» 

Blog

Posts Categorized Under "MANAGED FILE TRANSFER"

How Does MFT Work?

Compared to using a variety of standalone  FTP and SFTP tools and scripts, managed file transfer (MFT) technology allows professionals to streamline how data is transferred. Managed file transfers help organizations send and receive files in their cloud and private networks, create and control workflows, automate file transfers, and centralize management from a single system.

The why behind using an MFT solution makes sense. It reduces costs, improves the quality of your data transmissions, and helps you meet stringent data security compliance requirements. It also simplifies your system-to-system, user-to-system, and user-to-user file transfers—and keeps security at the forefront of everything it does.

The what of a MFT solution is fairly straightforward. Managed file transfer solutions are a type of software that use industry-standard network protocols and encryption methods to streamline the management of a company. What does “managed” in managed file transfer mean? It refers to how the solution can automate and transfer your data across your organization, network, systems, applications, trading partners, and cloud environments from a single, central interface.

So we know the what and why of MFT solutions, but we haven’t discussed the how of MFT solutions. How do managed file transfers work, and how do they affect you?

Step One: Original File is Sent from the MFT Program or Plugin

Say you need to send a confidential document to someone in a remote office. Maybe it’s a seasonal restaurant menu for another retail location, maybe it’s an audit report for a trading partner, or maybe it’s a financial document for a homeowner. Whatever the scenario, you can send the file to a third party by using an MFT solution.

The file’s journey from you to your recipient can start in many ways. You can:

  • Securely send the file through a MFT email plugin
  • Send it through a web client (access to the MFT solution from a browser)
  • Automatically sendit directly through the managed file transfer workflow
  • Place a file in a dedicated folder that the recipient can connect to securely for download

Whatever method you choose to send your file, MFT ensures the data is transferred quickly and securely.

Step Two: Your MFT Solution Encrypts the File

After you send the email, upload the file to your browser, or drop it in a monitored folder, your MFT solution receives the data and secures it in a few different ways. MFT can encrypt your files using FIPS 140-2 compliance AES ciphers or the Open PGP standard, among others. To protect your file transmissions, MFT can use SFTP, SCP, FTPS, AS2, and HTTPS protocols to encrypt the data you send. And an MFT solution like GoAnywhere MFT allows you to zip compress files before transmission.

Once your data is properly protected, you can also use your MFT solution to schedule file transfers, translate sent and received data to popular formats like Excel, XML, and JSON, update and pull files from monitored folders, and more.

Step Three: Encrypted File is Delivered to the Recipient & Decrypted

When the file leaves the MFT server, it is sent to whatever location you indicated for the recipient, whether that be a designated folder on a server, email address, or so on. The recipient at the remote office can then grab the file, decrypt it, and even translate it as needed.

For peace of mind, MFT solutions often include audit logs that store and track crucial audit information. This helps with PCI DSS and HIPAA compliance, but it also allows you to track the movement and activity of the file that occur once it leaves you, so you never have to wonder if the transfer was successful, if it failed, or whether or not the file was even opened.

If the recipient has a file to send you, they can repeat the process, starting the journey all over again!

 

Still curious about MFT solutions and if they’re right for your business?
You can learn more about the benefits of an MFT solution in our FREE whitepaper:

Beyond FTP: Securing and Managing File Transfers

 

 

 

 

 


MFT Agents: Definition, Differences and Use Cases

In GoAnywhere’s latest product release of its Managed File Transfer solution, MFT agent capabilities were introduced. The following resource aims to help readers understand what MFT agents are, the difference between a traditional MFT deployment and an MFT agent deployment and some example use cases. For further questions, open the Live Chat box at the bottom right of this page or send us an email at linoma.sales@helpsystems.com.

What are MFT Agents?

MFT agents provide real-time, remote file transfer capabilities that are controlled from a central MFT server. Managed File Transfer Agents are ideal for organizations with remote sites like branch offices, cloud environments or other remote locations, where remote management of data movement from a single flagship location is required.

