Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

10:30 AM
Greg Hoffer
Greg Hoffer
Connect Directly
E-Mail vvv

The Second Coming of Managed File Transfer Has Arrived

Sometimes, a mature, embedded technology still makes the most sense, especially when it comes to data security.

There's a lot to be excited about in technology today. Innovations in areas such as artificial intelligence, the Internet of Things, robotics, cloud computing, data analytics, and mobility are just a few of the categories that are transforming the way we do business. And yet, even as we laud the visionaries who are working on the next big thing, there's a lot of rock-solid traditional tech taking on the day-to-day dirty work that doesn't get much attention even though businesses rely on it. Every day I am treated to an up-close-and-personal view of that world.

As vice president of engineering for a company that develops managed file transfer (MFT) technology (as do many other vendors), I know we're not in the most disruptive of segments, but I also know how many organizations rely on MFT. MFT is a foundational technology. Organizations use it to securely exchange data and efficiently execute the business-critical tasks that come under the thumb of today's complex data regulations.

These days, "regulated" organizations include most companies in all industries, not just the ones we think of first, like financial services, healthcare, and retail. Any organization that collects and stores information about people qualifies to some degree, of course. Think about the kind of information a large chain store or fast-food restaurant handles every day; whether it is human resources and payroll data or customer transactions, there's a lot at risk if those files are intercepted or compromised in some way.

There is also a growing awareness about the organizational need to protect intellectual property, especially as supply chains, distribution channels, and partner networks grow more complex. The same is true for the manufacturers that source and distribute parts and materials from all over the world, including automotive and semiconductor makers. It's not just about protecting trade secrets; it's about protecting critical business processes. The reliable, efficient, and secure flow of data is table stakes for businesses today.

Another industry that recognizes the need to jealously guard their product integrity is entertainment. Multimillion-dollar blockbuster movies, for example, rely on an efficient digital production chain — including production, post-production, and distribution — operating on tight deadlines. Files shot in a remote location may need to be shared in a collaborative environment with teams distributed around the world before final editing in a California studio. Every step of the journey necessitates the secure, reliable movement of large files containing highly sensitive, high-value information to protect investments and keep to schedule. There's simply too much at stake to cut corners.

MFT might be a mature technology — but today, it's more relevant and important than ever.

Foundational Pieces
What MFT technology does is centered on security, compliance, authentication, and integration, which are crucial in today's innovation and technology-driven environment. These are foundational pieces for organizations that understand the risks of failure and the importance of addressing those risks proactively. Whether working to satisfy regulators or demanding studio bosses, falling short of the mark means financial and reputational damage. Neither outcome is acceptable.

This isn't to say that only large, complex global organizations need worry about such things. There is no size limit for compliance. The Health Insurance Portability and Accountability Act, for example, applies to the private clinic with a country doctor and associated staff as much as it does for the regional hospital network operating a dozen bustling hospitals.

[Check out the two-day Dark Reading Cybersecurity Crash Course at Interop ITX, May 15 & 16, where Dark Reading editors and some of the industry's top cybersecurity experts will share the latest data security trends and best practices.]

Hackers, after all, aren't concerned about the size of their target if the objective is worthwhile. Many medical organizations fall into the small- to medium-sized business (SMB) category, but they deal with a lot of sensitive and high-value information. It can be a challenge to help SMBs recognize their risk and responsibility. Recently, the FBI issued a warning that hackers were targeting medical and dental offices still using unsecured file transfer protocol (FTP) servers to store and transfer protected health information and personally identifiable information.

We find that kind of situation often — the presence of a rogue FTP server operating in the dusty corner of a server room somewhere. It works, so no one has bothered to do anything to change it. Or maybe a change was made and a well-meaning employee "upgraded" to a consumer-grade file sharing service. Although it may have seemed like a good idea at the time, it could end up costing a lot in the long run.

There's a reason why consumer-based file sharing and collaboration services are so popular; they're easy to use and they work well at an attractive price point. However, when you're dealing with important business transactions that involve sensitive information, it's important to pick the right tool for the job. MFT excels with back-office integration, whereas consumer-based services don't work with most process automation structures. Add in other required and MFT-enabled tasks such as process automation, deduplication, data extraction, and other transactional integrations, and you'll find that MFT platforms can go a long way toward minimizing the element of human error — an important and overlooked part of risk-mitigation.

MFT has long been an essential element within an IT environment, but now more than ever MFT is a crucial element to managing your data securely and effectively. The age of MFT has come again.

Related Content:

Greg Hoffer is Vice President of Engineering at Globalscape, where he leads the product development teams responsible for the design and engineering of all of Globalscape's products. In more than 12 years of service to the company, Greg has overseen the creation of ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark Reading,  8/21/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.
PUBLISHED: 2019-08-23
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this im...
PUBLISHED: 2019-08-23
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.