• open panel
  • Home
  • Articles posted by James Lewis

Author Archive

Managed File Transfer & Gartner’s Application, Architecture, Development & Integration Summit.

Gartner AADI Summit

I’ve long held the opinion that the marketplace for Managed File Transfer, as a standalone technology, was coming under pressure from many other technologies, so I jumped at the  opportunity to attend the Gartner Application, Architecture, Development & Integration Summit in London, courtesy of Thru Inc.

Attended by many of Europe’s largest Enterprises, Gartner’s AADI provided me with a unique insight into the challenges Enterprise Architects and CIO’s currently face, in integrating a wide variety of applications within their business.  Of course the main focus for the many sponsors of the event was API’s, what API’s they had, how they could be scaled, how they could be secured and so on.

Being at the show with Thru enabled me to have some interesting conversations, which went far deeper than our typical discussions about how file transfer automation, or how an ad hoc file transfer solution enable companies to meet their customers’ needs. The conversations we’ve had at this event have been much more focused on how Enterprise Applications can leverage APIs to provide Managed File Transfer and the subsequent governance and audit of the data.

Thru’s API differentiates them from many Ad Hoc File Transfer vendors and their wide range of current case uses support this.  For example, well known ISV’s use Thru’s platform to enable software and licence delivery, enabling customers to download large ISO’s or software packages, completely unaware that Thru is doing the grunt work behind the scene.

Thru don’t just have deep integration capabilities via their API, they also have connectors for Microsoft Outlook, Lotus Notes, Microsoft Sharepoint and Salesforce.com.  Coupled with their Cloud, Hybrid or On Premises deployment options, they have a compelling offering to support the continuing drive to leveraging existing Enterprise Applications.

 To learn more about how API’s can ‘off load’ file transfer from your Enterprise Applications, call our consultants on 0333 123 1240.
Share on TwitterShare on FacebookShare on LinkedIn+1
 

A look back at InfoSecurity Europe 2014

InfoSec was a little different for the team at Pro2col this year.  We decided to take our own stand again, rather than working on a vendors and it certainly paid dividends. Whilst the show was undoubtedly quieter, due to the Tube strikes and poor weather, it would be fair to say that those that were committed enough to come were there for a reason.  We had lots of conversations with interesting companies about their need to move data securely, from geo-physics to exam papers and everything in between.  All in all it was definitely a worthwhile investment!

Email & Sam at InfoSecurity EuropeAt the exhibition we had a competition to win £250 of Virgin Experience Day vouchers, which our lovely models Sam & Emily ran for us. To enter they simply needed to scan the badges, the girls did exceptionally well with over 1,000 entries over the three days.  We’ll be announcing the winner on Friday, 9th May so watch this space.

As per usual with exhibitions we over indulged a little with some of our vendor partners outlasting us til the early hours of the morning.  And it wouldn’t be InfoSec without some Champions League football to take in as well.  We’ll be sad to see Earls Court being redeveloped having attended some ten plus exhibitions there over the years, still I’m told Olympia has been ‘done up’ so I guess we’ll be heading there for InfoSec next year.

Finally I want to thank all of the team that helped with the event, our customers for coming along to speak to us, our vendors for their hospitality and our models for the fab job they did!

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Download Our Latest Ad Hoc File Transfer Comparison Guide

Ad Hoc Comparison Guide v2 2014

Hot on the heels of the first release we’re delighted to announce that the version 2 of our Ad Hoc File Transfer Comparison Guide now includes Thru Inc.

Pro2col’s comparison guide features the worlds leading file transfer solutions, helping you to choose the right technology for your business. Click here to download the latest guide.

 

 

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Five File Transfer Pain Points

In a normal day, companies and individuals must transfer files containing many different types of sensitive and mission-critical information across systems, businesses and departments – everything from legal documents to X-rays to credit card statements. In an effort to get work done, employees will often skirt the rules of IT and turn to readily available file-sharing options outside the corporate IT structure. This opens the company up to a host of liabilities from security, visibility and control to inaccurate information being transferred within systems. Jeff Whitney, from Ipswitch File Transfer, has identified the top five IT pain points associated with file transfers.

  • Complexity

File sharing solutions are often complex and do not provide a unified standard for the business to automate processes.  As file sharing has been core to business process for quite some time, there are often legacy systems in place with layers of homegrown tools and scripts, as well as products from multiple vendors.

