conversational file transfers and data security · greetings earthlings! when it comes to the world...
TRANSCRIPT
CONVERSATIONALFILETRANSFERSANDDATA
SECURITY
COVERBEINGWORKEDON
Needhighqualitylogoforcover(EPS)
Atransparentlogo(ie.nobackground)sentasaPNGorEPSfile.
SponsoredbyIpswitch
Today’shard-workingITteamsarereliedupontomanageincreasingcomplexityanddelivernear-zerodowntime.IpswitchITandnetworkmanagementsoftwarehelpsthemsucceedbyenablingsecurecontrolofbusiness
transactions,applicationsandinfrastructure.
Ipswitchsoftwareispowerful,flexibleandeasytotry,buyanduse.Thecompany’ssoftwarehelpsteamsshinebydelivering24/7performanceandsecurityacrosscloud,virtualandnetworkenvironments.IpswitchUnifiedInfrastructureandApplicationsMonitoringsoftwareprovidesend-to-endinsight,isextremelyflexibleand
simpletodeploy.Thecompany’sInformationSecurityandManagedFileTransfersolutionsenablesecure,
automatedandcompliantbusinesstransactionsandfiletransfersformillionsofusers.
Ipswitchpowersmorethan150,000networksspanning168countries,andisbasedinLexington,Mass.,withofficesthroughouttheU.S.,Europe,AsiaandLatin
America.
www.ipswitch.com
ConversationalFileTransfersandDataSecurity
ByBrienPosey
©2017ConversationalGeek®
ConversationalFileTransfersandDataSecurityPublishedbyConversationalGeek®Inc.
www.conversationalgeek.com
Allrightsreserved.Nopartofthisbookshallbereproduced,storedinaretrievalsystem,ortransmittedbyanymeans,electronic,mechanical,photocopying,recording,orotherwise,withoutwrittenpermissionfromthepublisher.Nopatentliabilityisassumedwithrespecttotheuseoftheinformationcontainedherein.Althougheveryprecautionhasbeentakeninthepreparationofthisbook,thepublisherandauthorassumenoresponsibilityforerrorsoromissions.Norisanyliabilityassumedfordamagesresultingfromtheuseoftheinformationcontainedherein.
TrademarksConversationalGeek,theConversationalGeeklogoandJ.theGeekaretrademarksofConversationalGeek®.Alltermsmentionedinthisbookthatareknowntobetrademarksorservicemarkshavebeenappropriatelycapitalized.Wecannotattesttotheaccuracyofthisinformation.Useofaterminthisbookshouldnotberegardedasaffectingthevalidityofanytrademarkorservicemark.
WarningandDisclaimerEveryefforthasbeenmadetomakethisbookascompleteandasaccurateaspossible,butnowarrantyorfitnessisimplied.Theinformationprovidedisonan“asis”basis.Theauthorandthepublishershallhaveneitherliabilitynorresponsibilitytoanypersonorentitywithrespecttoanylossordamagesarisingfromtheinformationcontainedinthisbookorprogramsaccompanyingit.
AdditionalInformationForgeneralinformationonourotherproductsandservices,orhowtocreateacustomConversationalGeekbookforyourbusinessororganization,pleasevisitourwebsiteatConversationalGeek.com
PublisherAcknowledgments
Allofthefolksresponsibleforthecreationofthisguide:
Author: BrienPosey
ProjectEditor: J.PeterBruzzese
CopyEditor: JohnRugh
ContentReviewer: KarlaReina
NotefromtheAuthor
GreetingsEarthlings!
WhenitcomestotheworldofIT,thereareafewphilosophiesthatseemtobeuniversallytrue.No,I’mnottalkingaboutMoore’sLaw.I’mtalkingaboutsimplerphilosophieslike“garbagein,garbageout”orPICNICerrors.Fortheuninitiated,PICNICstandsfor“ProblemInChair,NotInComputer”.
Puttingallthejokesaside,oneofthemostfundamentaltruthslearnedoverthelastseveraldecades,isthatdataismuchmoreusefulwhenitisshared.Thinkaboutit…Ifthatstatementwasn’ttrue,thenwewouldn’thavesocialmediasiteslikeFacebookorcollaborativeplatformsforbusiness,likeSharePoint.
Thequestionisnotdowewanttosharedata(ofcoursewedo).Thequestionishowdoweaccomplishthistaskwithoutcompromisingquality,securityandahostofotherfilesharingworries.Thatiswhatthisbookwillhelptoidentifyandanswer.
Ihopeyouenjoyit!
BrienPosey
The“Conversational”Method
Wehavetwoobjectiveswhenwecreatea“Conversational”book:First,tomakesureit’swritteninaconversationaltonesoit’sfunandeasytoread.Second,tomakesureyou,thereader,canimmediatelytakewhatyoureadandincludeitinyourownconversations(personalorbusiness-focused)withconfidence.
Thesebooksaremeanttoincreaseyourunderstandingofthesubject.Terminology,conceptualideas,trendsinthemarket,andevenfringesubjectmatterarebroughttogethertoensureyoucanengageyourcustomer,team,co-worker,friendandeventheknow-it-allBestBuygeekonalevelplayingfield.
“GeekintheMirror”Boxes
Weinfusehumorintoourbooksthroughbothcartoonsandlightbanterfromtheauthor.Whenyouseeoneoftheseboxes,it’stheauthorsteppingoutsidethedialogtospeakdirectlytoyou.Itmightbeananecdote,itmightbeapersonalexperienceorgutreactionandanalysis,itmightjustbeasarcasticquip,butthese“geekinthemirror”boxesarenottobeskipped.