With GoAnywhere MFT agents, IT admins can:

  • Enjoy centralized control of remote file transfers and workflows
  • Create Agent Templates with registration rules to easily deploy Agents on a large scale
  • Monitor remote locations for new, modified and deleted files on the system

MFT Agents vs. Traditional MFT

There are a few key differences between traditional MFT deployments and an MFT Agent deployment. By deploying agents, network professionals can manage all instances of the deployment from one centralized location, versus having to manage multiple locations individually. This drastically reduces the amount of configuration time, and can present major cost benefits considering the reduction in administration time, management of software updates and other tasks.

MFT agent capability allows IT professionals to easily deploy MFT agents on almost any server or workstation where file transfers need to be performed (Windows, VMware, Linux, Amazon EC2, Microsoft Azure, IBM I (iSeries), AIX, UNIX, and Mac OS systems). With this multi-platform capability, organizations with complex environments can greatly reduce the manual, repeatable work associated with the complexity.

MFT Agent Applications & Use Cases

In an interview with Linoma Software President and Chief Architect, Bob Luebbe, the wide application of MFT agents is explained. “The use cases for MFT agents are really endless. Whether it’s a franchise needing to synchronize files with its store locations, or a healthcare system needing to move PHI data between its data center and satellite clinics, the deployment of MFT agents will greatly simplify those processes,” he says.

Below are just a few use cases of Managed File Transfer agents:

  • Restaurant Franchises: Whether a restaurant chain has thousands of locations worldwide, or a handful of regional locations, MFT agents allow for the distribution of new proprietary recipes, pricing updates and other sensitive data to and from the remote locations - easily and securely.
  • Retail Stores: Retail organizations with a network of stores can now manage new season inventory updates, product launch information, changes to employee policies and more, all through one centralized solution.
  • Healthcare Providers: Healthcare clinics with multiple satellite locations can ensure PHI data is securely transferred between locations, pharmacies and other partners using MFT agents.
  • Insurance Agencies: Enrollment applications, new products and services, and pricing structure updates can all be transferred quickly and securely.

In any use case, MFT agents can run on systems inside an organization’s network to move files throughout the data center, or can be deployed to remote sites like branch offices, cloud environments like Amazon AWS, Azure, and other remote locations. GoAnywhere MFT Agents even allow users to create and schedule multi-step workflows that can copy files, archive files, translate data, send alerts, add data to a database, execute native commands, or perform other file system tasks.

The image below shows an example implementation model, where one agent is deployed to an internal network, two are deployed to remote locations and one is deployed to a cloud environment.

Imagine the possibilities if organizations could greatly reduce the time spent on manual file transfer processes, and reallocate those resources towards more strategic initiatives.

Could MFT agents be a fit for your organization? Schedule a democontact a product specialist at linoma.sales@helpsystems.com, or watch the on-demand MFT Agents webinar to learn more.

 

 

 

 

 

 


The State of File Transfer Security

file transfer security
The 2017 Cybersecurity Trends Report was recently released by Crowd Research Partners. The report covers many aspects of cybersecurity, such as general security trends, cloud and mobile security, and managed security services. It also looks at how organizations are securing their file transfers, including some common file security pitfalls.

Here’s what the CyberSecurity Trends Report has to say about file transfers.

file transfer concern graphSecurity is the Top File Transfer Concern

When it comes to the challenges businesses face when transferring files, security is at the top of the list, with 59 percent of respondents citing it as a concern. Furthermore, over half of the IT security professionals surveyed said that if their file sharing practices were audited for regulatory compliance, they do not have the tools they need to streamline the process.

Managed file transfer (MFT) is the clear answer for both security and compliance challenges. A good MFT solution will provide a variety of encryption methods and secure protocols to combat modern data security threats. MFT software also includes detailed audit logging capabilities to ensure you can prove your file transfers are compliant in case of an audit.

Securing Customer Data is Critical

Protecting sensitive data is a significant concern for most organizations. Above all, companies are worried about the security of customer data—72 percent of survey respondents cited it as a type of sensitive data they are most concerned about protecting.

types of sensitive data transferred graph

There’s good reason to be careful about customer data. According to Verizon’s latest PCI DSS Compliance Report, 69 percent of consumers would be less inclined to do business with an organization that had suffered a data breach. Customer data security is also essential for maintaining compliance with PCI DSS and other industry standards.

Other types of data that respondents are concerned about protecting include employee data (66 percent), email (54 percent), corporate financial data (46 percent), and health information (33 percent)—important if you need to comply with HIPAA.

