Five file transfer priorities for 2018

Five file transfer priorities for 2018


Big changes in the data transfer and file sharing space look set to make 2018 an interesting year. There is updated legislation to get to grips with, plus new, more efficient opportunities for managing the flow of your data. Our technical consultants have shared their top file transfer priorities for the year ahead.

 

1. PCI DSS 3.2

PCI DSS is the security standard for processing and storing credit card information. New legislation (PCI DSS 3.2) comes into effect on 1st February 2018 and there are updated requirements that come under the scope of your data transfer system.

  • Users with administrative access to the systems handling card data need to complete multi-factor authentication. A password alone is not enough to verify the user’s identity and grant access to sensitive information. Multi-factor authentication requires two or more bits of information to authorise a person’s access to the card data. This might be a password, unique code or other method of identification. If you’re scripting an automated transfer though, you’ll need to use different identifying factors, such as private key authentication and IP white listing. This comes in addition to the existing multi-factor authentication requirements for remote access.
  • Secure Sockets Layer (SSL) and early Transport Layer Security (TLS) will no longer be considered secure protocols. Organisations have until 30th June 2018 to transition to a secure version of TLS – v1.1 or ideally 1.2 – and disable any fall back to both SSL and early TLS. This will make sure you have a secure communications channel and protect the confidentiality and integrity of information that passes between systems.

Regulators frequently update PCI DSS, keeping it in line with changing consumer behaviour and payment technology. Other PCI DSS requirements for data transfer include: Protecting stored cardholder data; encrypting data in transit across open, public networks; developing and maintaining secure systems and applications; restricting physical access to cardholder data; tracking and monitoring all access to network resources and cardholder data. There’s more information on our resources page.

A good data transfer solution will provide these features, and some provide PCI-DSS compliance reports too.

To compare solutions with PCI DSS 3.2 compliant features, complete the Managed File Transfer Comparison Report. This will recommend and compare solutions meeting your specific requirements.

2. GDPR

Most organisations will handle personal data in some way. It is essential that you are clear on which of your data transfers fall within the scope of GDPR and take the right steps to protect it. Out of support software, open source FTP, unmanaged in-house scripts and consumer-grade cloud solutions are some big areas of risk for your organisation.

Does your Managed File Transfer solution do the following?

  • Encrypt data in transit and at rest. Data shouldn’t be in the DMZ unencrypted, even if that’s only for a short period of time.
  • Offer authentication / access control to restrict users to only access the data they require.
  • Deliver high availability functionality so that services can continue following a failure of one or more components.
  • Provide visibility of where and when transfers occur.
  • Storage retention and ‘housekeeping’ rules to clean old files after they have been downloaded.

These are important Managed File Transfer solution features that will help keep you compliant, reduce the risks of breaches and protect you against hefty fines.

It’s not just about the technology though. GDPR has prompted us to understand the nature and sensitivity of the data. We have to know what is in the file to ensure we handle it appropriately, set suitable security and document the process in an impact assessment. For example, do the files contain personal data? If so, how sensitive is it? What is the reason for the transfer?

Some file transfer systems allow you to build impact assessments within the software and select the transfer process based on the security requirements. For example, if you classify the data as highly sensitive, it will guide you towards using SFTP or HTTPS.

Our GDPR White Paper explains how the new legislation affects your data transfer and file sharing processes and systems. There are clear recommendations from our experts too.

 

3. Plan your cloud strategy

Interest in cloud-based data transfer and file sharing solutions is growing, as more and more organisations move their IT infrastructure to the cloud. Some organisations are going entirely cloud-based, others opting for a hybrid or gradual transition.

There are a number of advantages to a cloud-based Managed File Transfer solution:

  • Reduced on-premise infrastructure management and operational costs.
  • Scalable as your business grows.
  • Many offer a pay-for-what-you-use pricing structure.
  • Improved resilience through a highly available infrastructure.

