0333 123 1240 info@pro2colgroup.com

MFT utility case study: Water Plus

MFT utility case study: Water Plus

Managed File Transfer (MFT) reduces overheads for utility start-up Water Plus

Managed File Transfer (MFT) reduces overheads for utility start-up Water Plus

This case study describes how Pro2col delivered a smooth launch and cut costs for a utility start-up. It is an MFT utility use case.

Water Plus needed to install a new MFT solution within a very tight deadline, otherwise they wouldn’t get their licence.

The company is a standalone venture, set up by Severn Trent and United Utilities. Deregulation in 2017 meant 400k non-household customers were transferred to the new company overnight. They had no infrastructure, a tight budget and very little time.

The solution was a system that could be set up quickly, provide the exact security and automation requirements they needed, and offer ongoing UK-based support.

Pro2col: On-tap specialists

Water Plus knew they wanted a Managed File Transfer solution, but they needed support selecting the right product and modules, then installing it. They approached Pro2col – the highly trusted UK partner of many MFT providers – who analysed their requirements and suggested an enterprise-level solution with an MFT Gateway for additional security, plus auditing and reporting features. “Using Pro2col kept start-up costs down as installation was fifty to seventy-five per cent faster with Pro2col’s engineers onsite,” said Chris Leach, Application Manager, Water Plus.

Process automation

​Managed File Transfer reduces the need for time-consuming and repetitive manual processing. Companies run more efficiently and keep costs down. It helps Water Plus manage files and data with multiple workflows in place. “We would need an additional team of five to transfer files manually at peak times,” said Chris. “Instead, files can arrive a few minutes before processing without any issues. A member of staff couldn’t do that, especially at scale. MFT doesn’t need lots of people, saving huge staffing costs. It all works in the background. There is less chance of human error and less chance of files or data being sent that shouldn’t.” For example, meter readings are automatically translated into the right format and stored in a certain place on the server. This can then drive multiple processes, such as email acknowledgements, generating bills and printing, right through to processing payment.

“Bringing Pro2col onsite made installation between 50-75% faster.”

 

Chris Leach
Application Manager

 

 

Security concerns

​“Security was a major factor”, says Chris. “If you have files coming in and going out all over the place, there’s a lack of control. That means no security and no audit. The solution Pro2col recommended offered one single system that only needed one external IP in the DMZ for all the files so there’s less chance of getting hacked.” The additional MFT Gateway provides a single point for files to enter or leave the network that is completely secure and under your control. Nothing comes through the Gateway without permission. There are added customer benefits, noted Chris. “I can do all my white listing from one box and customers only need to white list one IP address.”

Auditing and reporting

GDPR makes a data trail essential. You have to know who saw a file and when. Reporting can be set up to automatically deliver this visibility. “I know which files are in the system and who touched them at what time,” Chris explained. “If we have a query, I can go and pull it up. If that was done manually or via email, even using secure portals, there’s no audit and no tracking. That’s a big benefit.” Reporting is also really important to work alongside automated processes to prevent some predictable system problems. Potential issues are flagged, such as a file that is too large. Chris sets the trigger points and actions which can – for example – split the file up into smaller sizes to prevent overnight batch processing errors.

Room to grow

The MFT solution was scalable, which meant Water Plus could build it out as requirements grew. “As we began to understand the business needs better,” says Chris, “we realised we needed a process for ad hoc file transfers. The solution had a module we could easily add-on, which did that. It was quick and easy to set up.” Water Plus added this secure person-to-person transfers module to their solution two years later.

Ongoing support

Ongoing UK-based support is a major benefit for businesses using software from US MFT vendors. “The communication Pro2col provides is clear and concise. When they’ve spotted issues, solutions have come straight away. They’re always on it.” He added, “Pro2col were there in the early days to help us get the software up and running. We got ideas quickly and they found the root cause of any issues. Overall, Chris reports many benefits from their MFT solution, including “reduced overheads and reduced single-team support and development.”
Pro2col are independent experts in secure data transfer working with businesses to identify, implement and manage the right solution for their requirements. We help transform infrastructure, streamline processes, and increase productivity, collaboration and data security. Since 2004 Pro2col have helped over 800 business, spanning 30+ countries and a range of industry sectors.