WithintheseboxesIcansharejustaboutanythingonthesubjectathand.Read’em!
FileSharing101
Sincethereisobviouslyvalueinsharingdata,thenthenextlogicalquestionbecomes,whatisthebestwaytosharedata?Ofcoursethisseeminglysimplequestiondoesn’talwayshaveasimpleanswer.Therearecountlessmethodsforsharingdata,andeachhasitsadvantagesanddisadvantages.Letmegiveyouanexample.OneofthesimplestmethodsforsharingdataisE-mail.However,E-mailisn’talwaysthebestchoice.E-mailisn’talwayssecure,mailboxescommonlyhaveattachmentsizelimits,themessagemaygetblockedbyspamfilteringorattachmentfiltering,andE-maildoesn’treallyworkforsharingstructured(database)data.
ThepointisthatE-mailworksreallywellincertainsituations,butthereareotherthingsthatitjustdoesn’tdoverywell.Thesamecanbesaidforothermethodsofsharingdata.Takesocialmediaforexample.MostofmyeditorsareonFacebook,butI’mnotexactlyinclinedtogetmynextarticletotheeditorbypostingitscontentonFacebook.Amoreprivatemediumisbettersuitedtothatparticulartask.
WhenIwasakid,myfatherusedtotellmethatitisalwaysimportanttousetheright
toolforthejob.OfcourseatthetimeIwasaMacGyverwannabeandwasalotmore
interestedinimprovising.AsIhavegottenolderhowever,Ihavecometounderstandthewisdomofmyfather’sadviceandalsorealizethattheconceptofusingtheright
toolforthejobisvitaltosuccessintheworldofIT.
Similarly,socialmediasitescansometimestake,shallwesay,certainlibertieswithyourdata.Lastweekforexample,IwasinCanadaflyingaseriesofmicrogravityflightswiththeCanadianNationalResearchCouncil.Sincebeingweightlessisn’tsomethingthatmostpeopledoallthetime,oneoftheguysthatIwasflyingwithcompiledsomeofthevideofootageandpostedittooneofthesocialmediasites.Thevideowasrecordedin4Kandlookedgreat.Oncepostedhowever,thesitedownsampledthevideoinanefforttoreduceitsfilesize.Theendresultwasagrainy,somewhatdistortedvideowithalowframerate.Thepointisthatifyouaremakingdataavailabletoothers,thenyouwantthedatathattheyreceivetobeidenticaltowhatyousent.
FileSharingOptions(from80’stotoday)Filetransfershavebeenapartofcomputingsincetheverybeginning.Evenwaybackinthe1980s,therewerefilecopy
toolsbakedintotheWindowsoperatingsystem.IvividlyrememberasachildusingDOSfunctionssuchastheCopycommandorMicrosoft’sDiskCopytool.ThepointisthattheneedfortransferringfilesfrompointAtopointBhasexistedfordecades(backthenmanyfilecopiesoccurredoffline,usingremovablemedia),andcountlesssolutionsexistforaddressingthisneed.Tothisday,MicrosoftstillbakesfiletransfertoolsintotheWindowsoperatingsystem,buttherearealsoplentyofthirdpartytools,mostofwhichhavecapabilitiesthatfarexceedthoseofthenativeOStools.
IrememberthefirsttimeIheardtheterm‘sneakernet’todescribethephysicaltransferofelectronicinformationusing(atthattime)
floppydisks.Thesedayswehavemoresophisticatedmeans(USBsticks)butthe
termstillapplies!
Therearetwomainthingsthatyouneedtoknowaboutthirdpartyfiletransfertools.First,therearemanydifferentwaysoftransferringfiles.Assuch,filetransfersoftwarecanbecategorizedbasedonthefiletransfermethodthatisbeingused.
Theotherthingtounderstandisthateachvendorhasitsownwayofdoingthings.Eventhoughtwoproductsmighttakethesamebasicapproachtofiletransfers,atleastsomeofeachproduct’sfeaturesareprobablygoingtobeunique.Theremayalsobesignificantdifferencesbetweenotherwisesimilarproductsthathavenothingtodowiththefeatureset.Forinstance,ProductAmightuseamoreefficienttransferalgorithmthanProductB.Similarly,ProductBmightbemoresecurethanproductA.Thepointisthattherecansometimesbemajordifferencesbetweenseeminglysimilarfiletransfertools.
Forthepurposesofthisbook,Iamgoingtoavoiddoinganysortofheadtoheadvendorcomparison.Theresimplyisn’tenoughspaceinashortbooktoobjectivelycomparealloftheleadingfiletransferproducts.Soratherthangetintoaproductspecificdiscussion,Iwantinsteadtotaketheopportunitytodiscussthevarioustypesoffiletransfersoftwarethatcurrentlyexist.AsIdo,Iwillmakeitapointtotalkaboutwhateachtypeisgoodfor,andnotsogoodfor.
Cloud-BasedSharing
OneofthemostcommonmethodsofgettingafilefrompointAtoPointBistousecloudstorageasanintermediary.Therearemanysuchservicesavailable.SomeofthemorepopularonesincludeMicrosoftOneDrive,GoogleDrive,andDropBox.Technically,cloudstorageisn’tthesamethingasfiletransfer,butthetwokindofgohandinhand.
Let’ssupposeforamomentthatsomeoneneedstosendalargefiletoafriend.Ratherthantransferringthefiledirectly,theycouldoptinsteadtouploadthefiletoaclouddrive,andthensharethefilewiththeirfriend.Therecipientofthefilecouldthenusethefile’sURLtodownloadthefile.Soeventhoughcloudstorageisn’treallythesamethingasafiletransfer,cloudstoragedoesenableatwo-step(uploadanddownload)transfer.