Make sure you consider all factors when you’re planning your cloud strategy. How will you get your data to the cloud securely, quickly and efficiently? Distance impacts efficiency, so think about where the data you’re transferring originates from and where you’re delivering it to. If the transfers are all on-site, cloud probably isn’t the most efficient solution. If you’re transferring between multiple geographic locations then it might be.

The technologies you choose will have an impact on your efficiency too. UDP based protocols, for example, are good for transferring large files across big distances. TCP is slower, but is an open protocol, so you don’t need bespoke servers and clients.

Consider data residency as well. Data in the cloud is stored across multiple servers and locations. Do you – for example – have permission from your data subject to store their personally identifiable data, or even user login credentials, outside the EU? (An important compliance point on GDPR). You also need to consider where your data is backed up to.

Many of the leading vendors are developing their cloud-based Managed File Transfer offering. Our consultants can advise you which solutions meet your business requirements.

4. Is your FTP server up to date?

You’d be surprised how often we speak to businesses running unsupported FTP servers with outdated operating systems. Not only does this expose your organisation to malware, ransomware and other viruses, but it affects your ISO 27001 accreditation and relationship with customers. (More and more organisations – especially large corporations – demand ISO accreditation from their service providers. That’s because they know they pose one of the greatest risks to information security).

Just because your FTP server has been working ok until now, that doesn’t mean it will continue to be protected. We have already seen DNS hijacking malware so far this year. It’s only going to get worse. Don’t let this be the year your organisation is hit.

This table show which FTP server(s) are supported by the manufacturer, the current version and the operating systems they support.

 

If your organisation has outgrown its data transfer solution, or you are concerned about its security standards, find out about our health check service.

 

5. Consider investing in APIs

APIs are becoming a more realistic and cost-effective option for businesses wanting to integrate their systems and speed up their business processes. For example, your MFT solution can receive a file and use an API to import the data into another system. It could be used to drive your CRM or order processing system (or vice-versa), saving time and reducing the risk of human error.

SOAP, REST and COM are some of the most widely used APIs. REST is probably the most common – a hybrid solution and more resilient to version updates of the partner system.

If you wanted to integrate systems in this way, your first step would be to identify a Managed File Transfer solution that supports an API (not all do). Some solutions include an API in their licence, whereas others carry an additional charge. Then you would need an on-site developer to write an application to use the API in the way that you want it to. While this is going to cost you, your organisation will quickly realise the benefits of a more integrated IT infrastructure.

Get in touch to find out about MFT solutions that support APIs and how our professional services team can develop your application.

Resources Available For You

Do you need a File Transfer solution?

Questions regarding need for File Transfer 

get-the-guide

Find out your File Transfer requirements!

“Needs Analysis Service for File Transfer”

get-the-guide

Compare the software on the market!

“Managed File Transfer Comparison guide”

get-the-guide

Can cloud storage replace FTP?

Can cloud storage replace FTP?

Can cloud storage replace FTP? Cloud storage is often promoted as an FTP alternative, but can it be an effective, easy-to-implement replacement for existing FTP processes? CEO at Coviant Software Pam Reid (pictured) takes us through seven cloud storage offerings in this guest blog post.

Cloud storage can seem like a great alternative to an FTP server. It offers a tantalising list of benefits: No software to install, configure and manage. Cost savings from pay-as-you-go pricing. Built-in encryption at-rest. Guaranteed uptime. Automatic data replication.

Trouble creeps in when you consider how you and your trading partners are going to move files to and from the cloud. You may be willing to replace your existing FTP client-side software with a Managed File Transfer tool with direct API access to cloud storage sites, but your trading partners will probably want to use their existing FTP applications to upload and download files.

We researched seven cloud storage offerings to see how easily they could fit into existing FTP processes.