A managed file transfer solution can provide end-to-end encryption to protect files at rest and in transit. 67 percent of survey respondents ranked encryption as the most effective means for protecting data.

Too Many Organizations are Using Inadequate File Transfer Methods

Email is still the most common file transfer method for smaller files, used by 63 percent of respondents. This is a serious risk as unsecured email is both vulnerable to cyberattack and difficult to track for auditing purposes. Another 18 percent rely on writing custom scripts, a method that is both time-consuming and prone to error.

file exchange mediums graphFortunately, 49 percent of respondents have implemented managed file transfer software. Managed file transfer streamlines the secure exchange of data and provides organizations with a single point of control for all file transfers. Implementing an MFT solution that provides enterprise-level security features, role-based security, and full audit trails, is the best way to make sure your data transfers stay ahead of constantly evolving security threats.

To learn more, download the full Cybersecurity Trends Report.

cybersecurity trends report

 


Still using SHA-1 to secure file transfers? It’s time to say goodbye.

Sha-1 Shattered

Securing information is rising in importance for organizations worldwide. Using outdated technology is extremely risky, yet many organizations continue to do so because of legacy systems that don’t allow them to upgrade, lack of resources and time to upgrade, or they are simply unaware. The commonly used SHA-1 algorithm is a perfect example of an obsolete encryption standard that should have been completely phased out long ago. So why are people talking about it today?

With over a decade of warnings about the security vulnerabilities of SHA-1, and deprecation by The National Institute of Standards and Technology (NIST) in 2011, many organizations have since phased out use of this older hash algorithm. For those remaining organizations who haven’t migrated away from SHA-1, Google’s recent public announcement of the first SHA-1 collision should motivate them to abandon this algorithm completely.

Hash algorithms are widely used for a variety of functions including authentication and digital signatures. With file transfers, the algorithm was typically utilized to verify the integrity of sent messages. Using SHA-1, files are compressed into a 160-bit message digest or hash file which is calculated both before and after transmission. On receipt, the two hash values (or signatures) for that transmission are checked to ensure the data has remained intact, as long as both values still match. If the hash values don’t match, the file was likely compromised at some point along the way.

Having two different messages that produce the same hash value should be almost impossible. However, advancements in technology and computational power since the introduction of SHA-1 have exposed its vulnerabilities. With last week’s announcement, Google has proven that systems using SHA-1 can be fooled into thinking a signature is valid when it’s not by producing the same cryptographic hash with two different files. By publicizing their work, this legacy algorithm has been rendered obsolete and insecure.

How does the SHA-1 collision affect file transfers?

If you are still using SHA-1 to verify the integrity of file transfers, you should know that it is no longer considered a safe or secure method. Bottom line, if you still use SHA-1, it should be transitioned to a more secure standard as soon as possible.

If you’re looking to replace SHA-1, an obvious alternative would be SHA-2. The SHA-2 algorithm is a family of hash functions with values of 224, 256, 384 or 512 bits, thus providing stronger security with longer message digests. The more complex algorithms generate more potential hash combinations than were possible with SHA-1 which make the SHA-2 algorithm extremely difficult to break using today’s technology.

GoAnywhere Managed File Transfer and SHA-2

GoAnywhere MFT fully supports the SHA-2 algorithm for secure file transfers over SFTP and FTPS. In addition, GoAnywhere is Drummond Certified for AS2 file transfers and successfully met all requirements for the optional AS2 secure hashing algorithm 2 (SHA-2) tests.

 


Why Healthcare Organizations Need a Managed File Transfer Solution

Anmed health clinic

 

Last year was a scary year in healthcare cybersecurity. A hack of Banner Health breached up to 3.7 million records. Another data breach at 21st Century Oncology resulted in multiple lawsuits being filed against the organization. When a third party gained unauthorized access to computer systems at Valley Anesthesiology and Pain Consultants, almost 900 thousand patients, employees, and providers had to be notified. These are just a few examples of the biggest incidents in the news—smaller security failures are happening all the time.

Patient records are extremely sensitive, so healthcare organizations have to be especially vigilant about securing their data. Additionally, they need to be able to prove compliance with HIPAA. In an industry that involves constantly moving and updating patient records, maintaining security and compliance requires a robust method of protecting any transfer of data. That’s why no healthcare cybersecurity strategy is complete without a managed file transfer (MFT) solution.

