New data protection rules could come into force as soon as 2013!

New data protection rules could come into force as soon as 2013!

We’ve been aware for a while that EU Data Protection laws were under review. The latest news implies that business may have less time than they think before a new data protection framework is introduced. According to an article published in Computer Weekly, “While negotiations continue in Brussels, compliance and risk managers have no time to waste in preparing for the new rules that could come into force as soon as 2013.”

The impending release of this new data protection legislation puts increased pressure on businesses to ensure that they have the right measures in place to protect internal data. Especially since one of the change could potential involve the need to disclose data breach incidents within 24 hours of their discovery. data_protectionDespite the controversy surrounding this specific part of the proposal, it seems European businesses will almost certainly join their peers in most US states in having to comply with mandatory breach disclosure.

Bearing this in mind, the requirement to secure business data will be making it’s way to the top of many companies priority lists. Brand protection and company reputation are invaluable in today’s competitive marketplace and in order to protect this, you’re going to have to protect your data. This can seem like a daunting task, but there are regulations such as ISO 27001 and PCI DSS that provide a framework and a very good set of controls to work with. Although this doesn’t guarantee that you’ll meet the new EU regulations 100%, it gives you a good chance of be close to compliance.

At Pro2col, we provide a range of secure file transfer solutions that meet whole range of security legislation such as PCI DSS, ISO 27001, HIPAA, SOX and many more. So if you’re looking to take the next step when it comes to your data security, please contact us on 0333 123 1240.

Hosted v’s On Premise Managed File Transfer

Hosted v’s On Premise Managed File Transfer

Over the past couple of years there has been considerable hype around saas, hosted or cloud based solutions – the managed file transfer marketplace has been no different.  We speak to many businesses on a daily basis about their file transfer requirements and inevitably, a number of them ask for a cloud based solution. So we’ve been speaking to a range of our vendors, natural leaders in the software field, but many of them seem unwilling to step out of their traditional marketplace and into the cloud space.  There are of course good reasons for this.  For example, the impact on existing software sales, the responsibility that goes with managing other peoples data and probably most importantly, the size of the market. According to Gartner only 10% of the managed file transfer marketplace actually relies upon a cloud based solution.  With the managed file transfer sector experiencing +20% growth year on year and the shift to cloud solutions not likely to slow any time soon, transition to cloud services could become the next major battlefield for vendors. However as it stands, this certainly isn’t reflected in the managed file transfer marketplace as there are many more software vendors than service providers.

cloud_computing

If you’re thinking about implementing a hosted or on-premise managed file transfer solution, there are a number key points to consider.  Here are a few to start you off:

Cost of Ownership

Cost is the number one factor influencing the choice of managed file transfer solution for most businesses.  Implementing and managing an on-premise MFT solution can be pricey, some of the costs to consider are:

Software – The initial software purchase price can range from £5,000 to in excess of £50,000 but once this has been paid, the solution is yours.  Although hosted services appear cheaper in the short term, ongoing subscriptions can be costly in the long term.

Hardware – Providing an environment to install and run the MFT solution can also add up, especially when you take into account disaster recovery or high availability.

Infrastructure – Hosting files on your own server can prove a problem, bear in mind the impact on your Internet connection when a 1Gb file is shared with 50 or more external users!

Support & Management

Another point to take into account after the initial go-live of a managed file transfer solution are the costs associated with ongoing support and management. Specifically:

Internal Support – If you deploy an MFT solution, the responsibility of support and management falls on internal team members, whereas with a hosted solution much of the ongoing support is outsourced to the service provider.

Availability – Generally hosted services run in high availability data centers.  Therefore, they offer guaranteed uptime with load-balanced solutions as the norm and include SLA’s.

Scalability – In a hosted environment, scalability of your product is generally available on demand or at the touch of a button.  It’s not always quite so simple with an on-premise MFT solution.

Back-up/disaster recovery – Usually provided as part of the service by hosting providers, back up and disaster recovery can be costly when purchased as part of a solution package.

