• open panel
  • Home
  • Archive by category 'Data Security'
  • Page 2

Archive for ‘Data Security’

Managed file transfer set back after Java vulnerability in Mac OSX

TechWeek Europe yesterday reported that Apple’s latest Java update for Mac OS X not only fixes a number of security flaws, it also removes the browser plug-in from the user’s system.  This is in response to long standing problems with Java vulnerabilities after six hundred thousand Apple Macs were infected with the Flashback worm earlier this year.  Apple’s approach to controlling  software updates for Mac’s resulted in patches written by Oracle for Java 6.x being rewritten and distributed compounding serious security flaws further with the inevitable delays.  Apple  is now only responsible for Java updates on Macs running OS 10.7.2 or below, therefore upgrading the OS to a later version will result in the use of Java 7 which is developed and updated directly by Oracle although it too isn’t without problems.

Whats the problem with disabling Java you may ask?  Well its well known that Java is really the undisputed champion when it comes to carrying larger data sets Apple disables Java in OSXthrough a web browser and most managed file transfer software products use Java, almost without exception!  Why Java, well thats another discussion which has been very well documented over on the FileCatalyst web site and whilst Mac’s in general don’t account for the largest desktop market share, around 6.5% the lack of Java in OSX is a real problem for Mac users of managed file transfer solutions.

The resolution?  Well Apple aren’t stopping users from running Java on their Mac’s rather ensuring that they take the decision to enable it, this however is likely to further strain relationships between Mac users and the predominately Windows based IT departments.  I suspect that we’ll hear more about this over the coming weeks and months and given our focus on the creative marketplace we’ll keep you informed.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Managed File Transfer is for SMB’s too

Recent research suggests that the SMB sector is coming under an increasing number of cyber attacks from hackers and cyber criminals.  Figures published by Symantec revealed that the number of attacks on companies with fewer than 250 staff had doubled in the six months to June 2012.  Similarly AVG reported that it was predicting an increase on the £3.37 million of damage inflicted on UK SMB’s last year.  Verizon confirmed that the majority of 855 data breaches analysed in their Data Breach Investigation Report had been inflicted upon SMB’s.

The question is; why are SMB’s being targeted?  It would appear that the modest budgets available to small companies make them easier targets, Small Businessgiventhe lower level of expenditure on information security technologies.  Especially since SMB’s frequently work as suppliers for larger organisations, making them a more attractive proposition to hackers than the more conventional direct attack on the corporate target.

What does this have to do with managed file transfer I hear you ask?  MFT has generally been considered a technology more appropriate to corporate organisation’s – with its big price tag and grand title.  Times are changing for the MFT marketplace and there are now some very comprehensive solutions available at really competitive prices.  For those SMB’s considering how they should secure data transfers with their larger corporate customers, technologies exist at around the £4,000 mark which provide an equal amount of functionality as many corporate companies have.

To discuss your file transfer requirements, whether you’re an SMB or multi-national organisation, get in touch with Pro2col or give us a call on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Managed File Transfer – Remote Access Removed or Remote File Termination?

Managed file transfer solutions are the ideal technology to share files securely with remote trading partners and customers.  This is what they were designed to do and in the most part, they all provide a simple interface to achieve this.  Some provide a web browser facility, whilst others offer additional plugins such as a Microsoft Outlook Plugin or less conventionally, a Lotus Notes Plugin.  However the one common way in which the majority of these technologies work is for the file to remain on a web server, to be collected by the intended recipient.  This then provides the system with an audit trail of when the file was downloaded and in most cases, to which IP address – confirming the users location.

This is great in most instances but imagine a situation where you’ve sent an email using the plugin within your email client of choice, only to later find that pull back emailyou’ve attached the wrong document.  Worse than that, it contains sensitive customer or financial data – what then?  You make a frantic call to your IT Help Desk asking them to delete the file or remove access to it.  You then get confirmation from the kind Support Desk person to say that they’ve action your request.  Great, you’re in the clear…. but upon returning to your email you see that your customer has already downloaded the file and you have the email notification to prove it.  Where you usually greet the notification with a shrug of the shoulders in the knowledge that the managed file transfer solution has once again done its job, this time it leaves you cold!