  • Not good choices for existing trading partners.
    Dropbox has announced that FTP access is not on the current feature roadmap. Box supports FTP transfers for Business and Enterprise accounts for bulk migration of data only and does not recommend using FTP as a primary access method.
  • Possible choice, but with some restrictions.
    Citrix ShareFile allows access with unsecured FTP and FTPS using implicit-only connections. ShareFile also imposes restrictions, like only eight simultaneous connections, no file renaming and performance limitations based on the number of commands performed per day.
  • Better choices, but with some complications.
    Amazon S3, Google Cloud, and Microsoft Azure offer SFTP access, but only with key authentication. Each trading partner would need software that supports SSH key authentication – which some FTP clients do not support. Then, they would need to create an SSH key pair, export the public key and send it to you. Then, you would attach the SSH key pair to the bucket or container that you would like the customer to use. With these sites, the set-up is complicated and some of your trading partners may need new software.
  • Best choice for least impact on existing trading partners.
    Oracle Cloud supports SFTP connectivity with usernames and passwords for authentication. Click here for simple instructions on how to set up secure SFTP user accounts on Oracle Cloud.

So if you decide to try cloud storage, your Managed File Transfer tool needs to support direct API connections to Amazon S3, Box, Citrix ShareFile, Dropbox, Google Cloud, Microsoft Azure and Oracle Cloud for automated file transfers. This will make sure your trading partners are given a choice of how to access the files. Coviant Diplomat Managed File Transfer products support each of these and you can find out more about the software on the product page.


Pam Reid
CEO at Coviant Software

 

The information on the seven cloud storage offerings featured in this blog post is up-to-date at the time of publishing. You can find out more on the product websites. This is the latest in a series of guest blog posts from the leading vendors, highlighting how a file transfer solution can add value to your organisation.

If you would like to talk through your options for connecting your file transfer solution to the cloud, speak to one of our technical consultants now.

Coviant Software’s Diplomat Managed File Transfer products support direct API connections to Amazon S3, Box, Citrix ShareFile, Dropbox, Google Cloud, Microsoft Azure and Oracle Cloud. Find out more about Diplomat MFT products.

Resources Available For You

Do you need a File Transfer solution?

Questions regarding need for File Transfer 

get-the-guide

Find out your File Transfer requirements!

“Needs Analysis Service for File Transfer”

get-the-guide

Compare the software on the market!

“Managed File Transfer Comparison guide”

get-the-guide

Outsourcing finance operations: A file transfer use case

Outsourcing finance operations: A file transfer use case

Outsourcing finance

A major label in the music industry decided to outsource a particularly large area of its operations: finance. Managing invoices and collating data for reports was a time-consuming process that could be better handled by a specialist company.

However, financial data often forms the basis for decisions across the entire business. If data ever becomes out of date or is not processed correctly, the consequences could be disastrous.

Without an effective electronic solution, the only way to move data was to send forms through the post and scan them—a time consuming, manual process.

The right Managed File Transfer solution will allow organisations to seamlessly move data out to external suppliers for processing, and back into the business.

With event-driven automation, the music label can automatically move financial files individually or in batches over a secure connection. The data is “pushed” to the supplier.

After processing, edited documents are then pushed back to the internal network for storage and archiving.

The entire process can be managed from a single, convenient interface and data movement can be audited every step of the way.

If you plan to outsource data processing, you need a solution that seamlessly connects external trading partners with your own unique infrastructure. This particularly use-case applied Globalscape’s EFT Server as a solution. This music label saved time and money by outsourcing this vital business process—without compromising visibility or security at any stage.

 

 

 

Globalscape’s EFT server is a scalable, secure managed file transfer solution that allows users to manage and track data transfers. Find out more.

As Globalscape UK Master Partners, we provide a complete range of services for existing and new Globalscape users. Get in touch to arrange a quote, demo or evaluation.

Resources Available For You

Do you need a File Transfer solution?

Questions regarding need for File Transfer 

get-the-guide

Find out your File Transfer requirements!

“Needs Analysis Service for File Transfer”

get-the-guide

Compare the software on the market!