“The communication Pro2col provides is clear and concise. When they’ve spotted issues, solutions have come straight away.”

Chris Leach
Application Manager

Managed File Transfer Buyers Guide

MFT transforms mortgage application process

MFT transforms mortgage application process

 

This use case explains how a mortgage provider used Managed File Transfer (MFT) to simplify the review and acceptance of an application. MFT completely transformed this complex process, using automation, streamlined security and more user-friendly steps for the applicant and solicitors.

 

 

A lengthy and complex mortgage application process

Previously, after a fact-find with a mortgage adviser, the completed documents would be zipped up, password protected and emailed to the applicant. The applicant would need to call in to be told the password, then would print, sign and return the form, along with proof of ID, details of income and other documents.

The mortgage adviser would receive it and then send it on to the underwriter to be approved or declined.

Once the underwriter had approved the offer, they generated an offer document, which was stored on an internal system.

Another member of staff would need to download the offer from that system, create a zip file, password protect it and then email it to the applicant and their solicitor. Both would need to call the company to get the password to access the offer document.

 

Streamlining the process with MFT

Using MFT’s secure email functionality, secure online forms, automated workflows and secure folders, the IT team were able to completely transform this complex process.

  • After the initial fact find, the mortgage advisor now emails the documentation directly to the applicant easily and securely, using MFT’s secure email functionality.
  • The applicant e-signs the form.
  • The email contains a unique link to a secure online form on the company website, where they upload and submit their signed form and other documents (proof of ID, income etc).
  • These documents then enter an automated workflow to be scanned for viruses and then moved to the correct folder on the network.
  • The underwriter receives an email notification, so they can review the files and accept or decline the application.
  • Once manually approved, the workflow continues, generating an offer document and transferring it to a secure folder, which can be accessed by the applicant and their solicitor.

This process saves time, reduces the complex steps and is far more customer-friendly. The mortgage advisor spends less time on manual processing and has more time to add value to applicants. The underwriter can review more applications more quickly, enabling the business to become much more efficient.

If you would like to find out whether MFT is the right solution for your business, see our online guide to MFT. This includes links to a range of free downloadable resources.

Managed File Transfer Buyers Guide

Supply chain disaster: Do you need an MFT dev environment?

The reasons why you need an MFT dev environment

MFT dev environment - lorries in supply chain disaster

 

In all the years we’ve been working in file transfer, there have been a few occasions when we’ve witnessed the financial impact and reputation damage a system failure can have. This article looks at:

 

  • Why you should think twice before testing in a live environment;
  • When you need to consider a development (dev) environment for your Managed File Transfer (MFT) solution;
  • Details of the six stages for testing and development.

“A few years ago, one organisation was developing workflows in a live environment, and broke other automated processes. The system was down for just a few hours, but the impact was huge. This business supplied products to retailers across the country, but were unable to access the order information. The lorries couldn’t leave the factory and delivery drivers had to be paid overtime. Worse still, the retailers were left out of stock, consumers bought other brands and some ended up staying with that brand. The impact on the business’ finances and reputation were catastrophic.”

 

Richard Auger, Pro2col technical consultant

This particular example could have been prevented if the IT team were developing in a test environment, instead of a live environment. But so many organisations only have a live MFT production licence. That might be to save money, or because decision makers just don’t think a file transfer server needs a test licence. But we know an MFT system is doing so much more than transferring files, so if you have any workflows involved, you need to reconsider.

Is a dev environment business critical?

This will depend on the value of the data your system is handling. Is it critical to business processes? Do you risk breaching service level agreements (SLAs)? Or will you simply not be able to operate, like the example above? While you may be able to send files by some other method for a few hours, it isn’t viable for a sustained period.

You also need a change control policy to meet ISO27001 requirements. While it is down to you to determine the right policy for your unique set of circumstances, example ISO best practice advocates testing in an isolated, controlled and representative environment. Similarly ITIL requires an organisation to follow both ‘change management’ and ‘release and deployment management’ processes from non-production to production systems. It’s an old IT joke that in weaker, less secure environments TIP doesn’t mean ‘Transfer into Production’ – it ends up being ‘Test in Production’ instead.