Fortunately not all managed file transfer solutions are built the same.  Some have DLP capabilities ensuring that sensitive data is quarantined whilst one vendor we work with provides a very unique capability, remote file termination.  How is this done I hear you ask, well give us a call and we’ll tell you!  Suffice to say, this type of technology provides the highest levels of security available therefore isn’t pitched at your general ad hoc file transfer users.  It’s more appropriate for those companies dealing with extremely sensitive data, e.g. data needing to be exchanged between board members, patent information, IPO, MBO, acquisitions and mergers information and so on.

If your business has a requirement to move data in a more secure manner than your existing file transfer technology allows, speak to Pro2col as we’ve got technologies that can handle the most sensitive of data.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

A Secure Alternative to Dropbox – Welcome to Managed File Transfer

Once again here we are discussing Dropbox as they attempt to minimise the damage to the company brand following the latest reports announcing a further security breach.

Dropbox announced yesterday on their blog that after hiring some “outside experts” to investigate why certain Dropbox users were getting spam to their non-public Dropbox email addresses, the experts concluded that a Dropbox employee’s account was hacked and the details were lifted from a project document.  No details were provided on the numbers of users affected, what other information was compromised or why account details were stored in an unencrypted document.

Dropbox Spamming

Ordinarily we’re singing the praise of managed file transfer solutions as an alternative to custom built, cumbersome, unsupported, legacy FTP servers. However, a quick search on Google this morning showed me that perhaps more people are now searching the internet for a secure alternative to Dropbox, likely due to the broadcast of recent security issues.

Dropbox Alternative

 

 

A business’ decision to select Dropbox or any other cloud based technology for storing and sharing company data, should be taken with caution.  Cloud based solutions in general offer significantly more advanced features than your average in house managed file transfer solution, which end users have grown accustomed to.  Why?  Because they’re developing for a single, controlled environment over which the vendor has complete control whereas a managed file transfer vendor has to develop for multiple server based operating systems and the QA process can be lengthy, thus inhibiting progress of a product.

There are however a number of reasons why a greater degree of security can be achieved by deploying an in house managed file transfer solution, here are four of them:

  1. It’s not a big Cloud brand target with hundreds and thousands of users
  2. Data is stored local to you and you have complete control over the security policies
  3. Access is securely controlled by AD/LDAP and other user group contained within corporate authentication tools
  4. Reporting and blacklisting tools mean that hackers can be monitored and banned very quickly

If you are concerned about the lack security, control, auditing and governance of your business data then speak to Pro2col.  We can help to analyse your requirements, select the most appropriate vendors and assist right through the evaluation process and beyond.  Managed File Transfer is fast becoming a necessary business tool and is certainly a more than adequate alternative to Dropbox.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

New data protection rules could come into force as soon as 2013!

We’ve been aware for a while that EU Data Protection laws were under review. The latest news implies that business may have less time than they think before a new data protection framework is introduced. According to an article published in Computer Weekly, “While negotiations continue in Brussels, compliance and risk managers have no time to waste in preparing for the new rules that could come into force as soon as 2013.”

The impending release of this new data protection legislation puts increased pressure on businesses to ensure that they have the right measures in place to protect internal data. Especially since one of the change could potential involve the need to disclose data breach incidents within 24 hours of their discovery. Data ProtectionDespite the controversy surrounding this specific part of the proposal, it seems European businesses will almost certainly join their peers in most US states in having to comply with mandatory breach disclosure.

Bearing this in mind, the requirement to secure business data will be making it’s way to the top of many companies priority lists. Brand protection and company reputation are invaluable in today’s competitive marketplace and in order to protect this, you’re going to have to protect your data. This can seem like a daunting task, but there are regulations such as ISO 27001 and PCI DSS that provide a framework and a very good set of controls to work with. Although this doesn’t guarantee that you’ll meet the new EU regulations 100%, it gives you a good chance of be close to compliance.

