0333 123 1240 info@pro2colgroup.com

Should I Use Transport Encryption Or File Encryption

By Hugh Garber, Ipswitch. This morning I was asked if I recommended using transport encryption or file encryption to protect company files and data. My answer: “Use both of them, together!” For starters, here’s a real quick summary of both encryption types: Transport encryption (“data-in-transit”) protects the file as it travels over protocols such as FTPS (SSL), SFTP (SSH) and HTTPS. Leading solutions use encryption strengths up to 256-bit. File encryption (“data-at-rest”) encrypts an individual file so that if it ever ended up in someone else’s possession, they couldn’t open it or see the contents. PGP is commonly used to encrypt files. I believe that using both together provides a double-layer of protection. The transport protects the files as they are moving and the PGP protects the file itself, especially important after it’s been moved and is sitting on a server, laptop, USB drive, smartphone or anywhere else. Here’s an analogy: Think of transport encryption as an armoured truck that’s transporting money from say a retail store to a bank. 99.999% of the time that armoured truck will securely transport your delivery without any incident. But adding a second layer of protection – say you put the money in a safe before putting it in the truck – reduces the chance of compromise exponentially, both during and after transport. One last piece of advice: Ensure that your organisation has stopped using the FTP protocol for transferring any type of confidential, private or sensitive information. Although it’s an amazing accomplishment that FTP is still functional after 40 years, please realise that FTP does not provide any encryption or guarantee of...

Email Attachment Management: Facilitating Secure, Large File Transfer

Typically, email is the first port of call for all non-technical staff members when faced with the task of sending large documents quickly. We’re now in an age where data leaks are common place and authorities are cracking down on insufficient security policies. According to figures published by IDG Research Services, the companies that they surveyed rated email as the third highest area of concern when it came to the security of their data. The fact of the matter is, standard email is just not capable of meeting modern day security requirements. Not only this, there are other associated problems to consider when using email for large file transfer such as email attachment management, size limitations, unpredictable deliverability of files, bandwidth utilisation and storage problems. So businesses are reacting to these issues by implementing sophisticated technologies that address these concerns – which is great – but unfortunately, this is a 1-dimensional solution to a 2-dimensional problem. Providing the facilities to send files securely is one thing, guaranteeing that all file transfers within the business are completed using these facilities is another matter altogether. The question is, how do you stop staff members bypassing new technologies in favour of good old trusty, familiar solutions such as email? The answer is – enable them to continue to use it. Alongside web browser upload options provided, email attachment management solutions offer plugins that can be integrated with existing email clients, to enable ground level users to attach files and send them securely via email.   The difference is that rather than filtering through email servers, large email attachments are handed off to...

Secure Managed File Transfer: On Premise v’s The Cloud

Everybody is talking about the cloud; its today’s hot topic with more and more organisations considering a cloud-base (hosted) solution as an alternative to their current on-premise solution.  The shift to cloud based computing is gathering pace and consequently this is an area we’ve been looking at quite closely. So, is Cloud based secure managed file transfer for me and what are the biggest drivers behind this trend? 1.  Its cheaper! Many IT departments spend at least 50% of their budgets on salaries, and up to 70% of IT staff time is spent on maintenance, according to analysts. In-house IT specialists cost companies for IT management resource. A hosted service, on the other hand, may charge a much-reduced figure for its service along with 24–7–365 monitoring and higher uptime than many companies can achieve with on-premise staff and systems. 2.  Hosted providers can do it better. Hosting vendors store the information on their own servers and manage the entire system for you, drastically reducing the time and energy you spend on keeping your MFT up and running. A growing number of companies just want MFT isolated as an enterprise-class cloud service, with all the modern archiving, compliance and virus protection features they require along with a scalable infrastructure their IT staff never has to worry about or manage. 3. The cloud has gone mainstream. Primed for enormous growth and widespread adoption, recent research indicates that 84 percent of small and mid-size companies and 69 percent of large companies are willing to consider, currently reviewing or already using software-as-service (SaaS) solutions. A big part of this growth is a result...