So to avoid disrupting your system when deploying new releases, building workflows or making other changes, you should follow these six stages for testing, developing and transfer into production:

  1. Sandbox, or experimental environment: This is a local environment no one else can access, where the developer has a working copy of the code. Here they can try it out and change it without putting it live. This environment will typically be an individual developer’s workstation. Once they are happy with it the developer would submit the code to the repository for the next stage of development. Most MFT solutions by default don’t have a sandbox but you can sometimes set it up by installing the software onto a private virtual machine.
  2. Development or integration environment: This is a clean environment where you test how your code is interacting with all the other bits of code associated with the system. The code itself doesn’t get changed in this environment – updates are made to the working copy back in the sandbox and resubmitted. When ready, the developer accepts the code and it is moved to the test environment.
  3. Testing: This is the environment to test the new or changed code, either manually or using automated techniques. You may have different test environments to focus on different types of testing. The developer looks at how it interacts with and impacts other systems and tests performance and availability. If you are upgrading, for example, this will show how your system will behave once the upgrade is in place. From here, the code can be promoted to the next deployment environment.
  4. User acceptance testing (UAT) or quality assurance (QA): In this stage users will trial the software, making sure it can deliver against requirements. Stress testing is also carried out in this stage.
  5. Pre-production, or staging environment: This final stage tests in conjunction with all the other applications in the infrastructure. The aim here is to test all installation, configuration and migration scripts and procedures. For example, load testing happens here. It’s really important that this environment is completely identical to the production (live) environment. All systems should, for example, be the same version.
  6. Production or live environment: Transfer into production – or TIP – is the final stage, bringing the updates live. This is the environment that users actually interact with. This can be done by deploying new code and overwriting the old code, or by deploying a configuration change. Some organisations choose to deploy in phases, in case of any last minute problems.

If you follow these steps you can be confident that any upgrades to the production environment will be completed reliably and efficiently. But if your budget or internal policy won’t allow you to invest in all of these, we would recommend at least a test environment, which should be an exact copy of the production environment.

All our vendors offer test licences at reduced rates. If it’s time to get this set up for your MFT solution, get in touch now. You can contact us via the website or by emailing your account manager.

Interested in a file transfer solution?

What do the new SSL and early TLS requirements mean for my file transfer solution?

What do the new SSL and early TLS requirements mean for my file transfer solution?

PCI DSS is the security standard for processing and storing credit card information. From 30th June 2018, organisations can no longer use SSL and early TLS to meet the PCI DSS standard. This blog post will remind you of the requirements and what this means for your file transfer solution.

Earlier this year we reminded you that Secure Sockets Layer (SSL) and early Transport Layer Security (TLS) are no longer considered secure protocols. It’s because of the growing number of attacks and vulnerabilities, with online and e-commerce the area most at risk.

From 30th June 2018 organisations will need a more secure encryption protocol in order to safeguard payment data and meet the PCI DSS standard. With just over a week to go, we wanted to share these key points, so you can check you have everything in place and understand what it means for your file transfer solution.

What do I need to put in place?

Essentially, you need to have a secure alternative – both at the network layer and at the data protection layer – and disable any fallback to SSL or early TLS. Your two options are as follows:

1. Migrate to TLS 1.2

The PCI council make a clear recommendation that you transition to TLS 1.2:

“TLS 1.2 is considered secure and is the recommended option from the council.”

SSL and Early TLS Migration webinar, Feb 2018.

TLS 1.1 is a more complicated option because it is possible to meet the requirements for strong cryptography, but it depends on the configuration, algorithms, strength of keys and other aspects of the implementation.

2. Compensatory controls

SSL and early TLS are not considered strong cryptography so they cannot be used as a security control for PCI DSS. You could add alternative security controls that remove the reliance on SSL and early TLS. Encryption would need to be in place to secure the transmission before it is sent using SSL or early TLS. Eg: at the application layer.

Exception for POI devices

This exception is in place because Point-of-Interaction (POI) terminals are not as susceptible to the vulnerabilities as browser based systems. If the device is built and configured in a way that’s not susceptible to the known vulnerabilities, it is possible to keep using it. You need to contact the vendor or support provider for that terminal, who can evidence this.