At Pro2col, we provide a range of secure file transfer solutions that meet whole range of security legislation such as PCI DSS, ISO 27001, HIPAA, SOX and many more. So if you’re looking to take the next step when it comes to your data security, please contact us on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Dropbox or MFT – that is the question…

Once again the spotlight has been turned on Dropbox following their recent investigation into irregularities in their service.  This latest occurrence appears as though it will conclude with Dropbox announcing that a number of their European users email address or account details have been compromised, we’ll watch with anticipation for the outcome.

Whilst cloud solutions certainly offer users with a raft of features currently not offered by other proprietary software vendors, they tend to lend themselves to being targets for hackers due to their high profile and wide adoption.  It begs the question, “Should consumer grade cloud based technologies be allowed within the enterprise at all?”Dropbox Technologies

Managed file transfer vendors are fast catching up with the cloud based solutions, adding Dropbox like features to provide users with the simple way of working to which they’ve become accustomed.   Whilst also adding new features such as mobile file sharing capabilities to cover off the BYOD angle, never before have MFT vendors being trying so hard to keep up with the contemporary features that users are demanding.

There are many benefits associated with implementing an in-house managed file transfer solution.  Possibly one of the most important in terms of security (taking into consideration the above) is the fact that they don’t become a high profile, data centre target.  Taking the understated, in-house deployment may well help you to slip under the radar whilst also providing a range of security features.

If your company is using Dropbox to share data then Pro2col can help.  We’ve worked with various companies across a range of industry sectors to replace consumer grade file sharing technologies.  Call one of our sales consultants on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Enabling the mobile workforce with Managed File Transfer

The proliferation of mobile devices within the enterprise is undeniable with tablets and smart phones becoming key tools for employees looking to ‘get the job done’.  Many CIO’s and IT Directors know they have a problem with ensuring the secure and controlled mobile access to data, but what’s the solution?

Should access be restricted completely and a ban be placed on BYOD (Bringing Your Own Device) to work?  Or should your staff use internal tools such as Sharepoint, live with its inadequacies and struggle on with their limitations knowing that its not specifically built for the job?  Or do you take on the challenge of choosing the right tool for the job?  Realistically the choice is already made as there’s no easy way in which to stop people using mobile devices.  The most effective route is to provide them with the right tools to be successful in their jobs, whilst giving IT and security teams the tools that they need to manage users, set security policy and privileges.

Some key thoughts you should consider when selecting a mobile enabled managed file transfer solution are:

Mobile File Sharing

  • What mobile / tablet platforms do you need to support?
  • Is there a business need for a mobile application or will a browser based interface suffice?
  • How many users do you intend on providing the technology to?
  • How will you restrict access to data, e.g. users home folders only?

At Pro2col we’ve been helping companies to secure their data since 2003 and securing the mobile workforce isn’t a great deal different.  Of course there are a few different considerations to take into account, but that’s all part of what we do.  We work with a wide range of managed file transfer vendors, not all of whom want to be listed on our web site but who are taking the secure exchange of data with the mobile workforce very seriously.  Different vendors take different approaches to addressing the problem.  We work with vendors who have approached mobile file sharing from very different perspectives, which might form another blog item.

The experience we’ve gained in helping other enterprises address their mobile file sharing problems can help your business too.  Overcoming the challenge of securely exchanging data with remote workers across a range of mobile or tablet platforms, doesn’t need to be a hassle.  Get in touch with our team of technical specialists on 0333 123 1240 to work out what’s most suitable for you.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Box, DropBox, YouSendit vs Managed File Transfer: How secure is your data?

File sharing applications are often free or at least cheap, simple to use and very often difficult for an IT department to trace.  This presents a major problem for the enterprise as highlighted in a recent study by Palo Alto Networks which showed that of the 1,636 enterprises surveyed, a staggering 92% of companies had an average of 13 different browser based file sharing applications in use within their network.

With recent announcements such as the DropBox security loophole and the MegaUpload service being taken down, the net is closing in on file sharing applications and services, and rightly so.  Pretty much all businesses need to share files with colleagues, customers and trading partners, but at what cost? Recent studies by the Ponemon Institute found that the average data breach costs UK firms £1.9m prompting the question, “what would be the impact of a data breach on your company”?

browser_based_file_sharing_apps

Figure 1 – Most frequently detected browser based file sharing apps

Over burdened IT departments throughout the UK are faced with the challenge of enabling their users to carry out day to day tasks, whilst ensuring that their activities don’t compromise the very future of the business they work for.  With legislation surrounding data breaches putting increasing pressure on IT departments and data controllers, the implementation of a secure, managed file transfer solution has never had a higher priority.

