Data breaches come in many varieties, from hacked servers to stolen laptops, but one risk that people tend to forget about is the danger of having a shared file go AWOL. Inadvertently send an email to the wrong recipient, upload private data to a public server, or use a consumer-grade cloud file sharing service, and your company may find itself in both media and regulatory purgatory for months on end.

The California Department of Health Care Services recently learned this the hard way, when it mistakenly posted Social Security numbers for nearly 14,000 Medicaid providers to a public website. Chevron encountered the problem in 2011, when an errant employee email containing confidential financial data and information on the company’s role in setting global oil prices led to embarrassing stories in the Wall Street Journal and elsewhere.

Others have fallen victim to similar data sharing-related leaks, with all the governance, compliance and in some cases competitive repercussions that go along with them. Increasing use of cloud collaboration is heightening the risk, prompting IBM to ban employees’ use of services like Dropbox last year to avoid creating holes in the information dike in the event of a security compromise at one of the service providers.

Managing data movement with Managed File Transfer (MFT)

With more data to move and the burgeoning use of free cloud-based file sharing services, particularly to facilitate data access on mobile devices, the need to neutralize file sharing threats is rekindling interest in a technology that has been around for nearly a decade: Managed File Transfer (MFT).

Originally developed as a replacement for the now-40-year-old File Transfer Protocol (FTP), MFT centrally controls, secures and monitors data movement both inside and outside the corporate firewall. That includes everything from a marketing video or business contract exchanged between users, to payroll data sent from one IT system to another on a scheduled basis without human intervention.

It is, in essence, a Secret Service escort for shared files – and one that guarantees delivery and keeps meticulous records for transparency and tracking purposes to boot.

The specific features of MFT vary from solution to solution, but all have a set of core capabilities that mitigate the risks while also overcoming the management and compliance limitations associated with do-it-yourself file sharing strategies as well as FTP.

Built-in encryption and authentication eliminates interception of clear-text data transmissions for both ad hoc and scheduled file transfers. It also minimizes file exchange to and from unauthorized users.

Rules-based routing enables IT administrators to establish and enforce corporate policies on who can send what to whom. Senders and recipients can be restricted by privilege level, and by type of file such as business proposals, customer lists or financial reports. Rules can also be created to block uploads to outside servers or specific kinds of blocked servers.

Checkpoint and restart capabilities guarantee file delivery and also provide notification of transmission failures.

Support for files that exceed email attachment limitations eliminates the need for users to resort to insecure FTP or cloud services to share oversized files like CAD drawings, multimedia presentations, and large Power Points.

An audit trail of all data exchange activity provides a way to trace senders and recipients in the event of a data leak for compliance and forensic purposes.

Some MFT products like SEEBURGER Managed File Transfer also provide direct integration with data loss prevention (DLP) products that filter messages for forbidden content, allowing even more granular control over the types of data that may be exchanged. Most can also prevent uploads to specific IP addresses with proxy servers.

BYOD and beyond

For BYOD scenarios, deploying MFT on-premise in either a traditional licensed model or a virtual private cloud delivers extra protection. Users download files to their mobile device from a central server on an as-needed basis, and the system automatically deletes them from the user’s laptop, smartphone or tablet as soon as a file is closed. Documents or other files never leave the enterprise, reducing the risk that they will fall into the wrong hands.

These security capabilities are complemented by MFT’s ability to simplify the oversight of file exchange activity by providing a single, centralized point of control. This is a major administrative advantage over FTP, with its patchwork of FTP servers scattered throughout the enterprise, or consumer web services, which put file sharing completely out of IT control.

Some MFT solutions can be deployed as part of an enterprise’s core B2B integration platform, eliminating the need for a point solution that adds complexity to the IT infrastructure. They typically integrate with email and document management systems such as Microsoft Outlook, Microsoft SharePoint and EMC Documentum, automatically routing files through the MFT system with no extra steps on the user’s part.

Analysts like Gartner, Forrester and Aberdeen Group have predicted a surge in MFT technology adoption in the face of catalysts ranging from modern security concerns and compliance mandates to escalating data sharing needs, growing file sizes, and user demand for anytime/anywhere data access from any device – notably including mobile endpoints that are not managed by the enterprise and therefore without conventional security protections.

Another driver, of course, is fear of being the next victim of a breach like the California and Chevron cases described earlier. Replacing existing file transfer modalities like FTP might be your best defense against data exchanges that go awry.

About the Author

Rohit Khanna is Executive Vice President of Global Strategy and Corporate Development, SEEBURGER AG, a provider of business-to-business integration technology. The SEEBURGER Business Integration Suite merges EDI/B2B supply chain communications and managed file transfer in a single solution that simplifies both IT administration and file traceability, including consolidating management and reporting of all internal and external file transfer activity under one GUI.