  • Limited Visibility & Control

Businesses, especially in regulated industries like health care and financial services, need to have the ability to track the movement of files. IT teams often talk about “flying blind” when they don’t have visibility into where files are or proof that they’ve been delivered.

  • Employeees Circumvent IT

Without a centralized file transfer system in place, employees will often bypass IT and use a commodity file-sharing product, subjecting the organization to added security risks. This is an escalating issue with the proliferation of consumer-based sharing applications, like Google Drive.

  • Ensuring Security

Security is always a top priority for IT teams, but there is often little insight into the way that businesses transfer critical data.  When issues do occur, IT is often blind to them since they lack general oversight of the file transfer process.

  • Insufficient Resources

The IT department, like many others within organizations, is constantly being asked to do more work with less resources. Companies are creating and transferring documents at an exponential rate and IT must find a way to scale current systems, processes and resources to meet these increasing demands.

 

How can you remedy these pain points?

Forward-thinking IT teams are adopting or looking into managed file transfer (MFT) solutions to free-up resources to focus on other critical business needs. These teams are finding that an MFT strategy allows automation and auditability of file movement.

 

About us
As the UK’s leading independent experts in managed file transfer, Pro2col is well positioned to help you to assess your requirements, identify potential solutions, demonstrate the leading contenders and help you to evaluate those that fit best.  We’ve worked with over 600 companies in 28 countries to address their file transfer challenges and we’d very much like to help you with your file transfer project.  To get started download some of the free resources or contact our file transfer specialists on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Globalscape Mail Express and EFT Disaster Recovery Practices

By Eric Hall – Globalscape Channel Engineer Executive

How to maximise uptime of Globalscape solutions, especially EFT and Mail Express, when dealing with a disaster in the Production data centre. This is an important topic that either doesn’t get enough attention or is discussed in terms limited to either Disaster Recovery or uptime within a single data centre, one or the other only. I want to make sure the topic of Disaster Recovery is addressed as thoroughly as possible, and hope you will find this useful to keep for later reference.

With the current generation of Globalscape solutions, we strongly recommend either an Active-Active configuration made possible by the EFT Sync Tools or an automated Active-Passive (failover) cluster. Both options minimise downtime in the Production data centre during any interruptions in service due to failure or maintenance of the hardware, software, or OS. The Active-Passive configuration is supported out of the box, and it’s easy for EFT to be installed into this kind of failover cluster once it’s been set up. The installer will actually prompt you to specify whether it’s being installed in a cluster and will generally walk you through the extra steps required.

Some organisations have a high tolerance for downtime and are very unusual in that they have a seamless, high-bandwidth, low-latency integration of a secondary data centre with their primary data centre (often separated by only short distances over dark fibre, for instance). Those organisations may choose to get away with using their “disaster recovery” environment as the fail-over instance in lieu of a proper cluster. In reality, it’s rare that customers actually have the infrastructure to make this a reality. Even more rarely does this work in a manner that’s nearly as neat and tidy as they might expect, but it is theoretically possible.

For actual disaster recovery, where the primary data centre has been rendered unusable due to some natural disaster or otherwise a massive power or connectivity outage, there are two primary approaches.

 
1)      Warm (some would call it “Hot”) – As a reminder, Globalscape now offers its EFT Sync Tools to regularly synchronise configurations between EFT installations, which is ideal for those who need a more seamless and “Warm” DR implementation. If there is a constant connection between the Production and DR data centres, then you can use the EFT Sync Tools to keep the DR installation up to date with the Production configuration. Some would call this a “Hot” backup, but that requires all of the surrounding services to also be up and running, and you typically do not want an EFT Enterprise continually attempting to accomplish Scheduled or Folder Monitor tasks against resources that may not be active and up to date. The EFT Sync Tools allow you to specify on which EFT installation various rules run, so that you can be sure any rules you don’t want running on the DR server are left alone until the appropriate time.

Using this approach intended for a Disaster Recovery scenario is what may allow you to potentially use it as a failover for simple maintenance or failure occurrences, but it is still not the kind of seamless and automatic failover achieved with MSCS on Server 2008 R2 and 2012 nor an Active-Active approach made possible by the EFT Sync Tools.

This option is often the best, offering a high degree of confidence and value.

 
2)      Cold – Without the EFT Sync Tools, the next best option is a “cold” DR implementation, which is workable but more complicated. For this you would configure EFT Enterprise to periodically make a backup of the configuration not just locally but also to the remote server (ideally it will have connectivity to drop the file off through a shared folder on the DR EFT Enterprise server’s hard drive). This can be once a day or every 5 minutes, depending on how extreme the requirement and how often changes are realistically going to be applied to the production server’s configuration. This is one of the many reasons larger organisations should invest in EFT Enterprise, as the Standard version does not offer this kind of enterprise-minded capability.