Likeanythingelse,usingcloudstoragetotransferfileshasitsgoodpointsanditsbadpoints.Ontheupside,manyofthecloudstorageproviderswillgiveusersfreestoragespace.Forexample,MicrosoftgivesOneDriveusers5GBoffreestoragespace.
AnotherbenefittousingthepubliccloudasamechanismfortransferringfilesisthatcloudstorageproviderssupportlargerfilesthancanbegenerallytransferredthroughE-mail.ManyE-mailaccountshaveanattachmentsizelimitof25MB,althoughsomearefarmorerestrictive.Cloudstoragemakesiteasyto
circumventE-mailattachmentsizelimits.Betterstill,becausecloudstorageisoftenaccessiblethroughaWebinterface,neitherthesendernortherecipientarelikelytoneedanyspecialsoftwarebeyondaWebbrowser.
Ofcoursecloudstoragedoeshaveitslimits.Onedisadvantagetousingcloudstorageisthatfreestorageinthecloudmayprovetobeinadequatefortransferringlargefiles.Letmegiveyouanexample.
AmomentagoImentionedthatMicrosoftwillgiveOneDriveusers5GBoffreestorage.Admittedly,that’splentyofspacefortransferringpictures,documents,andthatsortofthing.Itmighthowever,beinadequateforthosewhoneedtotransfervideo.
Aspreviouslymentioned,IspentsometimeinCanadalastweekdoingzerogravityresearch.Overthecourseofaweek,Ifilled24memorycardswithvideo.Thosecardswere32GBeach.Itherebyaccumulatedover700GBofvideodata.Thesheervolumeofthedatacompletelyruledoutanychanceofusingfreecloudstorageasamechanismforsharingthedatawithotherswhowantedacopy.OneDrive’s5GBlimitwouldnotevenbegintoaccommodatethevideodatafromasinglecamera,muchlessall24.
Ifyouareonlytransferringtext,thenthe5GBlimitmightnotinitiallyseemlikeanissue.Afterall,manydocumentsarelessthan1MBinsize.Eventhisbook,withimagesandall,onlyconsumesabout5MBofspace.Inspiteofthemodestamountofspacerequiredforstoringdocuments,a5GBlimitcouldquicklybecomeproblematicifyouaretransferring1000recordsaday,orifyouaresharingthe5GBofspacewithallofyourcoworkers.
Therearealsoprivacyissuesthatmustbeconsidered.Ifyouuploadasensitivedocumenttoacloudportal,thenanyonewithaccesstotheportalcouldconceivablydownloadthe
document.Abettersolutionisusuallyrequiredformakingsurethatsensitiveorregulateddataisonlyaccessiblebytheintendedrecipient.
FTP
AnotherpopularoptionfortransferringfilesisFTP.FTPstandsforFileTransferProtocol.ItisadatatransferstandardthatisasoldastheInternetitself.Whileitiseasytodismisslegacytechnologiesasirrelevant,FTPisstillverymuchaliveandwell.Infact,whenIwrotemylastbook,thepublisherhadmesubmitthemanuscript,accompanyinggraphics,andsomepromotionalvideosviaFTP.
Personally,ItendtothinkoftheFTPprotocol’sageasoneofitsgreatestassets.BecauseFTPhasbeenaroundforsolong,itisuniversallysupported.Furthermore,theprotocolhasbeenprovenoverthecourseofseveraldecadestobestableandreliable.
Therearehowever,acoupleofdisadvantagestotransferringfilesbywayoftheFTPprotocol.ThebiggestdisadvantageisthatFTPfiletransfersrequireacomputertoactasanFTPserver.Thisisn’taproblemwhendataissharedaspartofanon-goingrepeatablebusinessprocessbecausetheserverprovidesthebenefitofcontrol,security,auditinganddataretention.Allgoodthings.ThesemaybenecessaryforSLA’s,complianceandsoforth.However,thismaybeanissuewhenthetransferismore‘adhoc’orevenfrequentbutnotscheduledandnotsubjecttoSLA’s.Wherethingsbecomeproblematicisiffiletransferneedstooccurbetweenindividuals.Letmeexplain.
WhenIwasakidgrowingupinthe80s,mostpeoplethatIknewhadneverheardoftheInternet.Thoseofuswhospenttimeonlinedidsobyusingmodemstodialintoremotehosts.Thosehostscameintwodifferentflavors–publicandprivate.Thepublichostswere,atthetime,referredtoasBulletin
BoardServices(BBSs).ImaginehavingtodialindirectlytoaWebsiteratherthandialingintotheInternetandthennavigatingtoyourWebsiteofchoice,andyoucanbegintogetafeelforwhatitwasliketouseaBBS.
Theotherconnectivityoptionwaspeertopeer.Withabitofpre-planning,itwaspossibletodialintoafriend’scomputerandestablishaprivatesession.Youcouldusethesesessionstochat,ortotransferfiles.TheclientsoftwarethatmyselfandmyfriendsusedbackthensupportedFTPfiletransfers(amongotherstandards).Assuch,itwasrelativelyeasytosendafiletoafriendviaFTP.
Aspreviouslymentioned,FTPisstillwidelyusedtoday.Inmostcaseshowever,theclientcomponentisjustthat–aclient.TheassumptionisthattheclientwillconnecttoadedicatedFTPserver,liketheonethatmypreviouslymentionedpublisheruses.MostmodernFTPclientsdonotsupportserverless,peertopeerfiletransfers.
