Today's data-driven world is demanding, requiring accuracy, speed, integrity and above all -- security. It's a tall order to fill, and in the past, many organizations relied heavily on the legacy FTP protocol to transmit files. But over time, the security of this method has been tested by hackers.
For example, a serious breach occurred at Yale University in 2001, when more than 43,000 user IDs were exposed and all data was carefully harvested from an FTP server. Acer customer details were stolen in a similar fashion the same year. And most recently, 7,000 FTP sites had their credentials circulated in underground forums, including an FTP server run by The New York Times.
Security and file transfers are a significant concern for IT security professionals, but what is the best way to safeguard your company's data?
As many organizations have evolved past traditional FTP, they are opting for modern and secure options for transmitting data, including:
SFTP. Also known as FTP over SSH, SFTP brings down the risk during data exchange by using a secure channel between computer systems to prevent unauthorized disclosures during transactions. Authentication of an SFTP connection involves a user id and password, SSH keys, or using both. It is also firewall friendly, only needing a single port number to be opened.
HTTPS. Many sites are gravitating to HTTPS instead of the traditional HTTP, but what are the major differences? For starters, traditional HTTP doesn't encrypt traffic to your browser, which poses a security risk. In contrast, HTTPS provides an added encryption layer using Transport Layer Security (TLS). This creates a secure channel so the integrity of the data is not changed without your knowledge. HTTPS is ideally suited for file transfers where a trading partner requires a simple, browser-based interface for uploading data.
AS2. This is a popular method for transporting EDI data safely and reliably over the Internet. The AS2 generates an "envelope" for the data, allowing it to be sent using digital certifications and encryption. For example, Walmart has become well known for using EDI through AS2 and has played an important role in driving adoption in the retail industry.
Managed File Transfer. A method that supports the above options and makes FTP more secure is managed file transfer (MFT). This secure option streamlines the exchange of data between systems, employees and customers. Numerous protocols and encryption standards are supported, and MFT provides extensive security features that meet strict security policies to comply with PCI DSS, HIPAA, GLBA and other regulatory requirements.
MFT solutions provide advanced authentication and data encryption to provide secure and reliable file transfers. You can also track user access and transfer activity through reporting features.
Overall, managed file transfer offers the best option for securely managing the transfer of data quickly, efficiently with detailed audit trails. It's preventive, rather than reactive, which is what security professionals in today's environment need most.