• open panel

Security hole in Facebook’s secure file transfer platform

As a brand Facebook is up there with the biggest of them, with over a billion users each month according to company reports .  This makes them a big target for the cybercrime community. As a countermeasure their ‘Bug Bounty Program’ encourages friendly hackers to report vulnerabilities in their systems and it was one such researcher that noted the security hole in their Accellion private cloud deployment.

Writing on his blog on this Monday, Nir Goldshalger announced that he had previously uncovered a hole affecting Accellion Secure File Transfer appliance that would allow an attacker to gain control of a users account with little more than their email address account.

Large Facebook Logo

A closer look at the date on the video at the bottom of his blog article (19th March 2012) and when the problem was patched (patch 9_1_166 released on 20th March 2012) would suggest that Nir did in fact identify this vulnerability, meaning that Facebook Bug Bounty Program is a worthwhile exercise.  It also demonstrates that Accellion took the issue seriously, quickly and efficiently addressing the problem when it came to light.

Software is rarely ever without flaws but all vendors do their best to ensure products don’t reach the market with problems and when they do, responding quickly is the key to maintaining brand integrity.  This also goes to highlight how important it is for customers to update the software patches released by vendors in a timely manner.  Nir was likely paid for his research and held off releasing this information for nine months, whilst I expect Accellion made a concerted effort to ensure all customers were running the latest versions of software. It will no doubt have a small negative impact on Accellion’s brand image but on the plus side, it appears to show that Accellion handled the matter in a professional manner.

Ad Hoc file transfer is one of the largest segments of the managed file transfer industry and we’re pleased to be working with some of the industries leading brands. With solutions from Biscom, Ipswitch, Globalscape and more, we at Pro2col are able to help you choose the right product to fit your feature requirement and budget limitations.  To speak to an ad hoc file transfer consultant call Pro2col today on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Personal File Sharing in the Business: The Risks

It may be a new year, but we’re still facing the same old challenges on our return to the working world.  Personal file sharing is one of those challenges.  If employees are left to their own devices, the chances are they will turn to familiar consumer grade technologies such as Dropbox that were just not designed to adequately secure business data.

Micheal Osterman of Osterman Research succinctly summarises some of the key issues surrounding personal file sharing in his white paper, “Business-Class File Sharing Best Practices”.  Here is an excerpt from the paper:

Excerpted from “Business-Class File Sharing Best Practices”

The Status Quo Doesn’t Work

Business-Class File Sharing

  • Users are stymied because company email systems often do not permit file attachments of more than 10 to 20 megabytes to be sent, and it is not efficient at sending more than a few files at a time. Moreover, email doesn’t typically include a return receipt so the sender can know if the recipient ever received the email. Also, when email is used for file transfer, it imposes increased storage and bandwidth costs, slow message delivery, long backups, long restores, high IT management costs.
  • Many users will turn to their personal Webmail account because of their ability to send very large files through these systems. However, when users do so there is no IT visibility into the sent or received content, no tracking, no auditability, and no archiving. Moreover, corporate content can reside in personal Webmail repositories for many years, long after an employee may have left the company. While this makes life easier for users, it increases the risk to the organisation.
  • USB sticks, tablets and smartphones create the same problems: lack of security, higher costs, their likelihood of being lost or stolen, and the potential for content on them to be accessed by unauthorised parties.
  • Dropbox-like file sharing tools and cloud services can be effective, but they do not permit IT management or governance of content. And, they often are individual accounts and not under the sanction of IT which means that IT doesn’t have the visibility or insight into what is being transferred, nor does IT maintain any type of audit trail for this content.
  • SharePoint and similar tools are useful for sharing information if both senders and recipients are using it. However, SharePoint require the deployment of a dedicated infrastructure and training for end users, and it is not always easily accessible by remote workers or people external to an organisation.
  • Basic FTP client-server systems, while useful, require both the sender and recipient to have access to the FTP server to share information, which can be an ongoing provisioning burden for IT.
  • Physical delivery of information – such as CD-ROMs or DVD-ROMs that are burned and sent through overnight services – is expensive and the speed of delivery is slow

If you’d like to learn more about secure file sharing practices, you can access the full Osterman whitepaper here.  Alternatively, if you’d like to discuss your specific file sharing challenges with one of our managed file transfer experts, please don’t hesitate to contact us on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Socitm 2012: Managed File Transfer for Councils

We’ve been working closely with councils throughout the UK to simplify, secure and streamline their file transfer, so we couldn’t miss the opportunity to attend Socitm 2012; the No. 1 UK ICT event for councils.  The conference has kicked off today (here’s a breakdown of the programme) and the Pro2col team are ready and waiting to share the knowledge and experience that we have gained from working with councils to secure person-to-person file transfers and automate the movement of sensitive data into and out of the organisation.