TheotherdisadvantagetoFTPisthatbecauseoftheprotocol’sage,FTPissomethingofano-frillsprotocol.FTPdoesagreatjobofcopyingdatafrompointAtopointB,buttheprotocolislackingwhenitcomestosecurity,auditlogging,andthatsortofthing.Thisisn’ttosaythatanFTPsessioncannotbesecuredandaudited,butratherthatthosetypesoffunctionstendnottobenativetotheFTPprotocol.Thatbeingthecase,auditing,security,andotherfunctionsarehandledasfunctionsoftheFTPserversoftware,theclientsoftware,orboth.JustkeepinmindthatalthoughFTPisastandardprotocol,FTPserversandFTPclientscanvarywidelyintermsoffeaturesandcapabilities,soitisimportanttochooseasolutionthatmeetsyourrequirements.
BitTorrents
Anotheroptionfortransferringfilesistouseabittorrent.IhavetobehonestwithyouandtellyouthatIconsiderednot
writingaboutthisparticulartechnologybecausebittorrentshavegottenareallybadreputationinrecentyears.Evenso,thisreputationstemsfromhowthetechnologyisusedratherthanfromproblemswiththetechnologyitself,soIdecidedtogoaheadandincludeasectiononbittorrents.
Abittorrentisapeertopeerfilesharingprotocol.Thethingthatmakesabittorrentdifferentfromotherformsofpeertopeerfilesharingisthatthistechnologyisdesignedtoworkacrosslargenumbersofcomputers.Generallyspeaking,eachofthesecomputersactsasbothaclientandaserver.
Supposeforamomentthatyouwantedtodownloadaparticularfilefromabittorrent.Youwouldfirstneedtoinstallabittorrentclient,andthensearchforthefilethatyouwanttodownload.Unlikea“normal”peertopeerfilesharingsolutionhowever,thefilewilltypicallyexistinmultiplelocations.Somebittorrentparticipantsthatactasseederswillhavecopiesofthefile,aswillanyonewhohaspreviouslydownloadedacopyofthefile.Dependingontheclientthatyouareusing,youmayhavetheabilitytopickthesourcefromwhichyouwanttodownloadthefile,orthesoftwaremaydownloadthefilethroughaseriesofparalleldatastreamsfromthevarioussources.Thisapproachkeepsanyonesinglecomputerfromhavingtobeartheburdenoftransferringtheentirefile.
Sowhyhavebittorrentsgottensuchabadrep?Well,thereareafewdifferentfactorscontributingtothebittorrent’snotoriety.First,filetransferscanbesomewhatunpredictable.Remember,filesarecommonlyhostedonotheruser’spersonalcomputers,notonsomemassivecloudserver.Assuch,youneverknowwhenabittorrentparticipantmightturnofftheircomputer,haveadropinavailablebandwidth,orevendeletethefilefromtheirharddrive.Asageneralrule,popularfilescanbedownloadedmorereliablythanlesspopularfiles,becausebydefinitiontherearemorecopiesof(andthereforemoresourcesfordownloading)popularfiles.
Asecondreasonwhybittorrentshavegottenabadreputationisbecausetheytendtobeverylooselycontrolled,andhaveonoccasionbeenusedintheproliferationofmalware.Therehavealsobeeninstancesinwhichhackersexploitedbittorrentclientstogainentryintobittorrentparticipant’scomputers.
Byfarthebiggestreasonwhybittorrentshavegainedabadreputationisbecausetheyareoftenusedforillegalpurposes.Formanyyears,bittorrentswerethetoolofchoice(andinsomecasesstillare)forthosewhowantedtodownloadbootlegcopiesofmusic,movies,andsoftware.RememberwhathappenedtoNapsterbackin2001?Well,thesoftwarethatNapsterusedbackthenworkedverysimilarlytoabittorrent.
Onemoredisadvantagetobittorrentsisthegenerallackofprivacy.Becausebittorrentsdistributedataacrossnetworkpeers,theyarenotusuallysuitablefortransferringdatathatneedstoremainprivate.
Inaddition,manyBittorrentclientsexposeaparticipant’sIPaddresstothosewhoareseedingordownloadingdatacopies,whichcanposeamajorsecurityrisk.Infact,ithasbecomecommonforBittorrentuserstoleverageVPNsoftwareinanefforttoobscuretheirIPaddress.
Ithinkit’ssafetosaythattheaveragepersoniswellfamiliarwithE-mail,sothereisnoneedformetoexplainwhatE-mailisandwhatitdoes.Evenso,IdowanttotakeamomentandbrieflydiscussE-mailasitrelatedtofiletransfers.
Aspreviouslyexplained,E-mailcanbethoughtofasanalmostuniversalplatformforfiletransfersbecausealmosteveryonehasatleastoneE-mailaccount.However,E-maildoeshavethreemajorlimitations.
First,asImentionedearlier,mostmailboxeshaveanattachmentsizelimit.Thesizelimitisusuallysetbytheadministrator,exceptinthecaseofpublicmessagingplatformssuchasHotmail,Yahoomail,andGmail.Typically,thesizelimitisabout25MB,butthelimitcanbealotlower.IhaveeditorswhoIhavetroublesendingdocumentsto,becausetheirmailboxeshavea5MBlimit.
Evenifyouhaveamailboxwithnoattachmentsizelimit,usingE-mailasafiletransferplatformcanstillbetricky,becauseoddsarethatanyoneyoumightbesendingamessagetowillhaveanattachmentsizelimitontheirownmailbox.
