• open panel

Five File Transfer Pain Points

In a normal day, companies and individuals must transfer files containing many different types of sensitive and mission-critical information across systems, businesses and departments – everything from legal documents to X-rays to credit card statements. In an effort to get work done, employees will often skirt the rules of IT and turn to readily available file-sharing options outside the corporate IT structure. This opens the company up to a host of liabilities from security, visibility and control to inaccurate information being transferred within systems. Jeff Whitney, from Ipswitch File Transfer, has identified the top five IT pain points associated with file transfers.

  • Complexity

File sharing solutions are often complex and do not provide a unified standard for the business to automate processes.  As file sharing has been core to business process for quite some time, there are often legacy systems in place with layers of homegrown tools and scripts, as well as products from multiple vendors.

  • Limited Visibility & Control

Businesses, especially in regulated industries like health care and financial services, need to have the ability to track the movement of files. IT teams often talk about “flying blind” when they don’t have visibility into where files are or proof that they’ve been delivered.

  • Employeees Circumvent IT

Without a centralized file transfer system in place, employees will often bypass IT and use a commodity file-sharing product, subjecting the organization to added security risks. This is an escalating issue with the proliferation of consumer-based sharing applications, like Google Drive.

  • Ensuring Security

Security is always a top priority for IT teams, but there is often little insight into the way that businesses transfer critical data.  When issues do occur, IT is often blind to them since they lack general oversight of the file transfer process.

  • Insufficient Resources

The IT department, like many others within organizations, is constantly being asked to do more work with less resources. Companies are creating and transferring documents at an exponential rate and IT must find a way to scale current systems, processes and resources to meet these increasing demands.

 

How can you remedy these pain points?

Forward-thinking IT teams are adopting or looking into managed file transfer (MFT) solutions to free-up resources to focus on other critical business needs. These teams are finding that an MFT strategy allows automation and auditability of file movement.

 

About us
As the UK’s leading independent experts in managed file transfer, Pro2col is well positioned to help you to assess your requirements, identify potential solutions, demonstrate the leading contenders and help you to evaluate those that fit best.  We’ve worked with over 600 companies in 28 countries to address their file transfer challenges and we’d very much like to help you with your file transfer project.  To get started download some of the free resources or contact our file transfer specialists on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Globalscape Mail Express and EFT Disaster Recovery Practices

By Eric Hall – Globalscape Channel Engineer Executive

How to maximise uptime of Globalscape solutions, especially EFT and Mail Express, when dealing with a disaster in the Production data centre. This is an important topic that either doesn’t get enough attention or is discussed in terms limited to either Disaster Recovery or uptime within a single data centre, one or the other only. I want to make sure the topic of Disaster Recovery is addressed as thoroughly as possible, and hope you will find this useful to keep for later reference.

With the current generation of Globalscape solutions, we strongly recommend either an Active-Active configuration made possible by the EFT Sync Tools or an automated Active-Passive (failover) cluster. Both options minimise downtime in the Production data centre during any interruptions in service due to failure or maintenance of the hardware, software, or OS. The Active-Passive configuration is supported out of the box, and it’s easy for EFT to be installed into this kind of failover cluster once it’s been set up. The installer will actually prompt you to specify whether it’s being installed in a cluster and will generally walk you through the extra steps required.

Some organisations have a high tolerance for downtime and are very unusual in that they have a seamless, high-bandwidth, low-latency integration of a secondary data centre with their primary data centre (often separated by only short distances over dark fibre, for instance). Those organisations may choose to get away with using their “disaster recovery” environment as the fail-over instance in lieu of a proper cluster. In reality, it’s rare that customers actually have the infrastructure to make this a reality. Even more rarely does this work in a manner that’s nearly as neat and tidy as they might expect, but it is theoretically possible.

For actual disaster recovery, where the primary data centre has been rendered unusable due to some natural disaster or otherwise a massive power or connectivity outage, there are two primary approaches.