Deployment

Bringing an on-premise managed file transfer solution online has its challenges. Ports need opening on firewalls, rules need setting up, plus there are considerations about the design of the solution and how it will sit within the corporate infrastructure.  Hosted solutions are incredibly fast to deploy given that much of the above doesn’t come into play.

Functionality & workflow

Typically, functionality and workflow features are key drivers in the decision making process. On-premise managed file transfer solutions offer far more in the way of a comprehensive feature set:

Bottlenecks – Having files local to you, when you need them can save a considerable amount of time in terms of loss of productivity, especially for larger enterprise deployments.  Pushing data to remote services can impact upon an end users time or can delay internal processes.

Integration – More often than not, hosted solutions are somewhat limited in the level of integration capabilities they offer.  This is an important factor to take into consideration as lack of integration reduces the potential to automate tasks and minimise the man hours wasted on routine tasks.  There are of course exceptions to the rule as there are some very capable hosted technologies.

These are just some of the key areas to be mindful of if you’re weighing up the pros and cons of hosted vs on premise managed file transfer solutions.  Ultimately, the decision will be fueled by the scope of your requirements and the size of your budget.  Whatever these may be, there is a managed file transfer solution out there to fit your business needs.  If you want some help pinpointing the right solution for you, please contact Pro2col on 0333 123 1240.

Box, DropBox, YouSendit vs Managed File Transfer: How secure is your data?

Box, DropBox, YouSendit vs Managed File Transfer: How secure is your data?

File sharing applications are often free or at least cheap, simple to use and very often difficult for an IT department to trace.  This presents a major problem for the enterprise as highlighted in a recent study by Palo Alto Networks which showed that of the 1,636 enterprises surveyed, a staggering 92% of companies had an average of 13 different browser based file sharing applications in use within their network.

With recent announcements such as the DropBox security loophole and the MegaUpload service being taken down, the net is closing in on file sharing applications and services, and rightly so.  Pretty much all businesses need to share files with colleagues, customers and trading partners, but at what cost? Recent studies by the Ponemon Institute found that the average data breach costs UK firms £1.9m prompting the question, “what would be the impact of a data breach on your company”?

browser_based_file_sharing_apps

Figure 1 – Most frequently detected browser based file sharing apps

Over burdened IT departments throughout the UK are faced with the challenge of enabling their users to carry out day to day tasks, whilst ensuring that their activities don’t compromise the very future of the business they work for.  With legislation surrounding data breaches putting increasing pressure on IT departments and data controllers, the implementation of a secure, managed file transfer solution has never had a higher priority.

When it comes to providing users with a simple, secure file transfer solution, we can help.  Pro2col represents a number of managed file transfer vendors here in the UK and has 10 years experience in finding the right solution for businesses.  Whether its providing cross platform applications for Windows, Mac, Linux or Unix, mobile application integration for iPhone, Android, Blackberry or the iPad or email integration with Microsoft Outlook or Lotus Notes, we have the solution to fit.

If your company is still using online file sharing technologies ask yourself this question – which is right for my business?  A technology over which I have no control or visibility or a secure, managed file transfer solution providing guaranteed delivery, auditing and reporting capabilities and complete control.

For a free consultation contact Pro2col on 0333 123 1240 and speak to a managed file transfer specialist with no obligation.

EU Data Breach Laws Set to Toughen

EU Data Breach Laws Set to Toughen

Businesses will be required to inform authorities within 24 hours of a serious data breach according to tough new data protection rules announced during a press conference in Brussels yesterday.

data_protection“Companies and organisations must notify [authorities] of serious data breaches as soon as possible — and to me, that means within 24 hours,” said Justice Commissioner Viviane Reding.

Under the proposed law companies would also be obliged to inform all affected individuals of any data security breach, including unauthorised destruction or loss.

Under the Commission’s proposed changes to the 1995 Data Protection Directive, companies can be fined up to €1m (£830,000), or two percent of global turnover, for serious violations of the regulations. In an attempt to provide businesses with much simpler data protection administration throughout Europe, National data authorities will become the primary point of contact for companies dealing with Europe-wide data questions, and the legislation aims to provide a single set of rules for data protection across Europe.