Why Not Use a Basic File Transfer Tool?

Many EHR or network monitoring software already implemented within a healthcare organization include some secure file transfer capabilities, so it’s easy for IT professionals to ask: “Why not just stick with the basics?” While some of the add-on file transfer tools may protect sensitive data in transit, there are several crucial features that a complete managed file transfer solution can perform.

Supports varied platforms, protocols and encryptions: A good managed file transfer platform will support a variety of protocols, such as SFTP, FTPS, and HTTPS, and encryption standards like AES and Open PGP. It may be necessary to select different methods for each transfer based on your partner’s requirements.

Centralized system for organized monitoring and reporting: For many healthcare organizations, regular monitoring and reporting of file transfers is a requirement for compliance adherence. The ideal MFT solution provides a single tool capable of handling all your transfers out of one area, whether that be server-to-server batch file transfers, user-to-user ad-hoc file transfers and person-to-person file collaboration. A centralized area simplifies the ability to monitor and report all transfer activity.

Controls user access: HIPAA requires that organizations prevent unauthorized access to files. Of course, this can mean hackers with malicious intent, but you should also have protocols in place to protect data from internal actors. A 2015 study found that internal actors were responsible for 43% of data loss. That includes both intentional and accidental security failures.

MFT software with role-based security options can limit each user to the servers and the functions of managed file transfer that they absolutely need to use. Individual files and folders can be restricted to certain users or user groups. Since every user has a unique user ID, all their activity can be tracked—essential if you face an audit.

Facilitates HIPAA compliance: Modern IT environments and the volume of electronic records stored by healthcare organizations are far larger and more complex than what existed HIPAA was first enacted. Although many organizations got by with FTP-based tools or custom scripts in the past, the best way to meet HIPAA requirements today is with an easy-to-use, comprehensive managed file transfer platform.

In addition to providing the required security protocols and encryption, a good MFT tool will generate detailed audit trails and reporting of every file transfer, identifying the users, the recipients, and the file names transmitted. Just what an auditor needs to see.

Simplifies and automates transfers: Configuring each file transfer in a way that is secure, compliant, and meets the individual needs of each business partner is extremely time consuming. Too many manual steps in the transfer process can make a high volume of file transfers impossible to manage, not to mention error-prone. The automation capabilities of managed file transfer software can streamline data transfer processes and reduce the potential for mistakes.

Case in Point: 
AnMed Health Saves 500+ Hours of Manpower Each Month

Anmed health clinicWhen health system AnMed Health made the decision to replace outdated file transfer systems with GoAnywere MFT, their new ability to support SFTP and PGP encryption increased the number of vendors AnMed could perform simplified, and secured transfers with.

But that wasn’t the only benefit. Using managed file transfer eliminated the need for third-shift data center staffing and saved programming, operations, and network staff over 500 hours a month. How much money do you estimate that 500 hours a month could save your healthcare organization?

Another useful improvement was automatic notifications and greater visibility into the status of file transfers. Previously, the AnMed Health team often only found out about a problem when they received a call from a vendor.  A robust MFT solution will alert you if something goes wrong, allowing you to attack the issue without delay.

Ready to see for yourself? Schedule a demo of GoAnywhere MFT to see how easily your file transfer process can be secured, automated and centralized.


3 Data Breaches That May Have Been Avoided through PCI DSS Compliance

data breaches avoided with PCI DSS compliance

 

“Dear Valued Customer,

As you may have heard, on September 8, 2014, we confirmed that our payment data systems have been breached, which could potentially impact customers using payment cards at our U.S. and Canadian stores.”

 

This is an excerpt from an actual email distributed by a large retailer, in the wake of a massive data breach jeopardizing over 50 million credit cards. Since 2004, Payment Card Industry Data Security Standards (PCI DSS) has stood as a core regulation aimed at thwarting breaches like the above, and any organization that accepts, transmits or stores cardholder data must comply.

Now, here’s the shocking truth: In the latest PCI DSS Compliance Report conducted by Verizon, none of the companies it had investigated in ten years had been fully PCI DSS compliant at the time they were breached.