 
1)      Warm (some would call it “Hot”) – As a reminder, Globalscape now offers its EFT Sync Tools to regularly synchronise configurations between EFT installations, which is ideal for those who need a more seamless and “Warm” DR implementation. If there is a constant connection between the Production and DR data centres, then you can use the EFT Sync Tools to keep the DR installation up to date with the Production configuration. Some would call this a “Hot” backup, but that requires all of the surrounding services to also be up and running, and you typically do not want an EFT Enterprise continually attempting to accomplish Scheduled or Folder Monitor tasks against resources that may not be active and up to date. The EFT Sync Tools allow you to specify on which EFT installation various rules run, so that you can be sure any rules you don’t want running on the DR server are left alone until the appropriate time.

Using this approach intended for a Disaster Recovery scenario is what may allow you to potentially use it as a failover for simple maintenance or failure occurrences, but it is still not the kind of seamless and automatic failover achieved with MSCS on Server 2008 R2 and 2012 nor an Active-Active approach made possible by the EFT Sync Tools.

This option is often the best, offering a high degree of confidence and value.

 
2)      Cold – Without the EFT Sync Tools, the next best option is a “cold” DR implementation, which is workable but more complicated. For this you would configure EFT Enterprise to periodically make a backup of the configuration not just locally but also to the remote server (ideally it will have connectivity to drop the file off through a shared folder on the DR EFT Enterprise server’s hard drive). This can be once a day or every 5 minutes, depending on how extreme the requirement and how often changes are realistically going to be applied to the production server’s configuration. This is one of the many reasons larger organisations should invest in EFT Enterprise, as the Standard version does not offer this kind of enterprise-minded capability.

When such a disaster occurs, the otherwise idle or sleeping EFT Enterprise in the DR data centre would need to be restored to the latest known-good configuration from the production environment. Keep in mind that for all the operations that require other resources (ARM, authentication sources, DMZ Gateways, shared folders to monitor, etc.) the DR environment must be well configured to appear functionally the same, which is a good reason for the use of name resolution rather than manually typing in hardcoded IP addresses. Additionally, remember that EFT will not replicate user data, database content, or anything other than configuration and operational data.

There are two ways to “restore” the latest production configuration onto the DR server. First, a human administrator can start the service, log into the administrative interface, and select File > Restore Server Configuration to start the wizard. Once it’s completed, it will be up and running with the production server’s configuration, and you can start directing incoming connections to that server.

Second, you can automate the process by creating a script or application to programmatically restore the configuration in a predetermined way. We’ve actually done some of that work by throwing together a hypothetical example script (Backup and BackupEx) we provide for free from our Help File. You would need to edit that script for it to be applicable to your particular environment, but we’ve gotten the ball rolling to help that process along.

Again, I advise against trying to use a DR site as a substitute for a proper highly available implementation (Active-Active via EFT Sync Tools or Active-Passive via MSCS), but it is do-able to create a very well groomed and orderly configuration and environment replication, as long as you can tolerate the additional downtime required to kick off and complete the process.

Please do not hesitate to contact Pro2col should you wish to discuss the design or implementation of DR in your environment.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Globalscape Mail Express Integration with EFT

By Eric Hall – Globalscape Channel Engineer Executive

What does Mail Express integration really mean? What benefits does it offer to those looking for both a back-end automated MFT solution as well as a solution to make available large or sensitive file sharing between people via email? Might it make sense in some cases to combine EFT Server with Mail Express? I’ll address the Top 3 key points below.

