0333 123 1240 info@pro2colgroup.com

Supply chain disaster: Do you need an MFT dev environment?

The reasons why you need an MFT dev environment

MFT dev environment - lorries in supply chain disaster

 

In all the years we’ve been working in file transfer, there have been a few occasions when we’ve witnessed the financial impact and reputation damage a system failure can have. This article looks at:

 

  • Why you should think twice before testing in a live environment;
  • When you need to consider a development (dev) environment for your Managed File Transfer (MFT) solution;
  • Details of the six stages for testing and development.

“A few years ago, one organisation was developing workflows in a live environment, and broke other automated processes. The system was down for just a few hours, but the impact was huge. This business supplied products to retailers across the country, but were unable to access the order information. The lorries couldn’t leave the factory and delivery drivers had to be paid overtime. Worse still, the retailers were left out of stock, consumers bought other brands and some ended up staying with that brand. The impact on the business’ finances and reputation were catastrophic.”

 

Richard Auger, Pro2col technical consultant

This particular example could have been prevented if the IT team were developing in a test environment, instead of a live environment. But so many organisations only have a live MFT production licence. That might be to save money, or because decision makers just don’t think a file transfer server needs a test licence. But we know an MFT system is doing so much more than transferring files, so if you have any workflows involved, you need to reconsider.

Is a dev environment business critical?

This will depend on the value of the data your system is handling. Is it critical to business processes? Do you risk breaching service level agreements (SLAs)? Or will you simply not be able to operate, like the example above? While you may be able to send files by some other method for a few hours, it isn’t viable for a sustained period.

You also need a change control policy to meet ISO27001 requirements. While it is down to you to determine the right policy for your unique set of circumstances, example ISO best practice advocates testing in an isolated, controlled and representative environment. Similarly ITIL requires an organisation to follow both ‘change management’ and ‘release and deployment management’ processes from non-production to production systems. It’s an old IT joke that in weaker, less secure environments TIP doesn’t mean ‘Transfer into Production’ – it ends up being ‘Test in Production’ instead.

So to avoid disrupting your system when deploying new releases, building workflows or making other changes, you should follow these six stages for testing, developing and transfer into production:

  1. Sandbox, or experimental environment: This is a local environment no one else can access, where the developer has a working copy of the code. Here they can try it out and change it without putting it live. This environment will typically be an individual developer’s workstation. Once they are happy with it the developer would submit the code to the repository for the next stage of development. Most MFT solutions by default don’t have a sandbox but you can sometimes set it up by installing the software onto a private virtual machine.
  2. Development or integration environment: This is a clean environment where you test how your code is interacting with all the other bits of code associated with the system. The code itself doesn’t get changed in this environment – updates are made to the working copy back in the sandbox and resubmitted. When ready, the developer accepts the code and it is moved to the test environment.
  3. Testing: This is the environment to test the new or changed code, either manually or using automated techniques. You may have different test environments to focus on different types of testing. The developer looks at how it interacts with and impacts other systems and tests performance and availability. If you are upgrading, for example, this will show how your system will behave once the upgrade is in place. From here, the code can be promoted to the next deployment environment.
  4. User acceptance testing (UAT) or quality assurance (QA): In this stage users will trial the software, making sure it can deliver against requirements. Stress testing is also carried out in this stage.
  5. Pre-production, or staging environment: This final stage tests in conjunction with all the other applications in the infrastructure. The aim here is to test all installation, configuration and migration scripts and procedures. For example, load testing happens here. It’s really important that this environment is completely identical to the production (live) environment. All systems should, for example, be the same version.
  6. Production or live environment: Transfer into production – or TIP – is the final stage, bringing the updates live. This is the environment that users actually interact with. This can be done by deploying new code and overwriting the old code, or by deploying a configuration change. Some organisations choose to deploy in phases, in case of any last minute problems.

If you follow these steps you can be confident that any upgrades to the production environment will be completed reliably and efficiently. But if your budget or internal policy won’t allow you to invest in all of these, we would recommend at least a test environment, which should be an exact copy of the production environment.

All our vendors offer test licences at reduced rates. If it’s time to get this set up for your MFT solution, get in touch now. You can contact us via the website or by emailing your account manager.

Interested in a file transfer solution?

Managed File Transfer is for SMB’s too

Managed File Transfer is for SMB’s too

Recent research suggests that the SMB sector is coming under an increasing number of cyber attacks from hackers and cyber criminals.  Figures published by Symantec revealed that the number of attacks on companies with fewer than 250 staff had doubled in the six months to June 2012.  Similarly AVG reported that it was predicting an increase on the £3.37 million of damage inflicted on UK SMB’s last year.  Verizon confirmed that the majority of 855 data breaches analysed in their Data Breach Investigation Report had been inflicted upon SMB’s.

The question is; why are SMB’s being targeted?  It would appear that the modest budgets available to small companies make them easier targets, smbgiven the lower level of expenditure on information security technologies.  Especially since SMB’s frequently work as suppliers for larger organisations, making them a more attractive proposition to hackers than the more conventional direct attack on the corporate target.

What does this have to do with managed file transfer I hear you ask?  MFT has generally been considered a technology more appropriate to corporate organisation’s – with its big price tag and grand title.  Times are changing for the MFT marketplace and there are now some very comprehensive solutions available at really competitive prices.  For those SMB’s considering how they should secure data transfers with their larger corporate customers, technologies exist at around the £4,000 mark which provide an equal amount of functionality as many corporate companies have.

To discuss your file transfer requirements, whether you’re an SMB or multi-national organisation, get in touch with Pro2col or give us a call on 0333 123 1240.

Moving on from FTP: Where to begin

Moving on from FTP

Five steps on where to begin

“My company still relies heavily on FTP. I know we should be using something more secure, but I don’t know where to begin.”

Sound familiar? The easy answer is that you should migrate away from antiquated FTP software because it could be putting your company’s data at risk – unsecured data is obviously an enormous liability. Not only does FTP pose a real security threat, but it also lacks many of the management and enforcement capabilities that modern Managed File Transfer solutions offer.

No, it won’t be as daunting of a task as you think. Here’s a few steps to help you get started:

  • Identify the various tools that are being used to transfer information in, out, and around your organisation.
    This would include not only all the one-off FTP instances, but also email attachments, file sharing websites, smartphones, EDI, etc. Chances are, you’ll be surprised to learn some of the methods employees are using to share and move files and data.
  • Map out existing processes for file and data interactions.
    Include person-to-person, person-to-server, business-to-business and system-to-system scenarios. Make sure you really understand the business processes that consume and rely on data.
  • Take inventory of the places where files live.
    Servers, employee computers, network directories, SharePoint, ordering systems, CRM software, etc. After all, it’s harder to protect information that you don’t even know exists.
  • Think about how much your company depends on the secure and reliable transfer of files and data.
    What would the effects be of a data breach? How much does revenue or profitability depend on the underlying business process and the data that feeds them?
  • Determine who has access to sensitive company information.
    Then think about who really needs access (and who doesn’t) to the various types of information. If you’re not already controlling access to company information, it should be part of your near-term plan. Not everybody in your company should have access to everything.

Modern Managed File Transfer solutions deliver not only the security you know your business requires. It also allows you to better govern and control you data and provides visibility and auditing capabilities into all of your organisations data interactions, including files, events, people, policies and processes.

So what are you waiting for? give Pro2col a call on 0333 123 1240 and let us help you replace your legacy FTP solutions.

Managed File Transfer Buyers Guide