Pro2col team raise over £6000 in 100km challenge

Pro2col team raise over £6000 in 100km challenge

eu-data-protection

“We’re over the moon.” The words of Pro2col MD James Lewis on Sunday afternoon at the finish line of the Jurassic Coast 100km Ultra Challenge.

The celebration comes after three months of committed training and fundraising, during which Pro2col raised over £6000 to be shared between five great causes: The British Heart Foundation, a local MacmiIlan Cancer Unit, Crohns and Colitis UK, the Lewy Body Society and BIBS at the Royal Berkshire Hospital.

“Saturday was just brutal,” James continued. “The high winds and huge hills were not a great combination. We climbed 2.66km, which is equivalent to climbing Britain’s tallest mountain Ben Nevis twice in a weekend.”

eu-data-protection

Pictured: The challenging terrain of Flower’s Barrow near East Lulworth.

Starting in Poole on Saturday morning, they passed the picturesque Corfe Castle, traversed the steep terrain around Lulworth Cove and Durdle Door, arriving in Weymouth on Saturday evening. On Sunday they moved further along the Jurassic coast to Chessil Beach and the famous sandstone cliffs of West Bay, arriving in Bridport on Sunday afternoon.

Four of the team completed the 100km course, and Ben Smith received the 50km medal, having been withdrawn by the medical team at 66 km with ligament damage and suspected stress fracture from an ankle injury sustained at 21 km.

“We only set out to complete it,” added James, “but we’re delighted to have three of the team inside the top 10% of quickest finishers. Plus we have raised more than £6k along the way. These are causes very close to our hearts and I’m really proud of the team and their dedication.”

The team are still taking donations and it’s not too late to contribute at justgiving.com/crowdfunding/jurassic-pro2col

eu-data-protection

Pictured L-R: Ailsa Gibbs, James Reynolds, Helen Gilbert, Ben Smith and James Lewis.

Pro2col are independent experts in secure data transfer, working with businesses to identify, implement and manage the right solution for their requirements. Since 2004 we have helped over 800 businesses, spanning 30+ countries and a range of industry sectors. Pro2col help transform an organisation’s infrastructure, streamlining processes, increasing productivity, collaboration, and data security.

Need further expertise? Download our FREE resources

Secure file sharing: Don’t risk a breach from sharing personal data

Secure file sharing: Don’t risk a breach from sharing personal data

eu-data-protection

When businesses think about cyber security, their thoughts usually jump to phishing scams, malware or other deliberate theft or sabotage. Yet every day businesses are breaching their own security policies and risking compliance. The cause is employees sharing personal data via email or consumer-grade file sharing apps. These aren’t the right tools for the job, so it’s essential to equip staff with secure file sharing technology and knowledge to protect your organisation’s data.

 

Email

Email is one of the biggest problems. Businesses rely on it so much to communicate back and forth, that employees often send things without thinking. Attaching a customer file or patient record is an easy mistake to make. But, in a typical email setup, the servers don’t encrypt the email attachment, so it is not secure. That may constitute a breach of the General Data Protection Regulation (GDPR), the risk of a fine and damage to your reputation.

Email doesn’t provide any guarantee of delivery either, or visibility of the transfer, which is another must for compliance.

 

File sharing apps

If a member of staff needs to send a large file and it’s too big to attach to an email, they often jump onto a file sharing application like WeTransfer or Dropbox. But consumer-grade applications lack in-built security. Again, there’s no audit trail of the transfer and you end up with multiple versions of files sitting in various locations, which no one else can access to wipe if that member of staff leaves. Not all of these solutions will confirm where a file is held either so you may have data stored outside of the EU.

 

Secure file sharing

Anything including sensitive, personal or valuable data – like company IP – needs to be handled very carefully. Our advice is to add a secure file sharing solution to your IT infrastructure, to encrypt and securely transfer files. These are sometimes called secure email, ad hoc, or Electronic File Sync and Share (EFSS) solutions.

Most will provide a plug-in to your email client, which makes it easy to use and accessible. Some can be configured to automatically secure emails under certain conditions based on your IT security policy, so employees don’t even need to know it’s there. There are no file size limits either, and IT maintain a full audit trail. These solutions often support file collaboration between your employees and external partners too, which is an added bonus.