Globalscape Mail Express Reporting Window1)    Reporting – All the information required by IT personnel on their users’ activities is already available in the Mail Express database. Mail Express includes some reporting and auditing capabilities out of the box. However, those reports are more suited to drilling down to individual packages for auditing and spot-checking, and if you have EFT already, then it’s an additional place you have to go to for reports. Many of our existing EFT customers voiced that they preferred EFT’s Auditing and Reporting Module (ARM) reporting style and capabilities, especially as integrated with EFT’s ability to generate reports on a scheduled basis and either store them in PDF format or embed them as HTML into an email sent periodically to the appropriate parties. So we expanded Mail Express to communicate its activities to EFT so that they can be recorded to ARM and reported on in the same set of reports already available for SAT. If you have EFT 6.5 with ARM, and you add Mail Express 3.3, you can optionally integrate the two together for consolidated reporting. These reports are all available under the list of built-in reports as “Activity – Ad Hoc …” with the various flavours supporting it. If the customer has not completed the upgrade to Mail Express and is still running SAT somewhere in their organisation, these reports will be combined, ensuring a smooth transition.

Globalscape Mail Express Automation2)     Automation – One piece of functionality not offered out of the box by Mail Express on its own is the ability to automate processes on files being sent via Mail Express. Unlike EFT, where files tend to be moving through EFT to their final destination on, files sent via Mail Express are effectively parked in the Mail Express storage, waiting for the recipients to authenticate themselves and retrieve the individual files or complete package. This makes it well situated to allow antivirus and Data Loss Prevention solutions to passively scan the files on writing or reading from disk.

However, not all storage systems are so conveniently configured. Therefore you now have the ability to leverage EFT’s simple and powerful Event Rule system to automate processes as required by company or regulatory policy. Do files need to be retained for a period of time? Copy them to an eDiscovery or archival storage area. You can even encrypt and sign them to compress the files for long-term storage and ensure the file integrity to both protect the contents and avoid tampering. Do AV or DLP scans need to be run? Use EFT to call the appropriate utilities either directly via command line using a Command or invoke their DLLs programmatically with the Advanced Workflow Engine (AWE).

Whatever the requirement, you can now leverage EFT to make sure that need is fulfilled. And of course all such automated activity will also be recorded by EFT to the auditing database with ARM.

For example, as in the screenshot shown here, I have:

  1. Created an “On File Uploaded Rule”
  2. Added the condition so that it is only triggered if the upload has occurred where the Protocol is “Ad hoc Over HTTP/S Protocol” which is how it defines an upload through Mail Express
  3. Execute a “DLP Scan” command invoking a command line DLP tool
  4. As long as the scan does not fail, copy the uploaded file to an archive directory
  5. Encrypt (and compress) the archive copy

3)      Configuration – In the spirit of avoiding the duplication of effort, having to make the same changes multiple times or in multiple places, Mail Express can now synchronise its configuration with EFT, if desired. You do not have to do this at all, of course, but it’s available for those who find it valuable.

NOTE: Only 32-bit Mail Express installations can communicate with EFT. Mail Express is now included in the EFT installer, and that included version is the 32-bit version for precisely that reason.

There are three key configuration areas that Mail Express can synchronise with EFT: SMTP server details, DMZ Gateway connections, and SSL certificates. These configurations may be synchronised wholesale, or the administrator may pick and choose the specific aspects of the configuration that will be appropriate. For example, for the SMTP settings, you may wish to synchronise the host address, port, and so on, so that if it ever changes for EFT it will automatically change for Mail Express, but you may want to modify the “From” address so that email notifications sent by Mail Express do not appear to be sent by EFT. Or for another example, the DMZ Gateway configuration may need to use the same host address that EFT is using but use a different port in order to attach to the Mail Express specific DMZ Gateway profile. Each aspect of the various configurations is available to be synchronised or not, as desired. See the Mail Express help page for more information.

This integration helps make Mail Express and EFT even more complete and powerful duo when implemented together, and we intend to continue expanding this integration and leveraging the dynamic capabilities of Mail Express to increase the value of our solutions.

Have any questions? Would you like some further clarification? Please don’t hesitate to let Pro2col know on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 


Looking for a secure Dropbox

alternative to enable ‘safe’

employee file sharing?

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Most UK firms lack data transfer visibility, Ipswitch study shows

In a recent article from Computer Weekly.com, Rich Kennelly, president of Ipswitch’s File Transfer division discussed the key findings of a recent study relating to the visibility of data movement in UK businesses. Needless to say, the stats were concerning to say the least…

Four out of five UK companies have little or no visibility of data movement, a study has revealed.

