Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

10:30 AM
Greg Hoffer
Greg Hoffer
Connect Directly
E-Mail vvv

The Second Coming of Managed File Transfer Has Arrived

Sometimes, a mature, embedded technology still makes the most sense, especially when it comes to data security.

There's a lot to be excited about in technology today. Innovations in areas such as artificial intelligence, the Internet of Things, robotics, cloud computing, data analytics, and mobility are just a few of the categories that are transforming the way we do business. And yet, even as we laud the visionaries who are working on the next big thing, there's a lot of rock-solid traditional tech taking on the day-to-day dirty work that doesn't get much attention even though businesses rely on it. Every day I am treated to an up-close-and-personal view of that world.

As vice president of engineering for a company that develops managed file transfer (MFT) technology (as do many other vendors), I know we're not in the most disruptive of segments, but I also know how many organizations rely on MFT. MFT is a foundational technology. Organizations use it to securely exchange data and efficiently execute the business-critical tasks that come under the thumb of today's complex data regulations.

These days, "regulated" organizations include most companies in all industries, not just the ones we think of first, like financial services, healthcare, and retail. Any organization that collects and stores information about people qualifies to some degree, of course. Think about the kind of information a large chain store or fast-food restaurant handles every day; whether it is human resources and payroll data or customer transactions, there's a lot at risk if those files are intercepted or compromised in some way.

There is also a growing awareness about the organizational need to protect intellectual property, especially as supply chains, distribution channels, and partner networks grow more complex. The same is true for the manufacturers that source and distribute parts and materials from all over the world, including automotive and semiconductor makers. It's not just about protecting trade secrets; it's about protecting critical business processes. The reliable, efficient, and secure flow of data is table stakes for businesses today.

Another industry that recognizes the need to jealously guard their product integrity is entertainment. Multimillion-dollar blockbuster movies, for example, rely on an efficient digital production chain — including production, post-production, and distribution — operating on tight deadlines. Files shot in a remote location may need to be shared in a collaborative environment with teams distributed around the world before final editing in a California studio. Every step of the journey necessitates the secure, reliable movement of large files containing highly sensitive, high-value information to protect investments and keep to schedule. There's simply too much at stake to cut corners.

MFT might be a mature technology — but today, it's more relevant and important than ever.

Foundational Pieces
What MFT technology does is centered on security, compliance, authentication, and integration, which are crucial in today's innovation and technology-driven environment. These are foundational pieces for organizations that understand the risks of failure and the importance of addressing those risks proactively. Whether working to satisfy regulators or demanding studio bosses, falling short of the mark means financial and reputational damage. Neither outcome is acceptable.

This isn't to say that only large, complex global organizations need worry about such things. There is no size limit for compliance. The Health Insurance Portability and Accountability Act, for example, applies to the private clinic with a country doctor and associated staff as much as it does for the regional hospital network operating a dozen bustling hospitals.

[Check out the two-day Dark Reading Cybersecurity Crash Course at Interop ITX, May 15 & 16, where Dark Reading editors and some of the industry's top cybersecurity experts will share the latest data security trends and best practices.]

Hackers, after all, aren't concerned about the size of their target if the objective is worthwhile. Many medical organizations fall into the small- to medium-sized business (SMB) category, but they deal with a lot of sensitive and high-value information. It can be a challenge to help SMBs recognize their risk and responsibility. Recently, the FBI issued a warning that hackers were targeting medical and dental offices still using unsecured file transfer protocol (FTP) servers to store and transfer protected health information and personally identifiable information.

We find that kind of situation often — the presence of a rogue FTP server operating in the dusty corner of a server room somewhere. It works, so no one has bothered to do anything to change it. Or maybe a change was made and a well-meaning employee "upgraded" to a consumer-grade file sharing service. Although it may have seemed like a good idea at the time, it could end up costing a lot in the long run.

There's a reason why consumer-based file sharing and collaboration services are so popular; they're easy to use and they work well at an attractive price point. However, when you're dealing with important business transactions that involve sensitive information, it's important to pick the right tool for the job. MFT excels with back-office integration, whereas consumer-based services don't work with most process automation structures. Add in other required and MFT-enabled tasks such as process automation, deduplication, data extraction, and other transactional integrations, and you'll find that MFT platforms can go a long way toward minimizing the element of human error — an important and overlooked part of risk-mitigation.

MFT has long been an essential element within an IT environment, but now more than ever MFT is a crucial element to managing your data securely and effectively. The age of MFT has come again.

Related Content:

Greg Hoffer is Vice President of Engineering at Globalscape, where he leads the product development teams responsible for the design and engineering of all of Globalscape's products. In more than 12 years of service to the company, Greg has overseen the creation of ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...