AsecondlimitationthatcangetinthewayofusingE-mailasafiletransferplatformisthemailboxquota.Allofthosemessagesthatgetsentbackandfortheverydayhavetobestoredsomewhere,andifleftunchecked,themailboxdatabasecangrowtobesolargethatitexceedstheunderlyingphysicalstoragecapacity.Assuch,administratorsoftenplacequotasonmailboxestokeepthosemailboxesfrombecomingtoolarge.Evenifstoragespaceisn’tanissue,someorganizationsusemailboxquotastolimitmailboxsizesinanefforttokeepbackupssmallandmanageable.
Thereareanumberofotherreasonswhymailboxquotasaresometimesused.Theimportantthingtounderstandisthatmailboxquotasregulatethemailboxsize,nottheattachmentsize.Therefore,ifamailboxquotaexists,thenitwilllimitthemaximumsizeofanymailboxestowhichitapplies.Thismeansthatifsomeonesendsyouafile,thenthemessagecouldberejectedasaresultofaquotaviolation,eveniftheattachmentitselfisconsiderablysmallerthantheattachmentsizelimit.
OnemorereasonwhyE-mailisimpracticalforuseasafiletransferplatformisbecauseE-mailisinsecure.Really.EventhoughITprosworkreallyhardtosecuremailserversandusermailboxes,messagesareoftensentacrosstheInternetinanunencryptedformat.Nowthereareobviouslyexceptionsto
therule,butmanymailsystemsdonotencryptE-mailmessagessentacrosstheInternet.ThismeansthatE-mailisapoorchoiceforsendingmessagescontainingsensitiveattachments.
E-mailcanbeespeciallyproblematicfororganizationsthataresubjecttoregulatorycompliance.HIPAAforexample,imposesseverepenaltiesfortheunauthorizeddisclosureofelectronicprotectedpatienthealthinformation.SendingpersonallyidentifiablemedicaldatathroughE-mailrisksunwanteddataexposure.Notonlymightthemessagebeinterceptedintransit,buttherecipientcouldconceivablyforwardthemessagetosomeoneelse.Agoodfiletransfersolutionshouldensuredatasecurity,andallowthedata’sownertoretainverifiablecontrol(throughaccesslogs)overaccesstothedata.
ModernFileTransferSolutionRequirements
Movingfromthepasttothepresent(andpossiblefuture)forfilesharing,let’slookatnext-genfiletransfersoftwaretohelpusgobeyondthelimitsofFTP,bittorrent,emailandsoforth.Andlet’salsomapoutwhatkindsofrequirementsyoumighthaveandneedforyourcurrentfiletransfersolutionwithinyourbusiness.
NextGenerationFileTransferSoftwareAspreviouslydiscussed,FTPworksreallywellasafiletransfermechanism,buthasitslimitations.BecauseFTPwascreatedseveraldecadesago,itwasn’treallydesignedtohandletoday’sfiletransferchallenges.SomevendorshavecreatedFTPservers
andFTPclientsthatprovidemodernsecurityandcompliancebeyondwhatisnativelyprovidedbytheFTPprotocol.Othervendorschooseinsteadtobasetheirfiletransfertoolsaroundmodernprotocolsandmodernsecurityandcompliancestandards.
RegardlessofwhetherafiletransferapplicationisbasedonFTPorsomeotherprotocol,therearesomefeaturesthatyoushouldlookforbeyondthebasicabilitytomovefilesfrompointAtopointB.
SecurityandCompliance
Firstandforemost,thesoftwareneedstobeabletotransferfilessecurely.Inmanycaseshowever,thesecuretransferofdataisnotenoughbyitself.Thisisespeciallytrueforthosewhoworkinregulatedindustries,wheretheremaybesevereconsequencesfortheimproperhandlingorunauthorizedexposureofdata.Infact,regulationscommonlyrequireorganizationstobeabletoprovethatfiletransfershappenedsecurely.Itmayalsobenecessaryforanorganizationtoprovethatafilewastransferredbyanauthorizedsendertoanauthorizedrecipient.
Theonlywaytoguaranteethislevelofregulatorycomplianceisthroughanaudittrail.Assuch,thesoftwareneedstosecurelyloginformationaboutthesender,recipient,andcontentofeachtransfer.Theorganizationmustbeabletoproducethisdataintheeventofacomplianceaudit.
Althoughasoftwaregeneratedauditlogshouldbeconsideredtobeanessentialfeature,theauditlogmaynotbeenoughtoensureregulatorycompliancebyitself.Somesetsofregulationshaverequirementsforhowtheauditlogistobehandled.Ataminimum,theorganizationmustusuallyensurethattheauditlogremainssecureandisnottamperedwith.
Dependingontheregulationsthatyourorganizationissubjectto,theremaybearequirementforanauditortobeableto
reviewtheauditlogs.Insuchsituations,itisimportantforthefiletransfersoftwaretoprovidesecure,authenticatedaccesstothelogsthrougheitherasearchengineoraneDiscoveryportal.
ServiceLevelAgreements
AfiletransferrequirementthattendstobeeasytooverlookisadherencetoServiceLevelAgreements(SLAs).It’stemptingtothinkofSLAsintermsofworkloadavailability,buttheremaybeotherSLArequirementsdependingontheorganization’soperationalrequirements.Forexample,theremaybeanSLArequirementtotransferafiletoapartnereverymorningby8:00AM.
AdherencetothistypeofSLArequirestwothingsfromafiletransferapplication.First,thefiletransfersoftwaremustmaintainalogofanyandalltransferoperations.HavingsuchalogistheonlywaytoproveadherencetoanSLA.
TheotherthingthatisusefulformaintainingcompliancewithafiletransferSLAisanautomationengine.Ifthereisastrictrequirementfortheorganizationtotransferafiletosomeoneataspecifictime,thenthebestwayofmeetingthatrequirementistoremovethepotentialforhumanerrorbyschedulingthefiletransfer.Ideally,filetransfersoftwareshouldbeabletosupportscheduled(orevenscripted)uploadsanddownloads.