Half of more than 100 firms polled by Ipswitch File Transfer admitted they have no visibility of files being transferred within and outside their organisation.Magnifying Glass

A further 30% said they have only limited visibility, despite 64% of respondents saying secure file-sharing was vital to the security of the company data.

“A high level of visibility is critical for any organisation that is serious about protecting its most valuable asset – information,” said Rich Kennelly, president of Ipswitch’s File Transfer division.

“The ability to know who is moving data, where, when, how and why across an enterprise, is crucial, not only for data security,” he said.

Kennelly said data management and visibility is also important for streamlined workflows that improve productivity, and meeting compliance requirements.

Regarding who should be blamed if valuable or confidential company data file are sent or shared unsecured, 52% of respondents said it was a collective responsibility.

More than a third said accountability should lie with the employees; 7% said management should be blamed for not having robust policies in place; and just 3% said IT departments were to blame.

“We’re seeing a real shift in attitude, understanding and acceptance of managed file transfer technologies,” said Kennelly.

“Users know that information is at the core of their business and crucial to its existence, competitive advantage and longevity.”

The survey shows there is now greater understanding that efficient data security demands collective responsibility.

However, Kennelly said users cannot play their part unless the business provides easy-to-use, accessible and simple solutions that make their jobs easier.

The survey reveals that moving sensitive information by email is most prevalent, with 44% admitting to sending classified or confidential materials by email at least once a day.

Almost half admitted to using personal email accounts to send company files, with 21% blaming the slowness of work email, difficulties in connecting and limited file sizes.

Some 11% said they used personal email because their company did not monitor what they send and 8% admitted keeping business documents to use at their next place of work.

More than a quarter of respondents admitted using unsecured file-sharing websites and cloud services to share work-related files, while almost two-thirds confess to using USB drives, smartphones, tablets and other personal devices for backing up corporate files.

About Us

Pro2col are a Certified Ipswitch Elite Reseller based in the UK.  Since 2003 we have been helping companies of all shapes and sizes to tackle their data transfer challenges and maximise their investment in secure managed file transfer products.  If you’d like to know more about how to attain full visibility and control over the data moving into, out of and around your business, please don’t hesitate to contact us on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Dropbox Alternative – Day Two at InfoSecurity Europe

With the sun beating down outside you could have been mistaken in thinking the IT community would stay away from Earls Court, but day two of InfoSec was packed.

Pro2col had the pleasure of assisting on the Globalscape stand, on what is traditionally the busiest day. With Chaz and Chris Thacker both providing demos the stand was busy and the message was coming through loud and clear; IT Professionals want a Dropbox Alternative.

A study by security distributor e92plus that I read at the show highlighted that some 76% of IT Professionals in the UK had Dropbox at the top of its list of banned Globalscape and Pro2col at Infosec
technologies. This was very much reflected by the conversations we had and the demonstrations of Globalscape solutions provided.

The most popular solution by far was Mail Express. Visitors loved the web based functionality and MicroSoft Outlook plugin. The Drop Off Portal also proved a big success as IT admins learned how they could provide a hands off facility for large files to come into the business without the need for setting up FTP accounts or clogging up email servers with attachments.

If you’d like to learn more about how Globalscape solutions could help your business Replace Dropbox, contact Globalscape’s UK Master Partner here.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Five things every business manager should know about file sharing practices

A blog written by Jeff Whitney, vice president of marketing for Ipswitch File Transfer

Businesses face a real threat – their employees. That’s right, increasingly tech-savvy employees have turned to a diverse range of file transfer tools that are beyond the sight of IT management.

Employee File Sharing FactsEmployees see webmail, file sharing services, cloud storage, USB sticks and smart devices as easier to use than traditional corporate tools to transfer files. But this trend ignores the security risks and regulatory implications of using file transfer methods entirely outside of corporate control.

