0333 123 1240 info@pro2colgroup.com

Dropbox Alternative – Day Two at InfoSecurity Europe

With the sun beating down outside you could have been mistaken in thinking the IT community would stay away from Earls Court, but day two of InfoSec was packed. Pro2col had the pleasure of assisting on the Globalscape stand, on what is traditionally the busiest day. With Chaz and Chris Thacker both providing demos the stand was busy and the message was coming through loud and clear; IT Professionals want a Dropbox Alternative. A study by security distributor e92plus that I read at the show highlighted that some 76% of IT Professionals in the UK had Dropbox at the top of its list of banned technologies. This was very much reflected by the conversations we had and the demonstrations of Globalscape solutions provided. The most popular solution by far was Mail Express. Visitors loved the web based functionality and MicroSoft Outlook plugin. The Drop Off Portal also proved a big success as IT admins learned how they could provide a hands off facility for large files to come into the business without the need for setting up FTP accounts or clogging up email servers with attachments. If you’d like to learn more about how Globalscape solutions could help your business Replace Dropbox, contact Globalscape’s UK Master Partner...

Cloud File transfer Services Hosted in the UK are not subject to the Patriot Act

Over the years I’ve spoken to many clients about hosted data transfer systems, and the security implications of where your data is stored.  Generally there arelots of levels of sensitivity of data that a business might have. Sometimes the more commercial, cloud based technologies can fit, e.g. sending marketing collateral to a printers wouldn’t generally be considered sensitive data.  Over recent years however, there has been a worrying increase in the amount of enterprises who have either mandated the use of cloud based technologies for the distribution of sensitive data, or turned a blind eye to what employees are using off of their own back.  Naturally there are issues surrounding compliance here and potential brand damage should the data find its way into the public domain, but that’s been covered many times before and isn’t the focus of this blog.   A few days ago I spoke with an international consulting firm (who shall remain nameless). They confided in me that the organisation didn’t have a managed file transfer solution in place to cater for the ad hoc transfer of data between internal staff and external parties.  They disclosed that a decision had been taken to purchase a wetransfer.com channel for their business, but this IT Manager was very concerned about compliance and security of his data.  Having had some experience of wetransfer in the past I suggested that additionally he should be concerned about where his data was stored.  Being a predominately US based company, it could be possible that their data was making its way to their US data centres and therefore be subject to the Patriot Act.  I...

Security hole in Facebook’s secure file transfer platform

As a brand Facebook is up there with the biggest of them, with over a billion users each month according to company reports .  This makes them a big target for the cybercrime community. As a countermeasure their ‘Bug Bounty Program’ encourages friendly hackers to report vulnerabilities in their systems and it was one such researcher that noted the security hole in their Accellion private cloud deployment. Writing on his blog on this Monday, Nir Goldshalger announced that he had previously uncovered a hole affecting Accellion Secure File Transfer appliance that would allow an attacker to gain control of a users account with little more than their email address account. A closer look at the date on the video at the bottom of his blog article (19th March 2012) and when the problem was patched (patch 9_1_166 released on 20th March 2012) would suggest that Nir did in fact identify this vulnerability, meaning that Facebook Bug Bounty Program is a worthwhile exercise.  It also demonstrates that Accellion took the issue seriously, quickly and efficiently addressing the problem when it came to light. Software is rarely ever without flaws but all vendors do their best to ensure products don’t reach the market with problems and when they do, responding quickly is the key to maintaining brand integrity.  This also goes to highlight how important it is for customers to update the software patches released by vendors in a timely manner.  Nir was likely paid for his research and held off releasing this information for nine months, whilst I expect Accellion made a concerted effort to ensure all customers were running the...

Managed file transfer set back after Java vulnerability in Mac OSX

TechWeek Europe yesterday reported that Apple’s latest Java update for Mac OS X not only fixes a number of security flaws, it also removes the browser plug-in from the user’s system.  This is in response to long standing problems with Java vulnerabilities after six hundred thousand Apple Macs were infected with the Flashback worm earlier this year.  Apple’s approach to controlling  software updates for Mac’s resulted in patches written by Oracle for Java 6.x being rewritten and distributed compounding serious security flaws further with the inevitable delays.  Apple  is now only responsible for Java updates on Macs running OS 10.7.2 or below, therefore upgrading the OS to a later version will result in the use of Java 7 which is developed and updated directly by Oracle although it too isn’t without problems. Whats the problem with disabling Java you may ask?  Well its well known that Java is really the undisputed champion when it comes to carrying larger data sets through a web browser and most managed file transfer software products use Java, almost without exception!  Why Java, well thats another discussion which has been very well documented over on the FileCatalyst web site and whilst Mac’s in general don’t account for the largest desktop market share, around 6.5% the lack of Java in OSX is a real problem for Mac users of managed file transfer solutions. The resolution?  Well Apple aren’t stopping users from running Java on their Mac’s rather ensuring that they take the decision to enable it, this however is likely to further strain relationships between Mac users and the predominately Windows based IT departments.  I suspect that we’ll...

Managed File Transfer in Action

A well known utilities company in Yorkshire were using multiple legacy systems and 2 disparate FTP solutions to move data into, out of and around their organisation.  These systems had grown organically over time to tackle isolated file sharing issues when they arose.  As it transpired, this approach left the company with an ungovernable mix of system to system and FTP solutions that required manual interventions and the ongoing revision of batch scripts. The mounting costs generated by work duplication and management overheads, accompanied by the risk associated with the absence of failover was becoming a genuine concern.  Bearing in mind that these systems were executing business critical processes such as billing, debt management, banking and delivering mission dependent data to employees in the field – recreating these undocumented workflows in the event of a disaster would be costly.  Considering the sensitive nature of certain pieces of data moving through these workflows, securing data was also a priority. Pro2col worked alongside the customer to develop an understanding of their processes and document their key requirements.  Armed with this information, we were able to identify the technologies that would meet these requirements, and help them through the selection and evaluation process.  Specifically, the company were looking to: Secure the sending and receipt of confidential business and customer data To further automate the retrieval of time sensitive data from remote systems to provide realtime updates of vital information to their workforce at regular intervals throughout the day. In terms of features, the company were looking for: A solution that would support FTP, SFTP/FTPS, HTTP/HTTPS. A user-friendly GUI for administration and configuration as apposed...