UniversalCompatibility
Throughoutthisshortbook,Ihavetalkedaboutseveraldifferentoptionsfortransferringfiles.Eachoftheseoptionshaditsprosandcons,buttherewasonethingthatallofthemethodshadincommon.Noneofthemaretrulyuniversal.
Nowadmittedly,Istatedearlierthat“E-mailcanbethoughtofasanalmostuniversalplatformforfiletransfersbecausealmosteveryonehasatleastoneE-mailaccount”.Ifweare
definingauniversalplatformasbeingsomethingthatalmosteveryonehasaccessto,thenyes,E-mailprobablyistheclosestthingthatthereistobeingauniversalfiletransferplatform.
Ifyoulookatthingsanotherwayhowever,thenthereisnothingatalluniversalaboutE-mail.Thinkaboutit…Youcan’tE-mailafiletoanFTPserver.Acloudstorageproviderisn’tgoingtousetheSimpleMessageTransferProtocol(SMTP),theprotocolusedbyE-mailservers,totransferafilethatyouareabouttodownload.
WhileitistruethatE-mailisuniversalinthesensethatmostpeoplehaveanE-mailaddress,E-mailisnotuniversallycompatiblewithotherfiletransfermethods.
Believeitornothowever,therearefiletransfertoolsonthemarketthatcomeclosetobeingtrulyuniversal.IhaveseenconsolidatedfiletransfertoolsthatsupportFTP,E-mail,fileservers,networkshares,andmore.
This“SwissArmyknife”approachtofiletransfersisundeniablyconvenient,butimaginehowpowerfulthistypeofuniversalcompatibilitycouldbeifitweretobecombinedwithaschedulerorascriptingengine.Thesoftwarecouldautomaticallytransferfilesonascheduledbasis,usingthemethodthatispreferredbytherecipient.Thinkofitthisway.Iwritebooksandarticlesforaliving.SomeofmyeditorsprefertoreceivemanuscriptsthroughE-mail.OthersrequiremetosubmitmycontenttoanFTPsite.Atoolthatsupportsscheduledtransfersandmultipletransfermethodscouldhelpmetomakesurethatallofmycontentissubmittedontime,andusingthepublisher’spreferredtransfermethod,allwithaminimalamountofeffortonmypart.Icouldsimplycreatefolderscorrespondingtoeachofmypublishers,andthenscheduleatasktouploadthecontentsofeachpublisher’sfoldertothepublisheronascheduledbasis.Ifforinstance,apublisherrequiredcontenttobesubmittedeveryMondaymorning,Imightsetupatasktotransferthecontentsofthat
publisher’sfolderonSundaynight.AllIwouldhavetodothenistowritethecontent,anddropthefileintothedesignatedfolder.Thesoftwarewoulddotherest.
I’mguessingthatmostofyouprobablyaren’tdealingwithpublishersonaregularbasis,andthat’sOK.Thesamebasicconceptappliestoanyorganizationthattransfersfilestoexternalentities.Considerforexample,anITshopthatistransferringfilestooutsourcedproviderssuchasapaymentclearinghouseorperhapstoabusinesspartner.Havingatoolthataccommodatesallofthesewithasingletransferengine,automationtoolandauditlogcanprovidehugebenefits.
Asyoucansee,therearemanydifferenttypesoftoolsfortransferringfiles.Eachclass
oftoolshasitsadvantagesanddisadvantages.Regardlessofhowyoudecidetogoabouttransferringfiles,thetransfer
shouldbesecure,reliable,anditmustadheretoanyrequirementsthathavebeenestablishedfortheorganization.
Ultimately,tohaveasolidmethodologyforsharingdatayouneedtomapoutafewkeypoints.Thesemaynotallapplyinyourcasebuttheywillformost.Notethefollowing:
EstablishingCriteriaforSuccess
Aspreviouslynoted,therearecountlesstechniquesforsharingdata.Sinceitisimpossibletoexploreeveryconceivablemethod,let’snarrowdownthediscussionandtalkaboutfiletransfers.Let’sassumethatunstructuredfiledataneedstobecopiedfrompointAtopointB,anddefinesomerequirementsfortheprocess.
TheSoftwareMustBeReliable
Itmightsoundabitcliché,butthefirstrequirementisthatthesoftwarejusthastowork.FiletransfersoftwaremustbeabletoreliablycopydatafrompointAtopointB,withoutthesoftwarecrashingmid-stream,andwithoutthedatabecomingcorruptedintransit.Sayingthatthesoftwareneedstobereliableissuchanobviousthing,thatitalmostgoeswithoutsaying.Evenso,reliabilityisofsuchparamountimportancethatitisworthincludingintheestablishedcriteriaforsuccess.Formanyorganizations,filetransfersarekeyoperationalprocessesrelatedtobusinessfunctionssuchasbillingorcustomerservice.Ifthesoftwaredoesnotwork,thenthebusinesssuffers.
SupportabilityisanAbsoluteRequirement
Asecond,almostequallyimportantrequirementisthatthesoftwareneedstobesupported.Thisrequirementneedsabitofexplaining,sostickwithmeforamoment.
Overtheyears,Ihaveusedsomereallygreatopensource,freewarefiletransfertools.Thesetoolstendtobefeaturerich,andyoudefinitelycan’targuewiththeprice.Evenso,Idon’tusethosetoolsbecausetheytendnottobesupported.
