A look back at InfoSecurity Europe 2014

A look back at InfoSecurity Europe 2014

InfoSec was a little different for the team at Pro2col this year.  We decided to take our own stand again, rather than working on a vendors and it certainly paid dividends. Whilst the show was undoubtedly quieter, due to the Tube strikes and poor weather, it would be fair to say that those that were committed enough to come were there for a reason.  We had lots of conversations with interesting companies about their need to move data securely, from geo-physics to exam papers and everything in between.All in all it was definitely a worthwhile investment!

Pro2col Stand-300x168
At the exhibition we had a competition to win £250 of Virgin Experience Day vouchers, which our lovely models Sam & Emily ran for us. To enter they simply needed to scan the badges, the girls did exceptionally well with over 1,000 entries over the three days.  We’ll be announcing the winner on Friday, 9th May so watch this space.

As per usual with exhibitions we over indulged a little with some of our vendor partners outlasting us til the early hours of the morning.  And it wouldn’t be InfoSec without some Champions League football to take in as well.  We’ll be sad to see Earls Court being redeveloped having attended some ten plus exhibitions there over the years, still I’m told Olympia has been ‘done up’ so I guess we’ll be heading there for InfoSec next year.

Finally I want to thank all of the team that helped with the event, our customers for coming along to speak to us, our vendors for their hospitality and our models for the fab job they did!

Five File Transfer Pain Points

Five File Transfer Pain Points

In a normal day, companies and individuals must transfer files containing many different types of sensitive and mission-critical information across systems, businesses and departments – everything from legal documents to X-rays to credit card statements. In an effort to get work done, employees will often skirt the rules of IT and turn to readily available file-sharing options outside the corporate IT structure. This opens the company up to a host of liabilities from security, visibility and control to inaccurate information being transferred within systems. Jeff Whitney, from Ipswitch File Transfer, has identified the top five IT pain points associated with file transfers.

  • Complexity

    File sharing solutions are often complex and do not provide a unified standard for the business to automate processes. As file sharing has been core to business process for quite some time, there are often legacy systems in place with layers of homegrown tools and scripts, as well as products from multiple vendors.

  • Limited Visibility Control

    Businesses, especially in regulated industries like health care and financial services, need to have the ability to track the movement of files. IT teams often talk about “flying blind” when they don’t have visibility into where files are or proof that they’ve been delivered.

  • Employees Circumvent IT

    Without a centralized file transfer system in place, employees will often bypass IT and use a commodity file-sharing product, subjecting the organization to added security risks. This is an escalating issue with the proliferation of consumer-based sharing applications, like Google Drive.

  • Ensuring Security

    Security is always a top priority for IT teams, but there is often little insight into the way that businesses transfer critical data.  When issues do occur, IT is often blind to them since they lack general oversight of the file transfer process.

  • Insufficient Resources

    The IT department, like many others within organisations, is constantly being asked to do more work with less resources. Companies are creating and transferring documents at an exponential rate and IT must find a way to scale current systems, processes and resources to meet these increasing demands.

 

How can you remedy these pain points?

Forward-thinking IT teams are adopting or looking into managed file transfer (MFT) solutions to free-up resources to focus on other critical business needs. These teams are finding that an MFT strategy allows automation and auditability of file movement.

 

About us
As the UK’s leading independent experts in managed file transfer, Pro2col is well positioned to help you to assess your requirements, identify potential solutions, demonstrate the leading contenders and help you to evaluate those that fit best.  We’ve worked with over 600 companies in 28 countries to address their file transfer challenges and we’d very much like to help you with your file transfer project.  To get started download some of the free resources or contact our file transfer specialists on 0333 123 1240.

Dropbox Alternative – Day Two at InfoSecurity Europe

Dropbox Alternative – Day Two at InfoSecurity Europe

With the sun beating down outside you could have been mistaken in thinking the IT community would stay away from Earls Court, but day two of InfoSec was packed.

Pro2col had the pleasure of assisting on the Globalscape stand, on what is traditionally the busiest day. With Chaz and Chris Thacker both providing demos the stand was busy and the message was coming through loud and clear; IT Professionals want a Dropbox Alternative.

globalscape_infosec-300x225A study by security distributor e92plus that I read at the show highlighted that some 76% of IT Professionals in the UK had Dropbox at the top of its list of banned technologies. This was very much reflected by the conversations we had and the demonstrations of Globalscape solutions provided.

The most popular solution by far was Mail Express. Visitors loved the web based functionality and MicroSoft Outlook plugin. The Drop Off Portal also proved a big success as IT admins learned how they could provide a hands off facility for large files to come into the business without the need for setting up FTP accounts or clogging up email servers with attachments.