In many cases, companies achieve total PCI DSS compliance once but don’t sustain it. According to the Verizon report, 80 percent of companies fail at interim assessment. Technology moves quickly, and compliance solutions and policies implemented in past years may not be enough to stand up to modern security threats.

Other organizations believe that they don’t have to worry about protecting data. They believe their business is too small to be the target of hackers, or too large and successful to be using outdated, inadequate security practices. Sometimes they believe that data breaches only affect big retailers, not other industries.

But PCI DSS compliance needs to be taken seriously by everyone or the consequences can be devastating. Here are three organizations that experienced the detriment of non-compliance.

home depot data breach logo#1: Data Breach at Home Depot Compromises 56 Million Credit Cards

In what went down in history as one of the worst retail data breaches of all time, malware infected Home Depot point-of-sale systems and stole millions of customer credit and debit cards. The Home Depot attack seems to be a case of relying on inadequate software solutions and policies for data breach prevention. Employees later said that the company used outdated antivirus software and failed to monitor the network for unusual behavior.

PCI DSS standards require routine vulnerability scans, but according to employees, more than a dozen systems handling customer information were not assessed and were off limits to much of the security staff. In Home Depot’s case, investing in a security software with the ability to audit security infrastructure for PCI DSS compliance, may have been the difference between a $19.5 million data breach settlement, and business as usual.

OPM data breach logo#2: Office of Personnel Management Data Breach Affects Millions

After hackers attacked the Office of Personnel Management (OPM)’s servers and stole the personnel files of 4.2 million former and current government employees, as well as the security clearance background investigation information of millions more, a congressional investigation uncovered the organization’s security shortcomings.

Among many other findings, the report took especial issue with the department’s lack of two-factor authentication for employee access to sensitive data, claiming it was an oversight that could have prevented the security breach. This points to a key problem that PCI DSS compliance is meant to address. It’s not enough to encrypt and protect your files during transfer, you need to monitor internal actors as well. A robust security solution will authenticate users, give them only the access they need, and maintain a detailed log of each user’s actions.

TJX data breach logo#3: Over 45 Million Credit Card Numbers Stolen in TJX Breach

TJX Companies, owner of popular home brands such as TJ Maxx, Marshalls, and HomeGoods, experienced a data breach in which more than 80GB of cardholder data was stolen over a period of 18 months. Before the company was able to detect and halt the breach, 45.6 records had been stolen.

Documents filed in court after the breach claimed that TJX had failed to comply with nine out of the twelve PCI DSS requirements. Factors contributing to the incident included an improperly configured wireless network, a failure to segment networks carrying cardholder data from the rest of TJX's network, and the storage of prohibited data. Two members of the PCI DSS Standards Council later pointed to PCI DSS compliance as the clearest way to protect data against a TJX-style breach.

PCI DSS Compliance Can be Tricky, We Get It.

No company embarks on an initiative to avoid PCI DSS compliance. You are trusted by your customers, partners and vendors to take the proper measures to secure and protect their sensitive payment data. It’s that trust that has kept your company successful for so many years!

We read about data breaches and attacks like these in the news on a regular basis, but we don’t pause often enough to audit our own data security practices. IT infrastructure in today’s enterprises is increasingly complex, especially for large companies with systems spread around the world like Home Depot. Add to that the fact that PCI DSS compliance has multiple, complex requirements, and it can be daunting for IT and security teams to implement a sustainable process that ensures ongoing compliance.

PCI DSS compliance can be greatly simplified by using software solutions with features designed to help you achieve security and compliance. This type of software addresses PCI DSS requirements, provides the information you need to satisfy an audit, and in some cases even helps you check whether you are meeting compliance standards.

PCI DSS Compliance with Secure Managed File Transfer

File transfers are an essential point of vulnerability to consider when developing your security strategy. The most common file transfer pitfall is relying on inadequate methods such as poor FTP implementation practices, file sharing apps, and unencrypted email attachments.

A secure managed file transfer (MFT) platform guards your sensitive data against attacks with robust security and encryption methods, all while streamlining the file transfer process and saving your team time and resources that can be used to tackle other potential security issues.  Furthermore, a good MFT solution will have features like detailed audit logging and compliance assessments to eliminate the headache involved with ensuring your file transfers are compliant.