When such a disaster occurs, the otherwise idle or sleeping EFT Enterprise in the DR data centre would need to be restored to the latest known-good configuration from the production environment. Keep in mind that for all the operations that require other resources (ARM, authentication sources, DMZ Gateways, shared folders to monitor, etc.) the DR environment must be well configured to appear functionally the same, which is a good reason for the use of name resolution rather than manually typing in hardcoded IP addresses. Additionally, remember that EFT will not replicate user data, database content, or anything other than configuration and operational data.

There are two ways to “restore” the latest production configuration onto the DR server. First, a human administrator can start the service, log into the administrative interface, and select File > Restore Server Configuration to start the wizard. Once it’s completed, it will be up and running with the production server’s configuration, and you can start directing incoming connections to that server.

Second, you can automate the process by creating a script or application to programmatically restore the configuration in a predetermined way. We’ve actually done some of that work by throwing together a hypothetical example script (Backup and BackupEx) we provide for free from our Help File. You would need to edit that script for it to be applicable to your particular environment, but we’ve gotten the ball rolling to help that process along.

Again, I advise against trying to use a DR site as a substitute for a proper highly available implementation (Active-Active via EFT Sync Tools or Active-Passive via MSCS), but it is do-able to create a very well groomed and orderly configuration and environment replication, as long as you can tolerate the additional downtime required to kick off and complete the process.

Please do not hesitate to contact Pro2col should you wish to discuss the design or implementation of DR in your environment.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Globalscape Mail Express Integration with EFT

By Eric Hall – Globalscape Channel Engineer Executive

What does Mail Express integration really mean? What benefits does it offer to those looking for both a back-end automated MFT solution as well as a solution to make available large or sensitive file sharing between people via email? Might it make sense in some cases to combine EFT Server with Mail Express? I’ll address the Top 3 key points below.

Globalscape Mail Express Reporting Window1)    Reporting – All the information required by IT personnel on their users’ activities is already available in the Mail Express database. Mail Express includes some reporting and auditing capabilities out of the box. However, those reports are more suited to drilling down to individual packages for auditing and spot-checking, and if you have EFT already, then it’s an additional place you have to go to for reports. Many of our existing EFT customers voiced that they preferred EFT’s Auditing and Reporting Module (ARM) reporting style and capabilities, especially as integrated with EFT’s ability to generate reports on a scheduled basis and either store them in PDF format or embed them as HTML into an email sent periodically to the appropriate parties. So we expanded Mail Express to communicate its activities to EFT so that they can be recorded to ARM and reported on in the same set of reports already available for SAT. If you have EFT 6.5 with ARM, and you add Mail Express 3.3, you can optionally integrate the two together for consolidated reporting. These reports are all available under the list of built-in reports as “Activity – Ad Hoc …” with the various flavours supporting it. If the customer has not completed the upgrade to Mail Express and is still running SAT somewhere in their organisation, these reports will be combined, ensuring a smooth transition.

Globalscape Mail Express Automation2)     Automation – One piece of functionality not offered out of the box by Mail Express on its own is the ability to automate processes on files being sent via Mail Express. Unlike EFT, where files tend to be moving through EFT to their final destination on, files sent via Mail Express are effectively parked in the Mail Express storage, waiting for the recipients to authenticate themselves and retrieve the individual files or complete package. This makes it well situated to allow antivirus and Data Loss Prevention solutions to passively scan the files on writing or reading from disk.

However, not all storage systems are so conveniently configured. Therefore you now have the ability to leverage EFT’s simple and powerful Event Rule system to automate processes as required by company or regulatory policy. Do files need to be retained for a period of time? Copy them to an eDiscovery or archival storage area. You can even encrypt and sign them to compress the files for long-term storage and ensure the file integrity to both protect the contents and avoid tampering. Do AV or DLP scans need to be run? Use EFT to call the appropriate utilities either directly via command line using a Command or invoke their DLLs programmatically with the Advanced Workflow Engine (AWE).

Whatever the requirement, you can now leverage EFT to make sure that need is fulfilled. And of course all such automated activity will also be recorded by EFT to the auditing database with ARM.