Full features of a secure file sharing solution include:

  • Access control / permissions
  • Secure data wiping
  • Secure protocols (HTTPS and sometimes SFTP & FTPS)
  • User authentication
  • Auditing and reporting
  • Encryption of files (PGP or AES)
  • Administrator overview
  • Data residency within the EU

Recommendations

If you think you need a secure file sharing solution, our free bespoke software comparison service will save you weeks of research time and identify the right solution for you. It is informed by over 15 years’ experience delivering secure file transfer solutions, a deep understanding of user needs and continuous review of the multiple vendors on the market.

You complete a series of questions about your current and future business requirements, and receive a bespoke report from our technical consultants recommending the best solution for your needs and budget. You can either complete the ad-hoc or Managed File Transfer (MFT) service, depending on what you need the solution to deliver.

 

Use this service if you are looking to address person-to-person file sharing only, as outlined in this blog.

 

Use this service if you also need to automate transfers and integrate between applications.

Need further expertise? Download our FREE resources

Three big things wrong with the Software Reviews Info-Tech MFT Data Quadrant

Three big things wrong with the Software Reviews Info-Tech MFT Data Quadrant

There’s been a lot of talk in the Managed File Transfer (MFT) space about the recent Software Reviews Info-Tech MFT Data Quadrant. The report claims to ‘provide a comprehensive evaluation of popular products in the Managed File Transfer market’.

As independent MFT experts with over 15 years’ experience reviewing products, we wanted to provide our take on this report. Our advice is very clear. This is not an accurate representation of the market, and here’s why.

 

Pictured: Info-Tech MFT Data Quadrant, from HelpSystems website.
 

1. Definition of MFT

Info-Tech’s understanding of what constitutes MFT is fundamentally flawed. Of the ten products on the Data Quadrant, four aren’t actually MFT, so it’s not comparing like-for-like.

MFT solutions allow data to be transferred in a controlled, secure fashion, both inside and outside an organisation, between systems and / or users. This includes:

  • System-to-system transfers, such as automated batch transfers or workflows with a series of actions;
  • Transfers between people and systems, such as data capture forms with ongoing automated workflows;
  • Person-to-person or ‘ad hoc’ transfers.

The following four products are not MFT:

Accellion: This is a secure file sharing and collaboration solution only.

Adobe Send & Track: For ad hoc large files.

Citrix ShareFile: Electronic sync and share, for document collaboration.

LeapFile: For ad hoc person-to-person only.

2. Products missing from the Info-Tech MFT Data Quadrant

Only vendors who have paid for the report are able to market what it says about them. This is not independent and it is not a review of the complete market place.

While we firmly agree with the placement of HelpSystems GoAnywhere MFT and Ipswitch MOVEit, who were acquired by Progress earlier this year, there are several other market leaders not included on the Data Quadrant:

Globalscape EFT Server would score highly on both the ‘Feature’ and ‘Vendor’ matrix.

Coviant Diplomat MFT is benefiting from a lot of development at the moment, making it a likely player in the ‘Product Innovator’ quadrant.

We would also recommend Cornerstone MFT from South River Technologies (SRT) as a very good budget solution.

Other credible vendors missing from the quadrant include Axway, Seeburger, Jscape, Cleo and more…

3. Niche or incompatible products

There are several products on the Data Quadrant that just aren’t viable products for the majority of businesses. That’s either because they lack the development, are not enterprise-ready, or are niche to specific industries:

Oracle MFT: Our most recent market research identified there were only around one hundred Oracle MFT customers worldwide. Most of these sales came about to prevent customers discontinuing with their middleware product. There has been little development recently and their roadmap is limited.

SolarWinds Serv-U: This is a budget solution and not something we would recommend for enterprises. Since its acquisition by SolarWinds, the technology hasn’t kept pace with technical innovation and is now a long way behind other vendors. By using a Java web browser plugin, the adoption and usability of their product – especially in risk adverse enterprise environments – will be compromised. This feature is well behind the curve.

FileCatalyst: This is primarily for use within the media industries, with an emphasis on fast file transfer. It doesn’t have the necessary breadth of file transfer protocols or automation options to make it a mainstream MFT player.

IBM Managed File Transfer: This is ensconced in the banking/finance industry, built around their own delivery protocol (NDM). It’s an expensive solution, without the breadth of delivery protocols to make it a mainstream MFT player.

NEXT STEPS

If you are looking for an MFT solution, we strongly advise against using the Info-Tech MFT Data Quadrant for guidance.

Most MFT solutions have the same features but differ in the level of detail and complexity, and how they are delivered. The only way you will be able to identify the right one for your business is to fully scope your requirements. Make sure you look at the vendor closely too and see what their previous development release schedule is like from published release notes. These are the factors that will determine whether your implementation is a success and will ensure you back a vendor that should meet your future needs too.