Manyyearsago,Iadoptedapolicyofneverrunningunsupportedsoftwareinproduction.Atthetime,Ihadacorporatejobandsothispracticewasamatterofself-preservation.Ineverwantedtofindmyselfinthepositionofhavingtoexplaintothebossthatwecouldn’tgettechsupportonapieceofsoftwarebecauseIhaddecidedtousefreeware.
Althoughtheconceptoffreesoftwareisundeniablyappealing,Ithinkthatitisbettertospendafewbuckstohavetheassurancethathelpwillbeavailableifyoueverneedit.TothisdayIstillmakeitapointtoneverrununsupportedsoftwareinproduction,eventhoughIworkformyself.
TheSoftwareShouldBeFeatureRich,ButAffordableandEasytoUse
OK,thisoneisatoughone.Ideallythefiletransfersoftwarethatyoudecidetouseshouldbefeaturerich,butisshouldalsobeeasytouse.Affordabilitydoesn’thurteither.Theproblemisthatfeaturerichness,affordability,andeaseofuseareoftenatoddswithoneanother.ToshowyouwhatImean,let’sforgetaboutfiletransfersoftwareforasecond,andjusttalkaboutsoftwareingeneral.
AssomeonewhowritesaboutenterpriseITforaliving,Igettotestdrivealotofdifferententerprisegradeapplications.Inalmosteverycase,theseapplicationsarejampackedwithfeatures,butthefeaturescomeatacost.Usuallyaveryhighcost.EnterpriseITsoftwaredoesnotexactlyhaveareputationforbeingcheap.
ManyoftheenterprisegradeapplicationsthatIhaveusedovertheyearshavealsobeenoverlycomplicatedtouse.Ihaveoftenwonderedifvendorspurposelymaketheirapplicationsoverlycomplexeitherasawayofjustifyingtheapplication’scost,orasawayofsellingsupportcontracts.
Ofcoursenoteveryorganizationisthesizeofalargeenterprise,andtherearevendorsthatmakesoftwarethatistargetedtowardsmallerorganizations.Oftentimes,thissoftwareissimplyawatereddown,“light”versionofthevendor’senterprisesolution.
Admittedly,thesetrendscanmakeittoughforSMBsizedorganizationstofindqualitysoftware.Ononehand,spendingtenmilliondollarsforanapplication,takingayeartoimplementthatapplication,andshippingtheITstaffofftospecialtrainingisn’tgoingtobearealisticoptionforsmallershops.Ontheotherhand,the“light”versionofanapplicationmaybelackingtothepointthatitdoesnotreallymeetanorganization’srequirements.
Thepointisthatafiletransfertoolshouldideallybeaffordableandeasytouse,butwithoutcompromisingessentialfeaturesinthenameofprice.Needlesstosay,thisisatallorder,buttherearevendorswhodoadecentjobofmeetingallthreeobjectives.
TheSoftwareMustKeeptheDataSecure
Anotheressentialrequirementforfiletransfersoftwareisthatitmustensureprivacyforthedatathatisbeingshared.NowIwillbethefirsttoadmitthatnoteveryfilecontainssensitivedata.Yesterdayforexample,IsentsomeoneacopyofthePowerPointdeckfromoneofmyrecentspeeches.Thespeechwasopentothepublic,andthecontentwasthereforealsosuitableforpublicdistribution.Evenso,Iamstillabigbelieverinkeepingeveryfiletransferprivate.
Myreasonforwantingtoensureprivacyforeveryfiletransferisreallysimple.Itiseasierandlessriskytomakeafiletransfersecurebydefaultthanitistopickandchoosewhetherornotaparticularfiletransferreallyneedstobekeptprivate.Itiswaytooeasytoforgetthatanotherwisebenigndocumentcontainsthatonepieceofsensitiveinformation.It’sbettertosimplyencrypteverythingthantoriskaccidentallycompromisingsensitiveinformation.Thisisespeciallytruewhenyouconsiderthatalargeportionofthedatatransferredbymanyorganizationsisproprietaryorotherwisesensitiveinnature.
TheSoftwareMustMaintainRegulatoryCompliance
Over135countriesenforcestrictregulationsprotectionpersonalinformationfromtheEU’sGeneralDataProtectionRegulation(GDPR),tonumerouscountries’PersonalInformationProtectionActs(PIPAs),totheUS’sHIPAA.Ifyourorganizationissubjecttooneormoreoftheseregulations,thenitisabsolutelyessentialthatyourfiletransfersoftwarebeabletomovedatainawaythatadherestoregulatoryrequirements.
Sowhatdoesthatreallymean?Well,theexactrequirementsvarydependingonthenatureofthedatathatisbeingtransferredandontheregulationsthattheorganizationmustadhereto.Generallyspeakinghowever,regulatoryrequirementsaredesignedtoensurethattherearenodatabreachesandthatsensitivedataisnotimproperlydisclosed.Itisimportanttokeepinmindhowever,thattechnologychangesmorequicklythanregulationsandbecausenewexploitsareregularlydiscovereditistheoreticallypossibleforanorganizationtobecompliantwithoutbeingsecure.
Forthesakeofillustration,considerwhatregulatorycompliancemeansforhealthcareorganizations.IntheUnitedStates,healthcareorganizationsaresubjecttoHIPAA.HIPAAimposesstiffpenaltiesfortheimproperdisclosureofpersonallyidentifiablehealthdata.Inotherwords,ifmedicaldata(suchasadiagnosis,testresults,etc.)containsthepatient’snameoranydatathatcouldbeusedtofigureoutthepatient’sidentity,thenthatdataisconsideredtobepersonallyidentifiableandisthereforeprotectedbylaw.