For example, as in the screenshot shown here, I have:

  1. Created an “On File Uploaded Rule”
  2. Added the condition so that it is only triggered if the upload has occurred where the Protocol is “Ad hoc Over HTTP/S Protocol” which is how it defines an upload through Mail Express
  3. Execute a “DLP Scan” command invoking a command line DLP tool
  4. As long as the scan does not fail, copy the uploaded file to an archive directory
  5. Encrypt (and compress) the archive copy

3)      Configuration – In the spirit of avoiding the duplication of effort, having to make the same changes multiple times or in multiple places, Mail Express can now synchronise its configuration with EFT, if desired. You do not have to do this at all, of course, but it’s available for those who find it valuable.

NOTE: Only 32-bit Mail Express installations can communicate with EFT. Mail Express is now included in the EFT installer, and that included version is the 32-bit version for precisely that reason.

There are three key configuration areas that Mail Express can synchronise with EFT: SMTP server details, DMZ Gateway connections, and SSL certificates. These configurations may be synchronised wholesale, or the administrator may pick and choose the specific aspects of the configuration that will be appropriate. For example, for the SMTP settings, you may wish to synchronise the host address, port, and so on, so that if it ever changes for EFT it will automatically change for Mail Express, but you may want to modify the “From” address so that email notifications sent by Mail Express do not appear to be sent by EFT. Or for another example, the DMZ Gateway configuration may need to use the same host address that EFT is using but use a different port in order to attach to the Mail Express specific DMZ Gateway profile. Each aspect of the various configurations is available to be synchronised or not, as desired. See the Mail Express help page for more information.

This integration helps make Mail Express and EFT even more complete and powerful duo when implemented together, and we intend to continue expanding this integration and leveraging the dynamic capabilities of Mail Express to increase the value of our solutions.

Have any questions? Would you like some further clarification? Please don’t hesitate to let Pro2col know on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Dropbox Alternative – Day Two at InfoSecurity Europe

With the sun beating down outside you could have been mistaken in thinking the IT community would stay away from Earls Court, but day two of InfoSec was packed.

Pro2col had the pleasure of assisting on the Globalscape stand, on what is traditionally the busiest day. With Chaz and Chris Thacker both providing demos the stand was busy and the message was coming through loud and clear; IT Professionals want a Dropbox Alternative.

A study by security distributor e92plus that I read at the show highlighted that some 76% of IT Professionals in the UK had Dropbox at the top of its list of banned Globalscape and Pro2col at Infosec
technologies. This was very much reflected by the conversations we had and the demonstrations of Globalscape solutions provided.

The most popular solution by far was Mail Express. Visitors loved the web based functionality and MicroSoft Outlook plugin. The Drop Off Portal also proved a big success as IT admins learned how they could provide a hands off facility for large files to come into the business without the need for setting up FTP accounts or clogging up email servers with attachments.

If you’d like to learn more about how Globalscape solutions could help your business Replace Dropbox, contact Globalscape’s UK Master Partner here.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Cloud File transfer Services Hosted in the UK are not subject to the Patriot Act

Over the years I’ve spoken to many clients about hosted data transfer systems, and the security implications of where your data is stored.  Generally there arelots of levels of sensitivity of data that a business might have. Sometimes the more commercial, cloud based technologies can fit, e.g. sending marketing collateral to a printers wouldn’t generally be considered sensitive data.  Over recent years however, there has been a worrying increase in the amount of enterprises who have either mandated the use of cloud based technologies for the distribution of sensitive data, or turned a blind eye to what employees are using off of their own back.  Naturally there are issues surrounding compliance here and potential brand damage should the data find its way into the public domain, but that’s been covered many times before and isn’t the focus of this blog.

 

A few days ago I spoke with an international consulting firm (who shall remain nameless). They confided in me that the organisation didn’t have a managed file transfer solution in place to cater for the ad hoc transfer of data between internal staff and external parties.  They disclosed that a decision had been taken to purchase a wetransfer.com channel for their business, but this IT Manager was very concerned about compliance and security of his data.  Having had some experience of wetransfer in the past I suggested that additionally he should be concerned about where his data was stored.  Being a predominately US based company, it could be possible that their data was making its way to their US data centres and therefore be subject to the Patriot Act.  I wasn’t scaremongering, this is true as there is no way to define which server your data resides on as it’s a consumer grade solution, predominantly adopted by enterprises to get them out of a hole.