“Managed File Transfer Comparison guide”

get-the-guide

Upgrade to EFT 7.4.5

Upgrade to EFT 7.4.5

EFT 7.4.5 is now available, including enhancements to existing modules and two new ones. We recommend you upgrade as soon as possible.

New modules and enhancements

7.4.5 includes enhancements to Workspaces and Insight, plus two new modules you can purchase (EFT Enterprise only):

  • The Remote Agent Module (RAM) allows organisations to perform unattended file transfers between remote locations and corporate headquarters with centralised control.
  • The Cloud Connector Module (CCM) gives IT admins a way to securely support data transfers to and from cloud storage or containers like Amazon S3 or Microsoft Azure.

Globalscape’s Vice-President of Software Engineering Gregory Hoffer explains enhancements and new modules in EFT 7.4.5. This was filmed at the recent user group event in London.

Upgrade to 7.4.5 now

If you are currently running version 7.2 or above, you will not need a new licence number. Upgrade to EFT 7.4.5 here.

If you are upgrading from a previous version, please contact the support team  with your current licence number and we can take you through the process.

Resources Available For You

Do you need a File Transfer solution?

Questions regarding need for File Transfer 

get-the-guide

Find out your File Transfer requirements!

“Needs Analysis Service for File Transfer”

get-the-guide

Compare the software on the market!

“Managed File Transfer Comparison guide”

get-the-guide

Coviant Diplomat 7.3 released

Coviant Diplomat 7.3 released

Coviant Diplomat 7.3 is now available, bringing new features, enhancements and fixes. We recommend that you upgrade as soon as possible.

 

New features

Some highlights include:

  • Expanded job-scheduling choice and the ability to view planned execution dates of up to ten job-runs for a transaction.
  • Geo-location information is displayed when using the Test button on HTTP, HTTPS, FTP, FTPS and SFTP partner profiles.
  • Added option to skip specifying a Windows user logon account for the Diplomat MFT Service during installation. NOTE: If you choose not to provide a user account, you must specify a login account with the required privileges for the Diplomat Service after installation.

Standard and Enterprise only

  • Updated SMB capabilities, now supporting SMB 1.0, 2.0 and 3.0.
  • Set dates to be excluded from scheduling (e.g., holidays and other non-business days) under Settings > Calendars from the top menu bar.
  • Improved report formatting.  NOTE: Report generation now requires PDF software on the system where the Diplomat MFT Client is running.
  • Added ability to use a forward proxy server when connecting to HTTP, HTTPS, FTP, FTPS and SFTP servers.

Enterprise only

  • Support for Azure blobs.
  • Support for Box.com.
  • Upgraded to Dropbox API v2. Anyone using or planning to use Dropbox should upgrade to Diplomat MFT v7.3 as soon as possible.

Fixes

Diplomat MFT 7.3 addresses previous bugs, including:

  • Increased buffer size when using SMB as the transport type, which has improved file transfer speeds.
  • Transactions can now be updated and saved whilst another job based on that transaction is being executed.
  • The Run Now problem has been fixed. Previously the window was not being properly populated.
  • The problem using saved partner profile for SFTP with key authentication in Enterprise Edition is now fixed. Previously if partner was changed to <None>, the key was removed from the partner profile.
  • The problem on Windows Server 2008 has been corrected. Previously the drop-down fields were too narrow to show the selected drop-down value.

Upgrade to Coviant Diplomat 7.3 now

To benefit from these enhancements and fixes, we would recommend you upgrade as soon as possible.

If you need any assistance with the transition to Coviant Diplomat 7.3, please contact the support team.


If you would like to find out about upgrading to Enterprise Edition, please contact our sales team.

Resources Available For You

Do you need a File Transfer solution?

Questions regarding need for File Transfer 

get-the-guide

Find out your File Transfer requirements!

“Needs Analysis Service for File Transfer”

get-the-guide

Compare the software on the market!