VendorSponsorChapter:IpswitchMOVEit
Someorganizations,likeyours,requiresensitivedatatomoveoutsidetheperimeterofthecompanynetworksimplyaspartofdoingbusiness.Forexample,bankssendoutcheckstobeimaged,andhospitalstakecareofbillingthroughclearinghousesusingpatientrecordsandchargedata.Nomattertheindustryordataset,theveryideaofinsecurelysendingoutsensitiveinformationovertheInternetisbothdangerousandirresponsible.
Whensharinginformationlikethisaspartofbusinessoperations,itneedstobelockeddownaspartofanestablishedprocess.Organizationslargelyuseoneofthreetypesoftoolstogetthejobdone.FTP,cloudsharing,ormanagedfiletransfer.Eachareviableoptionstogetdata
movedfrompointAtopointB(eachwiththeirownprosandcons),butatthecoreofyourfiletransferneeds,thesolutionusedmustmeetthreerequirements:
1) Thedataneedstoonlybeaccessiblebytheintendedrecipient
2) Youmustbecertainthedatagotthere3) Youmustbecertainthedatahasn’tbeenmodifieden
route
NeitherbasicFTP,norconsumer-basedcloudsharingtrulyensureanyoftheserequirementsaremet.Toachievetruesecurityaroundthetransmission,access,andintegrityofyourdata,ipswitchoffersmanagedfiletransfersolutionstomeeteventhemostdemandingcustomerneeds.
Attheircore,ipswitch’sfiletransfersolutionsaimtosecurethetransferofyourorganization’smostsensitivefilesbyprovidingyouwithvisibilityintodatamovement,whileretainingcompletecontrol.
Ipswitch’sSecureInformationandFileTransfersolutionofferingismadeupof6differentproducts,providingadditionalfunctionalityandcontroloverdatabasedontheiraward-winningMOVEitTransfer.
MOVEitTransfer
OrganizationsreliantonfiletransferactivitiesneedawayforITtomaintaincompletevisibilityandcontroloverfiletransferactivitiesbetweenusers,systems,partners,andcustomers,whileallowingthoseinvolvedtoinitiatetransferswithoutthehelpofIT.MOVEitTransferprovidesorganizationswiththeabilitytodefinewhatfiletransferactivityisallowed,whocanperformthetransfers,when,andhow.Usingacentralized,
multi-tenantarchitecture–designedwithmulti-companydatatransferinmind–MOVEitTransferfacilitatessecuretransfersthatadheretocompanypolicyeverytime.
SupportingawiderangeofclientsgoingwellbeyondjustFTPapplications,MOVEitTransferallowsforuserstocontinuetoutilizetheapplicationstheyalreadyknowandlovewhilecontainingtheactualtransfers.MOVEitTransferperformstheactualtransfer,parsingrequeststhroughitspolicyenginetoensuretransfersareallowed,establishesFIPS140-2validatedAES-256encryptionoverthesecurechannel,andgeneratesanaudittrailforeachandeveryfiletransfer.Logsarestoredinatamper-evidentdatabase,helpingorganizationstobeincompliancewithavarietyofdataprivacyregulationsincludingHIPAA,PCI,GDPR,andmore.
Partofafamilyofproductsthatworktogether,MOVEitTransfer’sbasefunctionalityisaugmentedtoincludeagatewaythatproxiesinboundconnectionstofurtherenhancesecurity,automationandAPIsupporttointegrateMOVEitintoexistingbusinessprocesses,andevenOutlook,web,andmobileclientstoallowuserstosharefilessimilarlytoconsumer-basedsolutions,butwiththesecurityandintegrityofMOVEitTransfer.
MOVEitCloudForthoseorganizationswantingthefunctionalityfoundinMOVEitTransfer,butarecommittedtousingcloud-basedservicesandsolutions,ipswitchoffersMOVEitCloud–aflexibleandscalablecloud-basedmanagedfiletransferservice.SecuredusingthelatestsecurityupdatesandlayersofdefenseincludingFIPS140-2certifiedcryptography,accesscontrol,integritychecking,penetrationtestingandmore,MOVEitCloudprovidesthefullfunctionalityofMOVEitwiththeconvenienceofcloud-baseddeployment.
Despiteitshomeinthecloud,MOVEitCloudmeetsthesamestrictdataprivacycompliancerequirementsasitson-premisescounterpart.
WhichOne’sRightForYou?
Likemostsolutionsthathaveacloud-basedoffering,MOVEitCloudprovidessomeoftheexpectedadvantages,suchasrapiddeployment,predictablecosts,andreliabilitywith99.9%uptime.WherechoosinggetsabitmorechallengingiswhenyoufindoutthatthemajorityofthefunctionalityfoundinMOVEitTransferisalsostandardinMOVEitCloud.So,thismaycomedowntomoreachoiceofcapexvsopex,orcomfortlevelwithhavingpotentiallysensitivedatainthecloud.
SecureFilesinTransitandatRestwithipswitchWhateveryourfiletransferneed–whetherinfrequenttransfersbyonlyafewpeople,ordataconstantlyinmotionbycountlessusers–MOVEitTransferandMOVEitCloudbothprovideorganizationswithcompletevisibilityandabsolutecontroloveryourfiletransfers,ensuringsecureandcompliantdatamovementfororganizationsofanysizeandvertical.
NeedBackCoverAD
BackinsidercoverAd:A5"by8"highqualityJPG(5.5x8.5"allowingfora.5"bleed)Colorschemeisyourchoice(pantone,RBG,CMYK)
ClicktheAdabovetorequestyourfreetrial.
BACKCOVERBEINGWORKEDON
NOTHING NEEDED