 

When looking at securely transferring business critical data I can see why a company may opt to adopt a ‘big brand’ cloud solution, but its worth pointing out they’re generally big brands because they appeal to the masses and are consumer grade.  When selecting a cloud based technology its worth asking these questions:

 

  1. Where will my data be stored?
  2. What levels of physical security are in place at these data centres?
  3. What security is in place to protect my data at rest in these locations?
  4. Is my data encrypted in transit and at rest at all times?
  5. Who within the organisation supplying the service has access to my files?
  6. What controls am I offered to administer and manage the service being used across my organisation?
  7. What compliance or data security standards do you adhere to?
  8. What logging and tracking do you provide to help me achieve compliance?

 

This list outlines some of the most important questions and is a good starting place.  If you’d like to discuss your file transfer requirements in more detail our consultants can help.  We’ve been working with file transfer technologies for more than a decade now and are well placed to be able to detail your requirements and help you identify the best technology fit.  Get in touch via our online form or call 0333 123 1240 or for International callers +44 1202 433 415.
Share on TwitterShare on FacebookShare on LinkedIn+1
 

Security hole in Facebook’s secure file transfer platform

As a brand Facebook is up there with the biggest of them, with over a billion users each month according to company reports .  This makes them a big target for the cybercrime community. As a countermeasure their ‘Bug Bounty Program’ encourages friendly hackers to report vulnerabilities in their systems and it was one such researcher that noted the security hole in their Accellion private cloud deployment.

Writing on his blog on this Monday, Nir Goldshalger announced that he had previously uncovered a hole affecting Accellion Secure File Transfer appliance that would allow an attacker to gain control of a users account with little more than their email address account.

Large Facebook Logo

A closer look at the date on the video at the bottom of his blog article (19th March 2012) and when the problem was patched (patch 9_1_166 released on 20th March 2012) would suggest that Nir did in fact identify this vulnerability, meaning that Facebook Bug Bounty Program is a worthwhile exercise.  It also demonstrates that Accellion took the issue seriously, quickly and efficiently addressing the problem when it came to light.

Software is rarely ever without flaws but all vendors do their best to ensure products don’t reach the market with problems and when they do, responding quickly is the key to maintaining brand integrity.  This also goes to highlight how important it is for customers to update the software patches released by vendors in a timely manner.  Nir was likely paid for his research and held off releasing this information for nine months, whilst I expect Accellion made a concerted effort to ensure all customers were running the latest versions of software. It will no doubt have a small negative impact on Accellion’s brand image but on the plus side, it appears to show that Accellion handled the matter in a professional manner.

Ad Hoc file transfer is one of the largest segments of the managed file transfer industry and we’re pleased to be working with some of the industries leading brands. With solutions from Biscom, Ipswitch, Globalscape and more, we at Pro2col are able to help you choose the right product to fit your feature requirement and budget limitations.  To speak to an ad hoc file transfer consultant call Pro2col today on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Managed file transfer set back after Java vulnerability in Mac OSX

TechWeek Europe yesterday reported that Apple’s latest Java update for Mac OS X not only fixes a number of security flaws, it also removes the browser plug-in from the user’s system.  This is in response to long standing problems with Java vulnerabilities after six hundred thousand Apple Macs were infected with the Flashback worm earlier this year.  Apple’s approach to controlling  software updates for Mac’s resulted in patches written by Oracle for Java 6.x being rewritten and distributed compounding serious security flaws further with the inevitable delays.  Apple  is now only responsible for Java updates on Macs running OS 10.7.2 or below, therefore upgrading the OS to a later version will result in the use of Java 7 which is developed and updated directly by Oracle although it too isn’t without problems.

Whats the problem with disabling Java you may ask?  Well its well known that Java is really the undisputed champion when it comes to carrying larger data sets Apple disables Java in OSXthrough a web browser and most managed file transfer software products use Java, almost without exception!  Why Java, well thats another discussion which has been very well documented over on the FileCatalyst web site and whilst Mac’s in general don’t account for the largest desktop market share, around 6.5% the lack of Java in OSX is a real problem for Mac users of managed file transfer solutions.

The resolution?  Well Apple aren’t stopping users from running Java on their Mac’s rather ensuring that they take the decision to enable it, this however is likely to further strain relationships between Mac users and the predominately Windows based IT departments.  I suspect that we’ll hear more about this over the coming weeks and months and given our focus on the creative marketplace we’ll keep you informed.

Share on TwitterShare on FacebookShare on LinkedIn+1
 
© Pro2col Ltd 2012 | Terms of Sale | Privacy Policy | Sitemap
Part of the Pro2col Group