growing risk
Data loss is a growing risk

  • Companies are collecting, storing, and transferring more and more data.

    • Collecting Data:

      • How many times have you filled out a Web form with personal information such as your name, address, date of birth, phone number, credit card number, etc.

    • Storing Data:

      • This data is “king” for companies looking to better understand their customers and their markets, so this data is stored and subsequently analyzed.

    • Transferring Data:

      • The “pace” of business has increased, so data must be transferred quickly between internal and external people and systems.

Data is most vulnerable during transfer
Data is most vulnerable during transfer

  • Technology focus has been on minimizing the risk of data loss during collection and storage.

  • Technology for protecting data during transfer is available, but adoption is not keeping pace with the threats.

The information visibility problem
The Information Visibility Problem

  • Companies are failing to secure and manage the flow of sensitive information moving internally and externally:

    • 65 percent of companies surveyed have no visibility into files and data leaving their organizations.

    • 52 percent have no real visibility into internal file transfers.

    • Only 19 percent say they have complete visibility into files and data moving inside and outside their organization.

The external device problem
The External Device Problem

  • Increased reliance on external devices in the workplace is partly to blame:

    • More than 80 percent of IT executives admitted to using easily lost or stolen external devices like USB drives, smartphones and tablets to move and backup confidential work files.

    • 57 percent save work files to external devices at least once a week, a major security and compliance concern for businesses.

The email security problem
The Email Security Problem

  • More than 75 percent of IT executives surveyed send classified files and information via email attachments.

    • 26 percent of employees use personal email instead of work accounts to mask file transfer activity from management.

The policy and tool enforcement problem
The Policy and Tool Enforcement Problem

  • Creating policies and providing tools simply isn’t enough…. It’s the enforcement of that policy and tool that is the critical step.

    • 55 percent said their companies provide – but do not enforce – policies and tools around sharing sensitive information

Wikileaks fails to drive preventive it action
WikiLeaks Fails to Drive Preventive IT Action

  • In wake of one of the most revealing breaches in U.S. history, most companies are not taking the risks of losing business-critical information seriously.

    • 43 percent of companies ignored the business implications of WikiLeaks altogether.

    • Only 16 percent of companies implemented new policies and tools to protect against similar breaches.

    • Slightly less than 30 percent of companies discussed the implications with employees, but made no major changes to the way information is shared or protected.

2011 information technology priorities
2011 Information Technology Priorities

  • While many companies are still struggling to protect business-critical information, executives say that they’re making it a priority for 2011. Of the IT executives surveyed at the 2011 RSA Conference:

    • 40 percent ranked protecting sensitive information as a top priority in 2011.

    • 25 percent said securing cloud computing is important.

    • 20 percent said that managing the flow of information internally and externally is critical.

Employees will do what is necessary
Employees will do what is necessary

  • Employees have proven that they will do whatever it takes to get their job done, with or without IT.

  • Employees whose job requires them to send information to other people such as co-workers, partners, vendors or customers have thousands of options at their disposal.

    • Personal email account

    • USB drive

    • Social media site

    • CD/DVD’s sent via courier

Risk is to the business
Risk is to the Business

  • File transfer supports core business processes

    • Ordering, claims processing, supply chain management, health care, financial transactions.

  • Data loss means

    • Orders don’t ship, claims don’t get processed, supplies don’t arrive, health care records are unavailable, and financial debits/credits don’t occur.

  • Compliance Threatened

Costs to the business
Costs to the Business

  • Data loss incurs additional costs:

    • Average total per-incident costs in 2008 were $6.65 million

    • Average cost per data record in 2008 was $202

      2008 Annual Study: Cost of a Data Breach, Ponemon Institute 20 February 2009

  • Lost Revenue

  • Penalties

  • Damaged reputation

It needs
IT Needs…

  • IT needs solutions to:

    • Enable person-to-person, person-to-system and system-to-system file transfers

    • Create and enforce policies and rules that manage those file transfers

    • Encrypt transfers

    • Provide visibility into all data interactions

    • Enable compliance

Mft capabilities
MFT Capabilities

  • Protocols


  • Encryption


    • Provide Confidentiality and Integrity

  • Access Control

    • Control who has access to what data

    • Least-Privileged

  • Auditing, Logging and Reporting

    • Track every activity associated with transferring a file

  • Automation, scheduling, workflow

    • Provide Availability


1. Provide visibility into all file and data transfer interactions, including files, events, people, policies & processes


2. Manage, provision, and automate all file interactions, both internal and external to the company, organization or domain


3. Create and enforce administrator defined policies & rules

  • Server access rules

  • Security policies

  • Password policy

  • IP and user lockout rules

  • File extension rules

  • Domain rules

  • Encryption policy

  • Delivery notification rules

  • File size limitations

  • File expiration rules

  • Max server bandwidth (# files, storage space)

  • Max number of files that can be sent at a time

  • Max # of downloads

  • Multi-factor authentication

  • Guaranteed delivery

  • File Integrity

  • Non-repudiation

Real world business problems
Real World Business Problems

  • Needs

  • Challenges

Two frequent scenarios
Two frequent scenarios

  • Regularly scheduled reoccurring transfers

    • Replace legacy or home-grown systems

  • Ad-Hoc person-to-person interactions

    • Send large or large sensitive data

Classic bulk data transfer
Classic “bulk data transfer”

  • Used by Financial, Insurance and Health Care for years

  • Primarily B2B (not transactions)

  • Legacy Data Comm, FTP, MFT

  • Regularly scheduled, re-occurring transfers

  • Highly structured

  • Need

    • Encryption

    • Efficient on-boarding of partners and users

    • Policy Enforcement

    • Auditing and Reporting

    • Scheduling

    • SLA Monitoring

    • Sustainable key managment

    • Flexible deployment options (on-premises, hosted, hybrid)

Ad hoc transfers
Ad-Hoc Transfers

  • One-time or short-duration interactions between internal users and external customers, partners, clients, etc.

  • Examples

    • Marketing needs to send large image files to a contractor

    • Software vendor needs to send a patch to a specific customer

  • Sometimes a replacement for anonymous ftp

  • Bi-directional

    • Mortgage originator needs sensitive financial information from an applicant

Ad hoc transfers1
Ad-Hoc Transfers

  • Need

    • Encryption

    • Self-service user provisioning

    • Client-less access for internal and external users

    • TTL and Max Download policies

    • Auditing and Logging

    • Appropriate file size limits (or no limits)

    • Archival for e-Discovery purposes.

    • Flexible deployment options (on-premises, hosted, SaaS)

Data loss is a growing risk managed file transfer can help

For more information about Ipswitch File Transfer’s

solutions, call 608-824-3600 or email