Here’s five things you should know about your employees’ habits and the need for secure file transfer technology:

1. Insecure means are used to send confidential files.  Recent surveys we have run to monitor user behaviour found that a vast majority (84%) of respondents send classified or confidential information through corporate email attachments. Of those, 72% do this at least weekly and 52% daily. That means employees are using unsanctioned tools in record numbers, resulting in a lack of visibility and control.

2. Many employees use personal email to send company documents and data.  Users may think they can’t afford delays or slowdowns associated with jumping through perceived hoops to send out information and files that keep business humming. And if the business doesn’t provide the tools they need to send large and confidential attachments, or if the processes and technologies are too difficult to use, then users will take matters into their own hands – and their own email.

3. Employees are using consumer-grade file transfer services for business purposes.  If the corporate email system limits the size of file attachments or if IT vetoes service requests, resourceful employees don’t throw up their hands in resignation: they look for workarounds. And the growing popularity of file transfer sites and cloud services aimed at consumers is making it easier for business users to sidestep IT. More than half of the users we surveyed admitted they use these services.

4. Risk of data theft is high.  When business users aren’t turning to personal email accounts or free file-sharing services, they may be putting files on USB thumb drives, smartphones or other external devices. Unfortunately, our market research shows that almost one-third of users had lost a USB device, smartphone or other external device containing business or personal information – a tremendous risk for any organisation.

5. IT Management Visibility into Data Management is Low, Putting Businesses at Risk.  Most companies create and maintain policies that mandate the use of approved tools for moving and sharing information. However, our research shows fewer than 32% strictly enforce these policies, making these mandates largely meaningless. No visibility means no compliance with internal policies or external regulations and laws.

The file sharing habits of employees can be risky but is driven by their desire to get work done. The business need and IT desire to control file sharing is equally important. Fortunately, companies don’t have to choose between risky behaviour and productivity. Using secure file transfer technology, employees can get the convenience, ease-of-use, and speed they need while IT and the business get the control, visibility, security and compliance they need.

Click here to download a free report, published by Ipswitch File Transfer that provides insights into causes and trends in risky data and file sharing, ways in which IT has fallen behind in safeguarding information, plus the associated dangers and proven means to safeguard corporate data without impeding user productivity.

Pro2col are a certified Ipswitch File Transfer Elite Reseller and have been working with Ipswitch since 2010 to supply, deploy and support their range of managed file transfer solutions to UK businesses.  If you like more information on secure managed file transfer, don’t hesitate to contact us.

 

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Ipswitch MOVEit Ad Hoc shortlisted for SC Magazine Technology Award

Ipswitch File Transfer MOVEit Ad Hoc has been shortlisted by SC Magazine for a Technology Award in the category of ‘Best SME Security Solution’. Our secure person-to-person file transfer solution has been recognised among the most innovative products addressing the security demands of smaller enterprises today. Winners will be announced at the SC Magazine Europe Awards on 23 April, to be held at London’s Hilton Park Lane.

MOVEit Ad Hoc ensures secure sending and receiving of sensitive files and messages between individuals and groups. It provides peace of mind for businessesSC Awards sharing mission critical digital information with their employees, partners and customers using Outlook or any simple browser interface. A recent Ipswitch study reveals that more than a third of people sharing information are doing so insecurely, through personal email or consumer file-sharing sites. MOVEit Ad Hoc provides a simple yet secure solution to sharing files which avoids this increasingly prevalent risky behaviour.

For over 20 years Ipswitch has been a leader in providing secure Managed File Transfer solutions. So it is an honour to be recognised by SC Magazine, not just for ourselves, but on behalf of the many businesses and industries that already depend upon Ipswitch File Transfer to protect their most valuable and sensitive information. It’s also particularly rewarding for MOVEit Ad Hoc to be recognised on the heels of our recent launch – our easy-to-use, IT-approved, person to person file transfer solution.

