• open panel
  • Home
  • Articles posted by James Lewis
  • Page 4

Author Archive

Half a million reasons to beware!

Today was the day that the ICO’s got the power to fine companies for data breaches with the amendments to the Data Protection Act finally coming into force.  With the UK somewhat behind some of the EC this brings us closer in line with the the European Commissions E-privacy directive that the UK signed up to some years ago to uphold the privacy of individuals and specifically personally identifiable data.  A lot has been written about this subject but what does it mean and how does it affect your business?

If your business stores/holds personally identifiable data about individuals, that data is now governed by the Data Protection Act.  If your company has personally identifiable data your company is legally obliged to register themselves with the ICO and appoint one or more a Data Controllers within your organisation.  It is then that persons responsibility to ensure that all personally identifiable data is stored and distributed in a secure manner.  This affects both the data stored within the organisation but the bit we get involved in is the ‘distribution’ or the data, to third parties, customers, suppliers, remote offices or remote workers.  This data now needs to be secure & managed file transfer so that you have a complete audit trail of who sent what, to whom and when – also providing information on when the information was downloaded and if possible where they were when it was downloaded.  Simply put you need to know what’s happening with your data at all times!

ICO Logo

Why should I go and implement new systems, who’s going to know it was me?  Well you could take this approach and to be fair a lot of companies will lose data and won’t get caught but would you seriously want to take the risk that the ICO could find out due to your data ending up somewhere its not supposed to be.  The consequences are up to 10% of turnover (up to a maximum of £500,000) and public humiliation when the ICO provide their statutory reports on which companies have had breaches.  Given that the ICO have been a little bit slow in getting to this stage according to the EC who threatened to fine the ICO at the end of last year you can expect that the ICO will want to take the opportunity to make a statement to the EC when they get the opportunity.  Personally I’d rather it wasn’t my company getting noticed for the wrong reasons – remember TK Maxx?

So what should I do?  Well, if you’d like to speak to someone who’s able to provide you an independent insight into the best way to move your data securely within any given business scenario then you should give Pro2col a call as we’d be pleased to help.  If you don’t want to do anything then good luck and keep your fingers crossed because the ICO are coming!

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Are these the three main types of b2b file transfer solutions?

File transfer requirements are diversifying at a rate of knots with more products available than I care to count, but for me there are three distinct types of file transfer solutions I believe the majority of the larger corporate and blue chip customers are interested in. These are;

Enterprise File Transfer – making use of email to deliver a message to the end user that provides them with instructions on how to download the files(s) with the added functionality of tracking and reporting.  This method is great for the ad-hoc user, requiring little to no training.

Managed File Transfer –  relates to the secure delivery of files, in many cases making use of secure FTP based protocols also providing additional functionality such as reporting and monitoring.  These solutions are generally embedded processes that are not seen by the users and underpin internal/external business processes.

Fast File Transfer – with businesses needing to shift large volumes of data over increasing distances across the WAN or Internet traditional delivery protocols such as FTP have been superseded with UDP based delivery solutions, which have the ability to send files significantly faster.  With the cost of Internet connectivity as it is, WAN acceleration technologies are becoming more frequently used to maximise the throughput over those connections.

I’d be interested to hear from anyone who has any suggestions for areas that we may have missed, specifically if you’re a vendor of the solution and are looking for representation in the UK.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

What is the true cost of file transfer?

In the previous blog article “File transfer – a manual action or embedded process” I suggested that wherever possible file transfer should be an embedded or automated process rather than a manual action.  For those adopting the manual approach I suggested that companies were under-utilising their most valuable resource – their employees – and that it was a criminal waste of time and money.  In this article I’m going to delve deeper into the underlying cost of file transfer.

The problem is that many companies that require a file transfer solution look at the cost of the options available and disregard the appliance or software as too expensive.  Usually this is due to insufficient finances/budget, instead customers choose to continue with their existing solution or set-up.  This failure to invest or make the switch that is so desperately needed by many companies sets them back both in terms of time and money and will generally only delay the inevitable.

Stack of Coins

Whilst the implementation of a suitable file transfer solution will inevitably cost the company several thousand pounds, maybe tens of thousands in some cases, the business benefits achievable with the right file transfer solution can be ten-fold.

An area being readily addressed by many organisations now is that of Enterprise File Transfer,  or to those of us unfamiliar with the term ’sending large files as an email attachment’.  There are a number of vendors in the marketplace providing these types of solutions that allow users to create an email, attach a file(s) and send it.  This circumnavigates the email server storage or attachment limits, with in most instances the files remaining local to the sender ready to download.

Its true there is an upfront cost for a solution of this type, a large enterprise may well come in at £50,000 with annual support costs of up to 20% or £10,000 per annum ongoing.  However when you then look into the reduction in costs in other areas of the business the solution could pay for itself in a period of several months to a year.