To make protecting data transfers as easy as possible, make sure your managed file transfer platform provides:

  • Secure connections for the transmission of sensitive data
  • Integration with existing critical applications
  • Role-based security and user authentication
  • Strong encryption methods
  • Detailed logs for audit reporting

Securely managing your data transfers is just one aspect of achieving PCI DSS compliance, but it is an essential step toward fully protecting your enterprise against security threats.

 

Interested in learning more about PCI DSS compliance? Explore our PCI DSS resource section for requirement details, industry whitepapers and recent articles.

 

Assess the PCI DSS compliance of your file transfers for free when you try GoAnywhere MFT for 30 days. Sign up for a trial here.


No Such Thing as a Free File Transfer, Part 3: Are Your File Transfers Holding Back Business Growth?

One of the most common reasons businesses have for not optimizing processes or implementing modern software solutions is simply that “we’ve always done it this way.” We get it—sure, your file transfer process is a little time-consuming and your FTP tool doesn’t have the most up-to-date security features, but your business is doing fine. Why spend the time and money to implement a new solution?

GoAnywhere MFT ROIHere’s why: scalability. A robust managed file transfer solution implemented now is key to business growth—and increased profits—down the road. The third installment of this series on the ROI of managed file transfer solutions focuses on how investing in MFT can help you scale your business. 

Automate Processes

Martin Zwilling writes in Forbes that one of the keys to a scalable startup is to “automate to the max,” as the business will not be able to grow if it is both labor-intensive and staff-intensive. File transfers are often critical to a wide variety of processes in businesses of all sizes, so companies can find themselves adding staff to cover the hours of manual work. This is especially true when you add in tasks like checking for file arrivals or compressing and encrypting files before the transfer. A managed file transfer solution can handle these multi-step workflows automatically, so increasing your volume of file transfers won’t require hours of additional labor or more employees. 

Adoption of managed file transfer is increasing every year. That means that others in your industry have chosen to move beyond basic FTP tools. Given the pace of modern business, it will become increasingly difficult to maintain a competitive edge without automating your file transfer processes.

Anticipate Changes

A growing company often not only faces more hours of work, but new requirements. As you add trading partners, you may need to use a variety of transfer methods. It’s worth the investment to implement an MFT solution that can handle multiple protocols and encryption methods rather than trying to juggle several tools.

Do you have industry regulations to comply with? The work involved in staying compliant and keeping adequate records for an auditor will only grow as your business grows. Get a managed file transfer tool that automatically keeps a detailed audit log to simplify compliance. This will also help if you face new regulations in the future. 

IT environments tend to become more complex over time as disparate applications are added to critical processes. In the case of acquisitions or mergers, you may find yourself with multiple applications for the same purpose. Your managed file transfer software should provide commands and APIs for interfacing with your applications.

When confronted with new business requirements, too many organizations turn to custom scripting. If you have talented programmers at your disposal, scripts may seem like the obvious solution, but they are risky for your business, especially as you grow. Maintaining and updating the scripts whenever your requirements change is time-consuming, risky and expensive. If the programmer writing the scripts leaves your organization, you may not have anyone who understands how all of your sprawling scripts work. And if something fails, there’s no helpline to save your business from costly downtime.

Balance Your Workload and Avoid Disaster

Clustering multiple installations of your managed file transfer solution provides a distributed environment for handling file transfer services for the enterprise. This provides two advantages essential to your growing organization. The first is high availability. If one system suffers a network or hardware failure, the remaining systems in the cluster will continue to process file transfers and run workflows—especially important as you have to meet an increasing number of SLAs.

Secondly, clustering allows you to scale the solution horizontally by adding additional systems to the cluster. The workload can be distributed across all systems in order to increase performance.

Implementing MFT software gives you an immediate ROI thanks to time savings, increased reliability, and protection against security risks, but don’t forget to also take into consideration the payoff as your business scales. Ready to give managed file transfer a try? Get the free trial of GoAnywhere.

 

If you missed the first 2 installments in our series on the ROI of Managed File Transfer, please click the links to read Part 1 or Part 2


No Such Thing as a Free File Transfer, Part 2: Cost-effective Security

With new corporate data breaches in the news seemingly every day, it’s no surprise that security is a top concern for IT professionals. However, file transfers are an area where many companies are still vulnerable. Most file transfers still use FTP, a protocol that comes with inherent risks. It’s especially worrisome that, as TechRepublic points out, FTP is actually becoming more popular again. Other common file transfer solutions, like file sharing apps, come with their own security concerns.