SC Magazine is the world’s largest dedicated IT security publication, serving the industry for over 15 years. The SC Awards Europe is among the most coveted and prestigious accolades for the information security industry, honouring vendors that deliver the most innovative security technologies.

A panel of industry judges from the information security profession will now pass judgement on the products and services put before them, including Ipswitch File Transfer MOVEit Ad Hoc. Review the shortlist for every category here. Read the latest awards build-up and coverage here. Book tickets for the event here, and find out more about MOVEit Ad Hoc here.

Guest Blog by Jeff  Whitney, Vice President of MarketingIpswitch File Transfer

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Are Employees Putting Your Company’s Data at Risk?

One of our key vendors, Ipswitch File Transfer conducted a survey of over 200 IT leaders and practitioners with security responsibilities about person-to-person file-sharing practices.  From the results that they gathered, this is what they found…

These results should alarm IT and security professionals.  Findings show that employees are circumventing IT staff by sending confidential and highly sensitive company files via means that are insecure and lack auditability. The results serve as a graphic reminder that when company systems hinder employee productivity, it’s both a security risk and bad for business.

There’s no way to sugarcoat the results of the survey, the highlights of which you can see in the Infographic below. Click here to register to receive the full research report results and recommendations.

 

Ipswitch File Transfer Survey Results - Person to Person File Sharing Risks

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Cloud File transfer Services Hosted in the UK are not subject to the Patriot Act

Over the years I’ve spoken to many clients about hosted data transfer systems, and the security implications of where your data is stored.  Generally there arelots of levels of sensitivity of data that a business might have. Sometimes the more commercial, cloud based technologies can fit, e.g. sending marketing collateral to a printers wouldn’t generally be considered sensitive data.  Over recent years however, there has been a worrying increase in the amount of enterprises who have either mandated the use of cloud based technologies for the distribution of sensitive data, or turned a blind eye to what employees are using off of their own back.  Naturally there are issues surrounding compliance here and potential brand damage should the data find its way into the public domain, but that’s been covered many times before and isn’t the focus of this blog.

 

A few days ago I spoke with an international consulting firm (who shall remain nameless). They confided in me that the organisation didn’t have a managed file transfer solution in place to cater for the ad hoc transfer of data between internal staff and external parties.  They disclosed that a decision had been taken to purchase a wetransfer.com channel for their business, but this IT Manager was very concerned about compliance and security of his data.  Having had some experience of wetransfer in the past I suggested that additionally he should be concerned about where his data was stored.  Being a predominately US based company, it could be possible that their data was making its way to their US data centres and therefore be subject to the Patriot Act.  I wasn’t scaremongering, this is true as there is no way to define which server your data resides on as it’s a consumer grade solution, predominantly adopted by enterprises to get them out of a hole.

 

When looking at securely transferring business critical data I can see why a company may opt to adopt a ‘big brand’ cloud solution, but its worth pointing out they’re generally big brands because they appeal to the masses and are consumer grade.  When selecting a cloud based technology its worth asking these questions:

 

  1. Where will my data be stored?
  2. What levels of physical security are in place at these data centres?
  3. What security is in place to protect my data at rest in these locations?
  4. Is my data encrypted in transit and at rest at all times?
  5. Who within the organisation supplying the service has access to my files?
  6. What controls am I offered to administer and manage the service being used across my organisation?
  7. What compliance or data security standards do you adhere to?
  8. What logging and tracking do you provide to help me achieve compliance?

 

This list outlines some of the most important questions and is a good starting place.  If you’d like to discuss your file transfer requirements in more detail our consultants can help.  We’ve been working with file transfer technologies for more than a decade now and are well placed to be able to detail your requirements and help you identify the best technology fit.  Get in touch via our online form or call 0333 123 1240 or for International callers +44 1202 433 415.
Share on TwitterShare on FacebookShare on LinkedIn+1
 
© Pro2col Ltd 2012 | Terms of Sale | Privacy Policy | Sitemap
Part of the Pro2col Group