If you need help, use our free comparison tool, which asks the right questions. You enter your requirements, giving as much detail as you can, and our experts will recommend the right solution for your current and future needs and budget. It’s completely free and there’s no obligation to buy through us.

Interested in a file transfer solution?

Digital transformation? Start by consolidating your data transfers

Digital transformation? Start by consolidating your data transfers

Starting your digital transformation is a daunting prospect. It is no secret that success is hard to achieve; researchers at the likes of MIT have proved it! Yet there is a simple starting point, which will get your project off on the right track. We recommend reviewing your data transfer processes and systems first. They tend to underpin most – if not all – of your operational processes, so you will quickly see opportunities to consolidate systems, whilst getting a great overview of what is in scope.

Your review should include, but not be limited to, the following:

  • Existing FTP / SFTP servers;
  • Managed File Transfer solution;
  • Home grown solutions, particularly unmanaged scripts;
  • Ad hoc employee file sharing.

If you already have an MFT solution, we almost guarantee you will spot opportunities to consolidate many of these disparate systems and processes. And if you don’t have one, you will quickly start to see the benefit. There’s the immediate cost savings, plus many more opportunities for efficiencies in the long run. You will also benefit from increased security and visibility, with MFT providing a ‘single pane of glass’ view across all your incoming and outgoing file transfers, plus integration with other security tools such as AV and DLP.

MFT’s data integration capabilities allow you to extend the life of legacy systems, whilst integrating with new cloud-based applications. You keep your options open for future expansion, whilst facilitating the immediate benefits of digital transformation.

Here are the five top ways this technology will drive your digital transformation:

  • Empower employees with an accessible working environment;
  • Gain visibility of all data within and beyond the organisation, enabling data-driven decision making and easier governance;
  • Digitise your processes, including system-to-system, system-to-person, person-to-system and between people. This frees up time for employees to spend on value-add or mission critical work, whilst improving security;
  • You can select the best possible technology for each requirement then integrate between systems using APIs, rather than compromising on a product because it offers the out-of-the-box connectivity you need. You can also easily integrate new technologies as they become available;
  • Capitalise on the benefits of a cloud-based infrastructure, moving files to and from the cloud securely and integrating with applications to deliver onward business processes.

More on MFT and Digital Transformation

You can find out more about this technology in our White Paper, Enablers of Digital Transformation: MFT & Data Integration. You will get a clear understanding of the role Managed File Transfer plays in delivering all aspects of your data strategy, improving operational processes and security by integrating business applications.

Need further expertise? Download our FREE resources

Will ADLP improve the security of my file transfers?

Will ADLP improve the security of my file transfers?

Is it possible to stop users from accidentally leaking personal or sensitive information, or to prevent malware being sent from a trusted partner, without completely disrupting the business processes?

Adaptive Data Loss Prevention (ADLP) adds an additional layer of security to your MFT solution, detecting sensitive data, then carrying out a range of complex onward actions.

“ADLP can detect and modify the data, rather than just blocking the whole file,” explained Clearswift’s Pre-Sales Engineer Steve Jeffery, whose product integrates with Managed File Transfer solutions to scan data entering or leaving the business in automated workflows and ad hoc person-to-person file sharing.

“The Clearswift SECURE ICAP Gateway (SIG) integrates with the MFT ICAP interface to enable the content inspection. This detects certain data from key words or patterns – such as credit card numbers, personally identifiable data, healthcare details, or a more complex examination for Intellectual Property. The results of the inspection are then passed back to the MFT workflow, which will determine what happens next.”

Steve Jeffery, Pre-Sales Engineer at Clearswift

Onward actions might include:

  • Returning the file to the original sender;
  • Quarantining the file and sending an email alert so it can be manually reviewed;
  • Redacting data, eg: replacing digits in credit card data with XXXX.

““It works in reverse too for unwanted data acquisition,” explained Steve. “We worked with a hotel to reject incoming credit card data, which customers sometimes emailed in. The technology detected the data, returned it with the data redacted, and directed the customer to a secure payment portal.”

Some other use cases include:

  • Removing metadata in a document history. This is particularly useful for ad hoc person-to-person transfers, where a document has been updated multiple times. An updated proposal for a new customer, for example, may still contain data relating to a previous customer in the document history;
  • The anti-malware component will remove macros in a document, which can contain malicious code.