To illustrate the point we’ll take a look at the cost of file transfer activities to a business of some 100+ users wanting to send files ad-hoc to external suppliers, customers or remote workers using a combination of FTP server/client and online email solution.

FTP File Transfer Solution 

Purchase of FTP server – free

Implementation of FTP server by IT administration – 2 hours

Ongoing weekly overhead to manage FTP server by IT administration – 5 hours

IT Administration cost of FTP server in first year @ £20 p/h – £5240

Each subsequent year – £5200

20% of the users send files via FTP daily taking them 10 minutes each @ £10 p/h – approx daily cost £33.33 – annual cost £8665.80*

Total first year cost £13,905.80
Email File Transfer Solution 

Set up cost of free online email solution – free account and say 10 minutes which we’ll disregard

100% of the users send files via the email solution daily taking them 10 minutes each @ £10 p/h – daily cost £166

Annual cost £43,160*

In this very basic example the total cost of our conservative estimate in year one is – £57,065.80.  Whilst implementing a solution won’t eradicate all of the cost a fair estimate would be an 80% reduction saving year on year £45,652.64.

*All calculations have been on the basis of 52 weeks worked per employee and a 5 day working week.

10.5 Month Break Even

In addition to the costs associated with employees time spent on non-core activities you have the security implications when using basic online solutions of where your data is being hosted, the security of data in transit and ensuring that the data is only downloaded by the intended recipient.  Then there is the management information, knowing who’s sent what and when with the added control of being able to restrict who is able to send data remotely.  Finally you have security implications of the traditional FTP server – no doubt many of you will have read about Finjan uncovering a database of 8,700 stolen FTP credentials. In the event that your server was to be compromised what would the hacker be able to access – what additional damage to your internal network and core business would be achievable?

As businesses send more and more data its important to remember that file transfer is in the most part, a small cog in the overall workings of your business.  That small cog though has the potential to reduce the effectiveness of the rest of your company or if we were to take it to the other extreme, lose sensitive data and affect your core business.  So what is the true cost of file transfer and is it worth not addressing your requirements? You tell me.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

When is FTP better than Managed File Transfer?

So why FTP File Transfer and what’s so great about it?  Well to be honest this isn’t necessarily a blog to evangelise FTP but more the way in which it works, lets call it ’sending files’.  With many businesses looking to adopt Managed File Transfer solutions, I thought it might be worth redressing the balance and putting things into perspective.  Managed File Transfer solutions have many good features but in the case of email based ones, sending files isn’t one of them.  In many cases the Managed File Transfer solution doesn’t actually send anything, rather it asks the company email server to send an email to a particular recipient.  The person receiving the email clicks on a link within the email to download the file or goes to a web site to log-in and manually download the file – so you see the responsibility is on the recipient to download the file and given this, there is no guarantee that the file will get there.  In fact there’s no guarantee the email is going to get there at all, asking the recipient to download the file(s).  Whilst Managed File Transfer solutions cater for the majority of ‘file transfer’ uses it is certainly not the right solution for every scenario.

FTP

So what do I mean by ’sending files’.   Well, historically the majority of solutions used to send files required a connection to be created between two sites and the files to be pushed/transferred to the receiving site using the appropriate delivery protocol for the connection method, e.g. Modem, ISDN or IP.   A typical example that many people would be able to relate to is FTP.  A user with an FTP client enters the details for the server, connects, selects the files to transfer, drags them over to the ‘remote server’ window (in many FTP client softwares) and the transferring of files starts straight away.  Once all of the files have been transferred you can see them on the remote server, they are there without question, the files have been delivered.

In contrast, Managed File Transfer solutions that use email messaging to deliver a message to request the download of the files, has several potential points of failure.  You’ve got to rely on two email servers to be happy to deliver the message and not overburdened with other requests, you have to ensure that SPAM filters don’t whisk away your all important message and probably most importantly – someone has to be there to open, read and perform the manual process of downloading the file.

In short FTP file transfer has a place in the enterprise.  If you want to be able to push data to a location with or without manual intervention, then FTP or another file transfer protocol with similar features will do.  Certain business to business situations will rely on data being sent from one location to the next e.g. a publisher to his printer, where time is of the essence and any doubt about the delivery of the data has to be avoided.

Finally it is possible to make FTP more functional and secure than many Managed File Transfer vendors make out, in fact some Managed File Transfer vendors have it built in.  Depending upon the solution you implement, you can get some great functionality to compliment this old delivery protocol and its also possible to integrate with workflow solutions, script integration and utilise API’s and SDK’s for complete integration.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

File transfer – a manual action or embedded process

Lets face it file transfer isn’t the most interesting subject in the world, but its a necessity for many businesses to move data from one location to another in order for individuals or teams to carry out certain tasks.