Pro2col Managed File Transfer at Socitm 2012

On a similar note, this is the ideal moment to publically release our lastest e-book: The Council’s Guide to Secure Managed File Transfer, which is now available for download.  It covers a range of issues surrounding the secure movement within councils including:

  • How to eliminate the problems caused when employees resort to insecure, non-compliant file transfer methods such as email.
  • Ensuring you meet with UK data security and compliance legislation including The Data Protection Act and PCI DSS.
  • Providing your employees with a quick and simple way to send and receive sensitive files both internally and with third parties.
  • Automating the transfer of files, saving time and money.
  • How to regain control over file transfer processes and user access.

If you’re at the conference and would like to speak to one of our managed file transfer experts, drop by stand 8 (piccy attached) – we’re always happy to help.  If you’ve not been able to make it this year and you’d like to talk to us, please don’t hesitate to get in touch with the office on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Managed file transfer set back after Java vulnerability in Mac OSX

TechWeek Europe yesterday reported that Apple’s latest Java update for Mac OS X not only fixes a number of security flaws, it also removes the browser plug-in from the user’s system.  This is in response to long standing problems with Java vulnerabilities after six hundred thousand Apple Macs were infected with the Flashback worm earlier this year.  Apple’s approach to controlling  software updates for Mac’s resulted in patches written by Oracle for Java 6.x being rewritten and distributed compounding serious security flaws further with the inevitable delays.  Apple  is now only responsible for Java updates on Macs running OS 10.7.2 or below, therefore upgrading the OS to a later version will result in the use of Java 7 which is developed and updated directly by Oracle although it too isn’t without problems.

Whats the problem with disabling Java you may ask?  Well its well known that Java is really the undisputed champion when it comes to carrying larger data sets Apple disables Java in OSXthrough a web browser and most managed file transfer software products use Java, almost without exception!  Why Java, well thats another discussion which has been very well documented over on the FileCatalyst web site and whilst Mac’s in general don’t account for the largest desktop market share, around 6.5% the lack of Java in OSX is a real problem for Mac users of managed file transfer solutions.

The resolution?  Well Apple aren’t stopping users from running Java on their Mac’s rather ensuring that they take the decision to enable it, this however is likely to further strain relationships between Mac users and the predominately Windows based IT departments.  I suspect that we’ll hear more about this over the coming weeks and months and given our focus on the creative marketplace we’ll keep you informed.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Managed File Transfer in Action – Part 1

A well known utilities company in Yorkshire were using multiple legacy systems and 2 disparate FTP solutions to move data into, out of and around their organisation.  These systems had grown organically over time to tackle isolated file sharing issues when they arose.  As it transpired, this approach left the company with an ungovernable mix of system to system and FTP solutions that required manual interventions and the ongoing revision of batch scripts.

Utility Bill

The mounting costs generated by work duplication and management overheads, accompanied by the risk associated with the absence of failover was becoming a genuine concern.  Bearing in mind that these systems were executing business critical processes such as billing, debt management, banking and delivering mission dependent data to employees in the field – recreating these undocumented workflows in the event of a disaster would be costly.  Considering the sensitive nature of certain pieces of data moving through these workflows, securing data was also a priority.

Pro2col worked alongside the customer to develop an understanding of their processes and document their key requirements.  Armed with this information, we were able to identify the technologies that would meet these requirements, and help them through the selection and evaluation process.  Specifically, the company were looking to:

  1. Secure the sending and receipt of confidential business and customer data
  2. To further automate the retrieval of time sensitive data from remote systems to provide realtime updates of vital information to their workforce at regular intervals throughout the day.

In terms of features, the company were looking for:

  • A solution that would support FTP, SFTP/FTPS, HTTP/HTTPS.
  • A user-friendly GUI for administration and configuration as apposed to CLI and scripts.
  • The ability to schedule time or event driven actions.
  • Pre and post processing ability i.e.; archiving, moving, deleting files that have been processed.
  • The capability to report failed transfers and system problems.
  • Potential to integrate with HP OpenView for system reporting.
  • Ability to perform ad hoc file transfers manually and simply via web browser or email plugin.
  • Ability to run concurrent processes.
  • Automatic fail over to a backup system.
  • Compatibility with Windows 2008 R2.
  • Integration with Microsoft Active Directory.

Based upon the information we gathered through the consultancy process, we were able to recommend the most suitable solution to meet their objectives – in this case, a combination of Ipswitch MOVEit Central and MOVEit DMZ with the Ad Hoc Module.  MOVEit Central was specifically designed to automate a wide range of mission critical file transfers, enabling the company to automatically “pull, process, and push” all files to any platform, including network architectures, operating systems, and protocols.  It would integrate directly into their existing data workflows, consolidating their automated file transfer tasks and allowing IT staff to create/administer them via a user friendly GUI interface.  For the ad hoc aspect of their file transfer requirements, MOVEit DMZ with the ad hoc module provided a secure, end to end solution for employees to send and receive mission critical files.