The rules need to be approved by the EU’s member states and ratified by the European Parliament before they can come into effect.    

Should I Use Transport Encryption Or File Encryption

Should I Use Transport Encryption Or File Encryption

By Hugh Garber, Ipswitch.

This morning I was asked if I recommended using transport encryption or file encryption to protect company files and data.

My answer: “Use both of them, together!”

For starters, here’s a real quick summary of both encryption types:

Transport encryption (“data-in-transit”) protects the file as it travels over protocols such as FTPS (SSL), SFTP (SSH) and HTTPS. Leading solutions use encryption strengths up to 256-bit.

File encryption (“data-at-rest”) encrypts an individual file so that if it ever ended up in someone else’s possession, they couldn’t open it or see the contents. PGP is commonly used to encrypt files.

Hacking for password

I believe that using both together provides a double-layer of protection. The transport protects the files as they are moving and the PGP protects the file itself, especially important after it’s been moved and is sitting on a server, laptop, USB drive, smartphone or anywhere else.

Here’s an analogy: Think of transport encryption as an armoured truck that’s transporting money from say a retail store to a bank. 99.999% of the time that armoured truck will securely transport your delivery without any incident. But adding a second layer of protection – say you put the money in a safe before putting it in the truck – reduces the chance of compromise exponentially, both during and after transport.

One last piece of advice: Ensure that your organisation has stopped using the FTP protocol for transferring any type of confidential, private or sensitive information. Although it’s an amazing accomplishment that FTP is still functional after 40 years, please realise that FTP does not provide any encryption or guarantee of delivery – not to mention that tactically deployed FTP servers scattered throughout your organisation lack the visibility, management and enforcement capabilities that modern managed file transfer solutions deploy.

Original: Ipswitch File Transfer

Email Attachment Management: Facilitating Secure, Large File Transfer

Email Attachment Management: Facilitating Secure, Large File Transfer

Typically, email is the first port of call for all non-technical staff members when faced with the task of sending large documents quickly. We’re now in an age where data leaks are common place and authorities are cracking down on insufficient security policies. According to figures published by IDG Research Services, the companies that they surveyed rated email as the third highest area of concern when it came to the security of their data. The fact of the matter is, standard email is just not capable of meeting modern day security requirements. Not only this, there are other associated problems to consider when using email for large file transfer such as email attachment management, size limitations, unpredictable deliverability of files, bandwidth utilisation and storage problems.

So businesses are reacting to these issues by implementing sophisticated technologies that address these concerns – which is great – but unfortunately, this is a 1-dimensional solution to a 2-dimensional problem. Providing the facilities to send files securely is one thing, guaranteeing that all file transfers within the business are completed using these facilities is another matter altogether.

email_attachement The question is, how do you stop staff members bypassing new technologies in favour of good old trusty, familiar solutions such as email? The answer is – enable them to continue to use it. Alongside web browser upload options provided, email attachment management solutions offer plugins that can be integrated with existing email clients, to enable ground level users to attach files and send them securely via email.   The difference is that rather than filtering through email servers, large email attachments are handed off to the email attachment management solution where they are encrypted, stored and a notification email sent onto the recipient containing a secure download link to the file.

So…

  • Your confidential information remain secure.
  • You avoid the fines and penalties being enforced by authorities such as the ICO, for failing to meet security compliance legislation.
  • The reputational risk associated with loss of customer data is negated.
  • Email servers and storage systems are not overwhelmed by a mass of large data files.
  • File transfers come with a full audit trail.
  • You can be notified when a recipient downloads a file, providing accountability and more reliable file transfers.
  • Large file transfer is quick, secure and user friendly for staff, allowing them to concentrate on being productive.

Take a look at this short video to find out more about what an email attachment management solution can offer you…

If you’d like to find out more about email attachment management, Biscom Delivery Server or any of the other secure, ad hoc file transfer solutions we provide, please don’t hesitate to contact us on 0333 123 1240.