If you’d like to learn more about how Globalscape solutions could help your business Replace Dropbox, contact Globalscape’s UK Master Partner here.

Cloud File transfer Services Hosted in the UK are not subject to the Patriot Act

Cloud File transfer Services Hosted in the UK are not subject to the Patriot Act

Over the years I’ve spoken to many clients about hosted data transfer systems, and the security implications of where your data is stored.  Generally there arelots of levels of sensitivity of data that a business might have. Sometimes the more commercial, cloud based technologies can fit, e.g. sending marketing collateral to a printers wouldn’t generally be considered sensitive data.  Over recent years however, there has been a worrying increase in the amount of enterprises who have either mandated the use of cloud based technologies for the distribution of sensitive data, or turned a blind eye to what employees are using off of their own back.  Naturally there are issues surrounding compliance here and potential brand damage should the data find its way into the public domain, but that’s been covered many times before and isn’t the focus of this blog.

 

A few days ago I spoke with an international consulting firm (who shall remain nameless). They confided in me that the organisation didn’t have a managed file transfer solution in place to cater for the ad hoc transfer of data between internal staff and external parties.  They disclosed that a decision had been taken to purchase a wetransfer.com channel for their business, but this IT Manager was very concerned about compliance and security of his data.  Having had some experience of wetransfer in the past I suggested that additionally he should be concerned about where his data was stored.  Being a predominately US based company, it could be possible that their data was making its way to their US data centres and therefore be subject to the Patriot Act.  I wasn’t scaremongering, this is true as there is no way to define which server your data resides on as it’s a consumer grade solution, predominantly adopted by enterprises to get them out of a hole.

 

When looking at securely transferring business critical data I can see why a company may opt to adopt a ‘big brand’ cloud solution, but its worth pointing out they’re generally big brands because they appeal to the masses and are consumer grade.  When selecting a cloud based technology its worth asking these questions:

 

  1. Where will my data be stored?US-GreatSeal-Obverse
  2. What levels of physical security are in place at these data centres?
  3. What security is in place to protect my data at rest in these locations?
  4. Is my data encrypted in transit and at rest at all times?
  5. Who within the organisation supplying the service has access to my files?
  6. What controls am I offered to administer and manage the service being used across my organisation?
  7. What compliance or data security standards do you adhere to?
  8. What logging and tracking do you provide to help me achieve compliance?

 

This list outlines some of the most important questions and is a good starting place.  If you’d like to discuss your file transfer requirements in more detail our consultants can help.  We’ve been working with file transfer technologies for more than a decade now and are well placed to be able to detail your requirements and help you identify the best technology fit.  Get in touch or call 0333 123 1240 or for International callers +44 1202 433 415.

Security hole in Facebook’s secure file transfer platform

Security hole in Facebook’s secure file transfer platform

As a brand Facebook is up there with the biggest of them, with over a billion users each month according to company reports .  This makes them a big target for the cybercrime community. As a countermeasure their ‘Bug Bounty Program’ encourages friendly hackers to report vulnerabilities in their systems and it was one such researcher that noted the security hole in their Accellion private cloud deployment.

Writing on his blog on this Monday, Nir Goldshalger announced that he had previously uncovered a hole affecting Accellion Secure File Transfer appliance that would allow an attacker to gain control of a users account with little more than their email address account.

facebook-logo

A closer look at the date on the video at the bottom of his blog article (19th March 2012) and when the problem was patched (patch 9_1_166 released on 20th March 2012) would suggest that Nir did in fact identify this vulnerability, meaning that Facebook Bug Bounty Program is a worthwhile exercise.  It also demonstrates that Accellion took the issue seriously, quickly and efficiently addressing the problem when it came to light.

Software is rarely ever without flaws but all vendors do their best to ensure products don’t reach the market with problems and when they do, responding quickly is the key to maintaining brand integrity.  This also goes to highlight how important it is for customers to update the software patches released by vendors in a timely manner.  Nir was likely paid for his research and held off releasing this information for nine months, whilst I expect Accellion made a concerted effort to ensure all customers were running the latest versions of software. It will no doubt have a small negative impact on Accellion’s brand image but on the plus side, it appears to show that Accellion handled the matter in a professional manner.

Ad Hoc file transfer is one of the largest segments of the managed file transfer industry and we’re pleased to be working with some of the industries leading brands. With solutions from Biscom, Ipswitch, Globalscape and more, we at Pro2col are able to help you choose the right product to fit your feature requirement and budget limitations.  To speak to an ad hoc file transfer consultant call Pro2col today on 0333 123 1240.