This just gives you an idea of the potential of these solutions and the levels of automation that can be achieved.  Within an enterprise environment such as a large utility company, an managed file transfer solution can save hours of manual processing and ensure that all the information is where they need it, when they need it.  As with all of our customers, we’ll be working with this organisation in the months and years to come, and look forward to helping them achieve their maximum ROI.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Managed File Transfer is for SMB’s too

Recent research suggests that the SMB sector is coming under an increasing number of cyber attacks from hackers and cyber criminals.  Figures published by Symantec revealed that the number of attacks on companies with fewer than 250 staff had doubled in the six months to June 2012.  Similarly AVG reported that it was predicting an increase on the £3.37 million of damage inflicted on UK SMB’s last year.  Verizon confirmed that the majority of 855 data breaches analysed in their Data Breach Investigation Report had been inflicted upon SMB’s.

The question is; why are SMB’s being targeted?  It would appear that the modest budgets available to small companies make them easier targets, Small Businessgiventhe lower level of expenditure on information security technologies.  Especially since SMB’s frequently work as suppliers for larger organisations, making them a more attractive proposition to hackers than the more conventional direct attack on the corporate target.

What does this have to do with managed file transfer I hear you ask?  MFT has generally been considered a technology more appropriate to corporate organisation’s – with its big price tag and grand title.  Times are changing for the MFT marketplace and there are now some very comprehensive solutions available at really competitive prices.  For those SMB’s considering how they should secure data transfers with their larger corporate customers, technologies exist at around the £4,000 mark which provide an equal amount of functionality as many corporate companies have.

To discuss your file transfer requirements, whether you’re an SMB or multi-national organisation, get in touch with Pro2col or give us a call on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Globalscape Hosted FTP Offering Goes Live in the UK

We’re very pleased to announce that Pro2col has been selected by GlobalSCAPE as their key partner to launch their secure hosted FTP solution - Hosted EFT Server here in the UK.  Over the past couple of weeks we’ve been finalising the offering, so I thought we would give you a quick insight into what’s available.

Hosted EFT provides you with your own hosted version of Globalscape’s award winning EFT Server.  Deployed at Peer1′s world class UK data centers,Hosted FTP Server we have multiple hosted FTP instances set up and ready to go.  There are various options on disk space and bandwidth, along with a range of additional modules available including High Security, Auditing & Reporting and Web Transfer Clients for multi Gigabyte uploads.  This means your company can benefit from the features of EFT Server, without the upfront costs of infrastructure and licence costs.  We’ll provide you with your own dedicated IP address and help you to take advantage of the numerous branding options – all with an unlimited number of users.

If you’d like to take advantage of Globalscape’s Hosted EFT Server provided by Pro2col, then get in touch for a no obligation demonstration or free 30-day evaluation.  We’ll show you just how easy it is to be up and running in a couple of minutes so you can start simply and securely exchanging files with your trading partners and customers.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Ad Hoc Managed File Transfer – Microsoft Outlook, Lotus Notes but nothing for Apple Mac?

It would be fair to say that a clear majority of the IT professionals we speak to on a weekly basis want to regain some control over the data that their employees send.  In the past, many IT administrators would start with the customary approach of limiting the size of email attachments that could be sent via the email server. However, this only resulted in employees searching for alternative ways of sending files – frequently the choice was a SaaS/Cloud based, consumer grade solutions such as YouSendit, Mailbigfile, Dropbox, the list goes on!

In general employees intentions are honourable but when they need to ‘get the job done’, they adopt for the path of least resistance i.e quick and easy solutions that they can sign up to for free.  This however creates a minefield for the IT and Compliance departments who tackle a daily myriad of issues around tracking, governance and security of corporate data. With no online service completely immune from attack (take the recent announcements around LinkedIn and Yahoo) the issue is very real and pressing.

Inevitably the bottom line is that the business needs to invest in an ad hoc file transfer solution that enables employees to send files on an ad hoc basis.  Fortunately for businesses this issue has existed for some time, and a number of the managed file transfer vendors we work with offer solutions to these problems.  Selecting the right solution depends upon the number of users, security requirements, size of the data sets, preferred deployment option (on-site/hosted/SaaS), specific functionality required and budget – but that’s where we come in to help you through the vendor selection process.