Integrating your MFT with Adaptive Data Loss Prevention technology will secure the entire flow of data in and out of your business. It does this without halting business operations when something is detected. It supports compliance with the GDPR and other requirements.

Not all MFT products support this integration. If you would like to discuss whether yours does, please get in touch. You can contact us via the web form, or call 0333 123 1240.

Need further expertise? Download our FREE resources

Supply chain disaster: Do you need an MFT dev environment?

The reasons why you need an MFT dev environment

MFT dev environment - lorries in supply chain disaster

 

In all the years we’ve been working in file transfer, there have been a few occasions when we’ve witnessed the financial impact and reputation damage a system failure can have. This article looks at:

 

  • Why you should think twice before testing in a live environment;
  • When you need to consider a development (dev) environment for your Managed File Transfer (MFT) solution;
  • Details of the six stages for testing and development.

“A few years ago, one organisation was developing workflows in a live environment, and broke other automated processes. The system was down for just a few hours, but the impact was huge. This business supplied products to retailers across the country, but were unable to access the order information. The lorries couldn’t leave the factory and delivery drivers had to be paid overtime. Worse still, the retailers were left out of stock, consumers bought other brands and some ended up staying with that brand. The impact on the business’ finances and reputation were catastrophic.”

 

Richard Auger, Pro2col technical consultant

This particular example could have been prevented if the IT team were developing in a test environment, instead of a live environment. But so many organisations only have a live MFT production licence. That might be to save money, or because decision makers just don’t think a file transfer server needs a test licence. But we know an MFT system is doing so much more than transferring files, so if you have any workflows involved, you need to reconsider.

Is a dev environment business critical?

This will depend on the value of the data your system is handling. Is it critical to business processes? Do you risk breaching service level agreements (SLAs)? Or will you simply not be able to operate, like the example above? While you may be able to send files by some other method for a few hours, it isn’t viable for a sustained period.

You also need a change control policy to meet ISO27001 requirements. While it is down to you to determine the right policy for your unique set of circumstances, example ISO best practice advocates testing in an isolated, controlled and representative environment. Similarly ITIL requires an organisation to follow both ‘change management’ and ‘release and deployment management’ processes from non-production to production systems. It’s an old IT joke that in weaker, less secure environments TIP doesn’t mean ‘Transfer into Production’ – it ends up being ‘Test in Production’ instead.

So to avoid disrupting your system when deploying new releases, building workflows or making other changes, you should follow these six stages for testing, developing and transfer into production:

  1. Sandbox, or experimental environment: This is a local environment no one else can access, where the developer has a working copy of the code. Here they can try it out and change it without putting it live. This environment will typically be an individual developer’s workstation. Once they are happy with it the developer would submit the code to the repository for the next stage of development. Most MFT solutions by default don’t have a sandbox but you can sometimes set it up by installing the software onto a private virtual machine.
  2. Development or integration environment: This is a clean environment where you test how your code is interacting with all the other bits of code associated with the system. The code itself doesn’t get changed in this environment – updates are made to the working copy back in the sandbox and resubmitted. When ready, the developer accepts the code and it is moved to the test environment.
  3. Testing: This is the environment to test the new or changed code, either manually or using automated techniques. You may have different test environments to focus on different types of testing. The developer looks at how it interacts with and impacts other systems and tests performance and availability. If you are upgrading, for example, this will show how your system will behave once the upgrade is in place. From here, the code can be promoted to the next deployment environment.
  4. User acceptance testing (UAT) or quality assurance (QA): In this stage users will trial the software, making sure it can deliver against requirements. Stress testing is also carried out in this stage.
  5. Pre-production, or staging environment: This final stage tests in conjunction with all the other applications in the infrastructure. The aim here is to test all installation, configuration and migration scripts and procedures. For example, load testing happens here. It’s really important that this environment is completely identical to the production (live) environment. All systems should, for example, be the same version.
  6. Production or live environment: Transfer into production – or TIP – is the final stage, bringing the updates live. This is the environment that users actually interact with. This can be done by deploying new code and overwriting the old code, or by deploying a configuration change. Some organisations choose to deploy in phases, in case of any last minute problems.

If you follow these steps you can be confident that any upgrades to the production environment will be completed reliably and efficiently. But if your budget or internal policy won’t allow you to invest in all of these, we would recommend at least a test environment, which should be an exact copy of the production environment.

All our vendors offer test licences at reduced rates. If it’s time to get this set up for your MFT solution, get in touch now. You can contact us via the website or by emailing your account manager.

Interested in a file transfer solution?