For many businesses however, file transfer is a tedious process requiring manual intervention.  Regularly staff are expected to manually create a job to send and watch the file being delivered to the remote site to ensure that its gone, a good example being the user of an FTP client.  Clearly there are instances where this scenario works and is the most economic way, e.g. the one off or infrequent transferring of files, but for companies that regularly need to send large files to the same location this approach is nothing short of a criminal waste of resources.File Transfer

As businesses strive to succeed in these challenging times many more are looking towards automation of their internal processes, this is the case irrespective of industry sector and to some extent business size.  A small part of many businesses workflow process is the delivery of files/data to another location – whether its on the same LAN, across a WAN or via the Internet whatever route the premise is the same even if the conditions are not.

File transfer should in my opinion wherever possible be an embedded process, effectively seamless, with the user not even aware that its taking place.  There are many ways of achieving this result (which in itself is another blog post entirely), whether hot-folder initiated or integrated with existing applications using various SDK’s.  Then there are the considerations of which delivery protocol is most appropriate, e.g. TCP/IP (FTP) or UDP (MTP/IP) and whether encryption of the data should be included.

The bottom line is in fact the bottom line (of your P&L statement).  Businesses need to wake up to the fact that manually sending files is not a good use of resources and where automation is possible processes are streamlined, files are delivered faster and human error is eradicated.

If you or your company could benefit from embedded file transfer or automated file transfer Pro2col would be pleased to assist you.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

The dangers of Cloud computing and online business applications

Right now there is a very clear shift towards Cloud Computing but are we all buying into the concept without considering the implications for our businesses?  Wikipedia describes Cloud Computing very simply as, “a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure in the “cloud” that supports them.”  It goes on to explain that it can also be described as, “technologies that rely on the Internet to satisfy the computing needs of users. Cloud computing services often provide common business applications online that are accessed from a web browser, while the software and data are stored on the servers.”

Laptops in the Cloud

The key points to pick up from the above description is that ‘business applications‘ are provided online and that the ‘software and data‘ are stored remotely.  With security of data uppermost in the minds of many an IT professional its worth pointing out that there has been a rise in the number of companies using online file transfer applications to send mission critical information to trading partners.  Whilst many of these systems encrypt the data in transit using a variety of options which invariably result in SSL or 3DES usage many don’t consider the implications of this data then residing on remote servers waiting for the secure collection by the intended recipient.

An interesting, yet worrying article by Eric M. Fiterman about called Cloud Danger: Drag and Drop Theft highlights the inadequacies in the audit tools for the virtual cloud space.  He points out that anyone with access to the servers providing your business with a service could very easily walk away with confidential information;

“If your service provider has physical access to your environment, any person with access to the virtual servers can perform activity on your server. Think that some malicious activity involving your virtual memory would be logged or monitored? It’s not likely; audit tools for much of the virtual-cloud space appear to be non-existent. This means I could easily perform some malicious activity on your server – such as copying a file containing personally identifiable information off your server – then rollback the state of the server to hide my activity. You’ll never even know it was taken.”

When chosing a file transfer solution its imperitive that you know not only that your data is going to be secure whilst traversing  the Internet, but also secure on the servers which host the data.  Whilst its almost impossible to guarantee the security of your data at any time doesn’t it make more sense to have an in-house securely managed file transfer solution?

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Pro2col’s on Twitter

Pro2col has been on Twitter now for a while and we’re starting to get the hang of it with over a 1,000 followers now.  We hope to be able to be all things file transfer to the marketplace at some point, we’ve got a little way to go with our portfolio at the moment but we’re talking to a number of vendors about adding some additional solutions.  Watch this space!

Twitter

As this is our first blog entry I want to keep in brief but at the same time introduce the UK team:

  • James Lewis – Owner and responsible for Sales & Marketing
  • Charles Snell – Owner and responsible for Technical Services & Support
  • Lindsay Lewis – Marketing and Office Manager
  • Bibi Langston – Technical Support Engineer
  • Peter Fox – Technical Support Engineer
  • Lisa Arnold – Sales and Accounts Administration

You can contact anyone of us via email by using our intials in front of @pro2colgroup.com e.g. jl @ pro2colgroup.com – obviously without the spaces!

We’d love to hear from anybody who’s got any burning questions about file transfer in general or specific solutions and if you’ve got any recommendations about Blog topics please feel free to get in touch.

Share on TwitterShare on FacebookShare on LinkedIn+1
 
© Pro2col Ltd 2012 | Terms of Sale | Privacy Policy | Sitemap
Part of the Pro2col Group