When it comes to providing users with a simple, secure file transfer solution, we can help.  Pro2col represents a number of managed file transfer vendors here in the UK and has 10 years experience in finding the right solution for businesses.  Whether its providing cross platform applications for Windows, Mac, Linux or Unix, mobile application integration for iPhone, Android, Blackberry or the iPad or email integration with Microsoft Outlook or Lotus Notes, we have the solution to fit.

If your company is still using online file sharing technologies ask yourself this question – which is right for my business?  A technology over which I have no control or visibility or a secure, managed file transfer solution providing guaranteed delivery, auditing and reporting capabilities and complete control.

For a free consultation contact Pro2col on 0333 123 1240 and speak to a managed file transfer specialist with no obligation.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Powys County Council might have saved £130,000 by using Ipswitch MOVEit DMZ

This month the UK’s Information Commissioner’s Office has served a Monetary Penalty Notice of £130,000 to Powys County Council, after the details of a child protection case were sent to the wrong recipient. The penalty is the highest that the ICO has served since it received the power in April 2010. The severity of the penalty reflects the fact that the local authority had already received a warning from the ICO to tighten up its security measures following a similar breach.

Over the past 18 months Pro2col has worked closely with a number of County Councils looking to implement a simple way of securing person to person, ad hoc   file transfers.  Additionally, with County Councils looking to centralise or share the cost of services (Shared Services), Ipswitch’s MOVEit DMZ with the Ad Hoc module has proved a very popular choice, especially considering the cost of the Enterprise licence in comparison to other vendors.

MOVEit DMZ has another extremely popular feature – the option to licence multiple organisations on the same server, providing separate branding options for other services, e.g. Fire, Police, District and Borough Councils, whilst keeping users and data separate.  This dramatically reduces the total cost of ownership.

If you’re a Council with a requirement to secure person to person file transfer whilst benefiting from an industry leading secure file transfer server, then speak to one of our consultants. We’ll assess your individual requirements and help you to evaluate the best solution for your needs from the market leading managed file transfer vendors with whom we work.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Should I Use Transport Encryption Or File Encryption

This morning I was asked if I recommended using transport encryption or file encryption to protect company files and data.

My answer: “Use both of them, together!”

For starters, here’s a real quick summary of both encryption types:

Transport encryption (“data-in-transit”) protects the file as it travels over protocols such as FTPS (SSL), SFTP (SSH) and HTTPS. Leading solutions use encryption strengths up to 256-bit.

File encryption (“data-at-rest”) encrypts an individual file so that if it ever ended up in someone else’s possession, they couldn’t open it or see the contents. PGP is commonly used to encrypt files.

Encryption Code

I believe that using both together provides a double-layer of protection. The transport protects the files as they are moving and the PGP protects the file itself, especially important after it’s been moved and is sitting on a server, laptop, USB drive, smartphone or anywhere else.

Here’s an analogy: Think of transport encryption as an armoured truck that’s transporting money from say a retail store to a bank. 99.999% of the time that armoured truck will securely transport your delivery without any incident. But adding a second layer of protection – say you put the money in a safe before putting it in the truck – reduces the chance of compromise exponentially, both during and after transport.

One last piece of advice: Ensure that your organisation has stopped using the FTP protocol for transferring any type of confidential, private or sensitive information. Although it’s an amazing accomplishment that FTP is still functional after 40 years, please realise that FTP does not provide any encryption or guarantee of delivery – not to mention that tactically deployed FTP servers scattered throughout your organisation lack the visibility, management and enforcement capabilities that modern managed file transfer solutions deploy.

Original: Ipswitch File Transfer

Share on TwitterShare on FacebookShare on LinkedIn+1
 
© Pro2col Ltd 2012 | Terms of Sale | Privacy Policy | Sitemap
Part of the Pro2col Group