GoAnywhere MFT ROIThis is the second in a series of articles about the ROI of managed file transfer (MFT), the first of which covered time savings. There’s no doubt that data breaches are costly. The 2016 Ponemon Cost of Data Breach Study puts the current cost at $4 million—$158 per record breached. So it’s a no-brainer that a solution to secure your file transfers would bring you a great return on investment.

And yet, when you try to get internal approval for products to help with security, proving the ROI can be difficult. A good security tool is by nature preventative. If you haven’t suffered a breach (or you have and don’t know about it yet), you probably don’t have a way to precisely calculate cost-savings.

Still, your data certainly has value, and you know you have to keep it secure. So how do you know you are protecting your file transfers with the solution that gives you the most bang for your buck? By making sure the software you choose addresses all of the top file transfer security concerns within one solution—no additional purchases or custom scripting required.

A Variety of Secure Protocols

FTP has been proven vulnerable to hacking. For example, 7,000 FTP sites, including an FTP server run by The New York Times, had their credentials circulated in underground forums in 2014. In some cases, hackers used the credentials to upload malicious files.

It’s essential for modern enterprises to turn to more modern and secure file transfer methods, such as:

  • AS2: AS2 generates an "envelope" for the data, allowing it to be sent using digital certifications and encryption.
  • SFTP and FTPS: These secure FTP protocols bring down the risk during data exchange by using a secure channel between computer systems
  • HTTPS: The secure version of HTTP, HTTPS encrypts communications between browser and website.

Which of these methods your company implements may depend on several factors, like your industry compliance requirements or what your trading partners use. Your requirements may also change over time. That’s why the best investment is a versatile managed file transfer solution that can handle any of these protocols and more.   

GoAnywhere MFT ROIProtection against People

When you imagine the security threat to your company, you might conjure up images of hackers working tirelessly to access your systems and use your data for nefarious purposes. The truth is, one of your biggest threats is probably in the office down the hall.

A 2015 study found that internal actors were responsible for 43% of data loss. Half of this is intentional—disgruntled or opportunistic employees, contractors, or suppliers performing deliberate acts of data theft. But half of it is accidental. People like to cut corners, and probably most employees in your company aren’t as concerned about security as you are.

Any file transfer solution with a good ROI has to address the threat coming from within the business.  You want to have role-based security options that limit each user to the servers and the functions of managed file transfer that they absolutely need to use. Detailed audit logs mean you always know who is doing what with the solution.

Ensure Compliance

In many industries, inadequate security practices don’t just put your own corporate data at risk, they can endanger highly sensitive information like credit card numbers and health records. For this reason, a number of regulations exist to protect personal data. A few of the most common are PCI DSS, Sarbanes-Oxley, and HIPAA, but your industry may have others.

A 2011 study found that while the cost of compliance averaged more than $3.5 million, the estimated cost of failing to comply was $9.4 million, showing that a solution that can help you comply with regulations has a clear ROI. In the case of file transfers, your MFT platform should have a number of encryption methods available to protect sensitive data including SSL, SSH, AES, and Open PGP encryption. Audit trails should also be in place to track file transfer activity so you can easily determine what files are being sent, what time they are sent, and who the sender and receiver are.

Modernization and Scalability

Once you go to the effort of choosing a file transfer solution that will protect your company, convince management of its necessity, and implement the software, the last thing you want to have to do is  change it two years down the road because your company is bigger, has more compliance requirements, or new trading partners.

A managed file transfer platform from an established, reliable software provider will make sure you stay updated with the features necessary to combat current security threats. Furthermore, if your volume of file transfers increases, you won’t need to invest in a new tool to handle the workload.

Bonus: Increased Productivity

If your managed file transfer solution can prevent a data breach, that alone makes it worth the investment. But what if it could increase productivity and reduce errors at the same time? The automation capabilities of managed file transfer software allow you to make a high-volume of file transfers without the need for tedious manual work. Streamlining this process—and eliminating the risk of human error—add to your organization’s bottom line.

Read more about safeguarding company data and limiting risk, or get started with a free trial of managed file transfer.