Finally let’s not forget that there are a wide variety of email clients used in today’s businesses.  The most dominant – Microsoft Outlook has been well addressed by the majority of managed file transfer vendors.  Lotus Notes on the other hand hasn’t received the same time and attention but there are a couple of options out there, I guess this is down to size of their shrinking market share.  When it comes to Apple however everyone falls short.  This has little to do with the developers ability – more with the architecture of Apple Mail, Microsoft Entourage or Outlook for Mac, none of which support plugin’s in the same way.  Still, all of the vendors provide a webmail facility if you need to support Mac OS users.

For further assistance in selecting the most appropriate ad hoc file transfer solution for your business please get in touch with the UK’s leading MFT experts on 0333 123 1240.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Managed File Transfer – Remote Access Removed or Remote File Termination?

Managed file transfer solutions are the ideal technology to share files securely with remote trading partners and customers.  This is what they were designed to do and in the most part, they all provide a simple interface to achieve this.  Some provide a web browser facility, whilst others offer additional plugins such as a Microsoft Outlook Plugin or less conventionally, a Lotus Notes Plugin.  However the one common way in which the majority of these technologies work is for the file to remain on a web server, to be collected by the intended recipient.  This then provides the system with an audit trail of when the file was downloaded and in most cases, to which IP address – confirming the users location.

This is great in most instances but imagine a situation where you’ve sent an email using the plugin within your email client of choice, only to later find that pull back emailyou’ve attached the wrong document.  Worse than that, it contains sensitive customer or financial data – what then?  You make a frantic call to your IT Help Desk asking them to delete the file or remove access to it.  You then get confirmation from the kind Support Desk person to say that they’ve action your request.  Great, you’re in the clear…. but upon returning to your email you see that your customer has already downloaded the file and you have the email notification to prove it.  Where you usually greet the notification with a shrug of the shoulders in the knowledge that the managed file transfer solution has once again done its job, this time it leaves you cold!

Fortunately not all managed file transfer solutions are built the same.  Some have DLP capabilities ensuring that sensitive data is quarantined whilst one vendor we work with provides a very unique capability, remote file termination.  How is this done I hear you ask, well give us a call and we’ll tell you!  Suffice to say, this type of technology provides the highest levels of security available therefore isn’t pitched at your general ad hoc file transfer users.  It’s more appropriate for those companies dealing with extremely sensitive data, e.g. data needing to be exchanged between board members, patent information, IPO, MBO, acquisitions and mergers information and so on.

If your business has a requirement to move data in a more secure manner than your existing file transfer technology allows, speak to Pro2col as we’ve got technologies that can handle the most sensitive of data.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

A Secure Alternative to Dropbox – Welcome to Managed File Transfer

Once again here we are discussing Dropbox as they attempt to minimise the damage to the company brand following the latest reports announcing a further security breach.

Dropbox announced yesterday on their blog that after hiring some “outside experts” to investigate why certain Dropbox users were getting spam to their non-public Dropbox email addresses, the experts concluded that a Dropbox employee’s account was hacked and the details were lifted from a project document.  No details were provided on the numbers of users affected, what other information was compromised or why account details were stored in an unencrypted document.

Dropbox Spamming

Ordinarily we’re singing the praise of managed file transfer solutions as an alternative to custom built, cumbersome, unsupported, legacy FTP servers. However, a quick search on Google this morning showed me that perhaps more people are now searching the internet for a secure alternative to Dropbox, likely due to the broadcast of recent security issues.

Dropbox Alternative

 

 

A business’ decision to select Dropbox or any other cloud based technology for storing and sharing company data, should be taken with caution.  Cloud based solutions in general offer significantly more advanced features than your average in house managed file transfer solution, which end users have grown accustomed to.  Why?  Because they’re developing for a single, controlled environment over which the vendor has complete control whereas a managed file transfer vendor has to develop for multiple server based operating systems and the QA process can be lengthy, thus inhibiting progress of a product.

There are however a number of reasons why a greater degree of security can be achieved by deploying an in house managed file transfer solution, here are four of them:

  1. It’s not a big Cloud brand target with hundreds and thousands of users
  2. Data is stored local to you and you have complete control over the security policies
  3. Access is securely controlled by AD/LDAP and other user group contained within corporate authentication tools
  4. Reporting and blacklisting tools mean that hackers can be monitored and banned very quickly

If you are concerned about the lack security, control, auditing and governance of your business data then speak to Pro2col.  We can help to analyse your requirements, select the most appropriate vendors and assist right through the evaluation process and beyond.  Managed File Transfer is fast becoming a necessary business tool and is certainly a more than adequate alternative to Dropbox.

Share on TwitterShare on FacebookShare on LinkedIn+1
 
© Pro2col Ltd 2012 | Terms of Sale | Privacy Policy | Sitemap
Part of the Pro2col Group