Ipswitch MOVEit DMZ Managed File Transfer Review

SC Magazine have reviewed a number of managed file transfer solutions available in the marketplace – Ipswitch MOVEit DMZ being one of them. This managed file transfer server software helps secure data in transit by encrypting various transfer protocols using industry standards. After reviewing product attributes such as features, ease of use, performance, documentation, support and value for money, Ipswitch MOVEit DMZ was award a full 5 stars in every category and labelled as one of SC Magazine’s ‘Best Buys’. Stating no possible negative points against the solution, the overall verdict deemed MOVEit DMZ a “A flexible, web-based product which allows tight control over end-to-end file transfer security.” See here for full details of the SC Magazine review or for more information regarding the Ipswitch File Transfer product range. Please also feel free to contact Pro2col on 0333 123 1240 to speak to one of our...

How will the changes to PCI DSS affect you?

The PCI Security Standards Council have just released version 2.0 of PCI DSS, the Data Security Standard enforced upon all merchants that accept any form of card payments, designed to secure and protect cardholder details.  Although introducing only minor alterations, the main intention of the amendment is to provide greater clarity and flexibility for small merchants, facilitating a more comprehensive understanding of the requirements that must be satisfied under PCI DSS and making them easier to implement and abide by. From a long term perspective, the amendments made are designed to help merchants manage evolving risks and data security threats whilst maintaining alignment with industry best practices.  Taking a higher level perspective, the main changes cover: Reinforcement of the need to conduct thorough scoping exercises, so that merchants can identify exactly where their cardholder data resides in the business. The need for more effective log management of credit card data within the business. Allowance for organisations to adopt a more risk based approach when prioritising vulnerabilities, taking into account their specific circumstances. The acceptance of unique business environments and accommodation of their specific needs. More specifically Jonathan Lampe, VP of Product Management at Ipswitch File Transfer and representative of the PCI Security Council has identified the 5 key changes that will directly effect the transfer of sensitive credit card data: Explicit recognition of SFTP  as a secure protocol. Audit of virtual machine infrastructure and virtualisation hypervisors will be brought within the scope of PCI DSS. Rotation requirements for the purposes of key management will be “based on industry best practices and guidelines” rather than an annual stipulation. Identity and...

PCI DSS 2.0 Makes for Smarter Data Transfer Security

Tuesday, October 19, 2010 – Ipswitch File Transfer, Inc., an innovator of secure, managed file transfer solutions, today identified five key changes to the Payment Card Industry Data Security Standard (PCI DSS 2.0) standard that will substantially affect businesses transferring sensitive credit card data.  The final draft of the standard will be released on October 28. However, the substance of many changes is now clear, whilst working groups on emerging technologies continue to report on forthcoming inclusions in the standard. “The impending changes reflect developments in technology, the cost pressures on businesses and the development of smart, accepted practices,” explained Jonathan Lampe, VP of Product Management at Ipswitch and representative on the PCI Community Council. “Around fifty of our customers, from all over the world, are represented on the council.  The emphasis has been on identifying what’s secure and what works best.” Key changes forthcoming in PCI DSS 2.0, that will impact on the transfer of sensitive data include: Explicit recognition of SFTP  as a secure protocol Audit of virtual machine infrastructure and virtualisation hypervisors will be brought within the scope of PCI DSS. Rotation requirements for the purposes of key management will be “based on industry best practices and guidelines” rather than an annual stipulation. Identity and authentication requirements for users, “non-consumers” and administrators will be split further. More specific requirements will be implemented around the auditability and security of timekeeping, especially as recorded in audit logs.  (Coordinated and reliable timestamps are helpful during civil and criminal investigations as well as internal forensics investigations.) In addition, Lampe identifies the expected incorporation of tokenization technologies, into official PCI s...