The device will still need up to date patches, must not use weak cipher suites or unapproved algorithms (eg: RC4 or MD5) and you must continually check that it hasn’t become susceptible to any new vulnerabilities. You should also have a migration plan in place that you can execute at short notice, should the device become susceptible. Any new devices should be configured to TLS 1.2.

You can find out more information on all the topics covered in this blog by watching the video from the PCI Security Standards Council.

What does this mean for my file transfer solution?

If you are running a file transfer solution and have kept it up to date, there is a good chance you won’t need any major changes. All the current versions from the main MFT vendors support TLS V1.2 and many default to only have TLS enabled.

Some products have PCI compliance scans built in, which will warn you if you are running SSL v3.0. It may not differentiate between TLS V1.0 and V1.2 though, so you will need to do a manual check. If you have a support contract with Pro2col, raise a support ticket and one of our technical consultants will find out if your solution is configured for TLS V1.2 or not.

If you are running an older version of your file transfer solution, you may need to upgrade. Again, Pro2col can advise on the process and our professional services team have experience getting out of date software up to the latest version.

If you are running an older SSL certificate built using 512-bit or 1024-bit key sizes, it is worth renewing it. The recommendation is now to use 2048-bit or greater.

To compare Managed File Transfer (MFT) solutions with PCI DSS compliant features, complete the Managed File Transfer Comparison Report. This will recommend and compare solutions meeting your specific requirements.

Interested in a file transfer solution?

Secure File Sharing at the Local Government Strategy Forum

Secure File Sharing being discussed at the Local Government Strategy Forum

Heythrop Park, April 12th – 13th

This month I attended my second Local Government Strategy Forum, at the beautiful Heythrop Park Resort in Oxfordshire. Invited by our partner Maytech, I was the ‘independent industry expert’ and had the pleasure of spending two days in this lovely environment, talking with senior management and C-suite executives from councils all around the UK.

heythrop-park

Before attending these events I had, what I believe to be a commonly held opinion, that council workers were underworked and overpaid. I’d read all the stories in the local press about the six-figure salaries and the cancellation of services to ensure their lavish lifestyle. However I’d never stopped to think what they actually did. Listening intently at these events has given me a small insight into the workings of councils, and whilst I’m sure there is still more efficiencies to be realised, I couldn’t have more admiration for the wide range of services they provide and the challenges they have prioritising them to balance the books.

The financial challenges being faced by councils has lead to them adopting a more business-like approach. They are looking at every aspect of their business to drive out wastage and streamline operations, and that’s where my expertise came in.

John Lynch, CEO, Maytech – presenting Quatrix on day one

Over the duration of two days I spoke with in excess of 50 delegates about their data sharing, collaboration, secure file transfer and business process automation challenges. Our experience in this area, working with council’s such as Cambridgeshire County Council, North East Lincolnshire Council and most recently Mid-Sussex Council, ensured we already had a view on some of the challenges being faced for data sharing in the public sector.

As ever there’s not one technology, which addresses the wide range of data sharing requirements of councils, our council customers are using solutions from five of our suppliers. The service we provide is to help them to fully understand their requirements and then choose the right solutions for their needs and budget.

If your council or company needs to address its file sharing, collaboration and secure file transfer requirements why not download one of our free resources below:

What is Managed File Transfer?

Managed File Transfer Starter Pack

Comparison Guide

Building a Business Case for MFT

Case study: Well pharmacy

Case study: Well pharmacy implements MFT

Leading UK pharmacy simplifies data management with Managed File Transfer

Leading UK pharmacy simplifies data management with Managed File Transfer

​Well is the largest independent pharmacy in the UK. In 2014, it was acquired from the Co-Operative Group by global business leader Bestway Group. With nearly 800 retail pharmacy locations and 7,000 employees, Well issues more than 73 million prescriptions a year. Their organisation proudly provides high quality services and products, providing personalised health and wellbeing services for their customers.