No Such Thing as a Free File Transfer, Part I: How MFT Saves Time

How MFT Saves Time - GoAnywhere MFTEvery business engages in some kind of information exchange, whether it’s a small retailer attaching an invoice to an email or a hospital sending hundreds of patient records between departments. Some methods of exchanging files, like a basic FTP server or a file sharing app, seem like an inexpensive way to deal with your transfers. In the long run, however, the shortfalls of these tools will likely cost your company significantly more than the investment in a sophisticated managed file transfer (MFT) solution.

A study by the Aberdeen Group found that every file sent “for free” actually has an 80% chance of costing your organization money. In a new series of articles, we’ll break down the reasons why MFT gives your company a better ROI than any other file transfer solution. The first reason we’ll discuss is the time you’ll save with managed file transfer.

We’ve all heard that time is money, and if you’ve ever been the unlucky person manually transferring files by FTP, it’s no stretch of the imagination to think that automated file transfer software would save a bit of time on each exchange. But you probably haven’t even thought of all the ways a rudimentary file transfer tool can waste costly hours. Here are a few:

  1. Dealing with Exceptions

As with any process, your file transfers aren’t always going to go smoothly. While even a basic tool will work most of the time, you’ll inevitably run into the occasional problem which will require you to divert members of your staff away from more important projects to help get the files moving. Aberdeen’s analysis found that those who don’t use MFT have more than twice as many of these errors and exceptions as MFT users. With a single-function file transfer tool, the operator is solely responsible for checking if the transfer succeeded and trying it again if it failed. A good managed file transfer solution has ways of dealing with issues that arise—for example, the software could automatically reconnect and resume the file transfer after a problem occurs with the network.

Moreover, the MFT solution will provide visibility into the status of automated file transfers and let you know if something goes wrong. This allows you to attack the problem immediately and get back to your more strategic initiatives as soon as possible. A basic tool or script may cause you to waste hours just trying to determine what happened to your files.

  1. Upgrades and Modifications

A common solution for moving files is with custom scripts. This seems like an easy option at first. Your company has talented programmers and it’s not too hard to create a homegrown FTP script that gets the job done. The first few times you need a modification or a new feature, that’s not difficult either. But pretty soon your company is transferring thousands of files every day, your homegrown solution is severely lacking in the error-handling, security, and logging capabilities it needs, and updating your mess of sprawling scripts will cost you dearly in expensive programmer hours. Or maybe the original creator of the scripts has left the company and those hours will be spent just trying to figure out how it all works.

Managed file transfer has the features you require as your business needs grow more complex. You can trust that it will continue to be updated when necessary and upgrades won’t require the same technical expertise as creating a homegrown tool does. 

  1. Compliance Requirements and Auditing

Storing and tracking detailed audit information is crucial for staying compliant with PCI DSS, HIPAA, state privacy laws, and other regulations. A managed file transfer solution will store detailed audit records for all file transfer and administrator activity and provide that data in an easily accessible format to authorized users. If you are legally obligated to collect this information, there’s no better time-saver than implementing file transfer software that stores the data automatically.

Furthermore, compliance requirements can always change or new regulations can be put in place. While you may already have a process for complying with current regulations, MFT provides the flexibility to respond to new security requirements without creating too much additional time-consuming work.

  1. Avoiding Downtime.

Just one minute of unplanned system downtime costs a company an average of $5,600. Talk about expensive hours! Make sure your file transfers keep running even if a server goes down by implementing MFT software that integrates clustering. This means you have a group of linked servers running concurrently, with each installation of your MFT tool sharing the same set of configurations and trading partner accounts. The servers in the cluster are in constant communication with each other, so if one fails, the remaining systems in the cluster will continue to service the trading partners. With the fast pace of modern business, you can’t afford to let your transactions wait while you take the time to get your systems functioning again.

Every minute that your business isn’t paying employees to fight fires, write custom scripts, or compile audit reports is a minute that can be put towards the work that helps the bottom line.

Interested in learning more about the ROI of Managed File Transfer? Read the next installment in our series: No Such Thing as a Free File Transfer, Part 2: Cost-effective Security.

 

Learn more about the risks of inadequate FTP implementations or get started with a free trial of managed file transfer today.