“Managed File Transfer Comparison guide”

get-the-guide

Where is your data going and why? Wizuda GDPR features

Where is your data going and why? Wizuda GDPR features

Are your impact assessments and reporting procedures in place for GDPR? Danielle Cussen from Wizuda examines these important requirements in her guest blog post, ‘Where is your data going and why?’ Danielle explains what you need to do to comply and how Wizuda GDPR features will simplify compliance. Danielle is Managing Director at Wizuda.

 

 

It’s rare that a day goes by without a mention of the GDPR. Businesses across the globe are striving to achieve compliance by 25 May 2018. That’s when it comes into full force, with no grace period. The GDPR applies to any business collecting or processing personal data belonging to EU citizens.

The UK’s ICO issued a 12 step guide to preparing for the GDPR. The first step is about being aware of the GDPR and its impact. The second is about finding out what personal data you hold, where it’s collected from and where it’s being sent.

As you can imagine, a lot of these questions are going to land on IT’s desk. IT will need to identify transfers between systems and between internal departments, plus transfers to external parties. This might include third party data processors, within the EU and across the globe. IT will need to work with other stakeholders across the business who understand the data and the reasons for the transfer.

Wizuda GDPR impact assessments

Under the GDPR it is now mandatary to conduct Data Protection Impact Assessments (DPIA) wherever there is a possible high risk (Article 35). If the risk level is unknown, doing an impact assessment is probably a good way to find out. Impact assessments will vary across organisations and departments but you’d expect to see certain questions where data transfer is concerned. These would relate to the sensitivity of the data, whether it’s being sent within or outside the European Economic Area (EEA), who will have access to it, and the risk category, among other factors.

Wizuda allows users to build their impact assessments within the software. Users complete a question set, which forms the impact assessment. The system then guides users through the transfer process based on the requirements they have set out. For example, if the user has specified that the data needs to be encrypted in transit, it will guide them towards using SFTP or HTTPS. The system also guides users through any approval process.

This feature helps users to check their transfers are aligned to the requirements specified in the impact assessment. The impact assessments themselves are readily available for reporting and auditing purposes.

Wizuda GDPR reporting

For the GDPR, reporting visibility is key to compliance. Article 5 (and many others) stress the need for “accountability” and “transparency” over all processing activities, not just cross-border transfers. IT need to be able to provide accurate details of the transfers in place at any given time. This is not just come 25 May 2018, but on an on-going basis. They may need to show all of the cross-border transfers outside of the EEA, with impact assessments showing the business reason and sign-off process. An automated process reduces this workload and provides process assurances.

A number of Wizuda features assist the user in accurate reporting of data transfers:

 

Wizuda’s Geographic Visual Maps show real live transfers that are in place across your organisation from one central hub. This view can be filtered by region, such as EEA, Non-EEA, BCR, Model Contracts and so forth.

 

 

 

 

Alternatively, Diagrams can be used to visualise the data flows across your network.


 

 

 

 

Both the Geographic Maps and Network Diagrams have full drilldown capability to view details of the files transferred, the full audit trail, authorisation workflows, and the corresponding impact assessments where applicable. This simplifies the path to demonstrating compliance.

There’s more information available on the Wizuda vendor page.

This is the first in a series of guest blog posts from the leading vendors, highlighting how a file transfer solution can add value to your organisation.

Related links

Are you reviewing your data transfer and file sharing processes and systems for GDPR compliance? Pro2col’s GDPR White Paper is an essential read for you.

Pro2col’s GDPR Advisory Service offers pre- and post-implementation planning options, depending on which stage your organisation is at.

Resources Available For You

Do you need a File Transfer solution?

Questions regarding need for File Transfer 

get-the-guide

Find out your File Transfer requirements!

“Needs Analysis Service for File Transfer”

get-the-guide

Compare the software on the market!

“Managed File Transfer Comparison guide”

get-the-guide