The challenge

After Bestway Group acquired Well, they wanted to eliminate their reliance on a significant number of file integration protocols, which were owned by their former parent company. Rather than duplicate the existing complicated systems, Well’s IT Project Manager used the transition as an opportunity to look for a more cost-effective and advanced file transfer solution. This would need to simplify and manage their automated and manual data transfers, whilst providing greater control and a more secure, reliable flow of data. This was particularly important for financial information such as invoices, orders and Bankers’ Automated Clearing Services (BACs) files, among many others. Managed File Transfer would reduce their reliance on multiple solutions and offer the following functions:

  • ​Data management efficiency through one secure, centralised platform for enhanced visibility and control
  • File transfer integration within their environment for business critical applications AND between third-party applications with partners, vendors, or suppliers exchanging data
  • Automation of financial accounting data to save time, improve security and increase accuracy
  • Full audit and reporting for improved diagnostics
  • Rapid deployment of new transfers on receipt of business requirements

“Well streamlined their manual and automated processes, which eliminated the need for any human intervention or coding in various file transfer workflows.”

IT Project Manager
Well Pharmacy

The solution

​Well’s IT Project Manager contacted Pro2col to deliver ongoing support, integration and consultancy. Pro2col worked with Well for two months to identify the right solution and configuration, while still meeting their budget requirements.

With a full understanding of Well’s current and future environment, Pro2col recommended and implemented a solution, which included advanced workflow automation and auditing and reporting capabilities. Pro2col’s technical consultant also designed the platform for future use, offering a recommendations for additional modules that would create a manageable yet robust environment.

Results

Operational efficiency is very important to Well. Customers and business partners rely on consistency, accuracy and timeliness, so they cannot afford to have any of their key data transfer processes falter.

As a result of their collaboration with Pro2col and deployment of Managed File Transfer, Well’s IT department is able to take advantage of a more efficient and improved file transfer system. The automated workflows save the IT department vast amounts of time and effort.

SOLUTION

  • MFT solution
  • Additional automated workflow module
  • Auditing and reporting capabilities

————————-

BENEFITS

  • Data management efficiency
  • Integrates with third-party file transfer protocols
  • Centralised platform
  • Automated business processes
  • Real-time auditing and reporting
  • High volume data transfers
  • Well’s improved business processes, including their centrally controlled standard file archive and retention policy, was organised within clear and logical file and folder structures. This better and more organised process allowed IT support to quickly find tasks and activities involved in the data flows. Well expects to see their 300 to 3000 daily file transfers continue to grow in volume following their transition to Managed File Transfer.
  • Having streamlined manual and automated processes, they have eliminated the need for any human intervention or coding. As a result Well’s financial data transfers are more secure with greatly reduced risk for payment fraud.
  • They have also automated their auditing and reporting workflows, delivering improved diagnostics. This has freed up time in the IT department to fix existing problems, prevent future problems, and minimise vulnerabilities like failed data transfers, gaps in security, or data breach attempts.
  • Well needed an order and response mechanism for the newly acquired set of pharmacy branches. Pro2col designed an automated process for Well to poll every 30 seconds, pick up the file, transform it from xml to plain text, and return a notification of receipt within two minutes to emulate the process within branches prior to the acquisition.This custom policy automatically transformed certain files from an XML file to a plain text file and provided the sender with a receipt notification. The automatic notification system was a key workflow that Well relied on before and after the acquisition.
In the end, Well was provided with a new system capable of supporting the data flowing from its 800 UK-based retail chains, third-party vendors, and healthcare providers. Despite the overhaul of its old systems and a lot of consolidation, Well’s IT department and Pro2col were able to deploy their new advanced file transfer solution without interruptions to its business or customers.

About Well

Well is the largest independent pharmacy in the UK. In 2014, it was acquired from the Co-Operative Group by global business leader Bestway Group. With nearly 800 retail pharmacy locations and 7,000 employees, Well issues more than 73 million prescriptions a year.
Pro2col can advise you through the different stages of your file transfer and integration project to make sure it’s a success. Whether that’s scoping your requirements, product demos and proof of concept / evaluation, negotiating the best deal with vendors or installations and training, call 0333 123 1240 or complete the online contact form.

“Despite the overhaul of its old systems and consolidation necessary, Well’s IT department were able to collaborate with Pro2col to deploy their new advanced file transfer solution without interruptions to its business or customers”

IT Project Manager
Well Pharmacy

Managed File Transfer Buyers Guide