Risk Assessments/Management, Data Security, Breach, Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Survey: 80 percent of financial security chiefs rely on FTP transfers despite data breaches

A recent survey of 100 IT managers and CIOs from the financial services, health care, retail, manufacturing and government business sectors shows that despite a torrent of bad press on data-security breaches involving FTP (file-transfer protocol), its use is prevalent and growing.

In fact, over 80 percent of respondents use some form of FTP for a significant portion of their file transfers. In addition to security risks, the use of this technology brings with it penalties for failed transmissions tied to business process Service Level Agreements (SLAs). This same survey revealed that FTP users are surprisingly tolerant – 93 percent experienced stoppages or incomplete transfers up to 20 percent of the time.

So why is the use of this technology growing? The reasons include: many companies have extensive in-house expertise around FTP (including script-based automation); it works on most operating systems and most employ encryption for security (80 percent of respondents plan on encrypting their file transfers 80 percent  of the time during 2008).  

But even though a majority of respondents are encrypting data, they were more worried about file transfer security in 2007, than they were in 2006. One of the reasons for this fear is that hackers are also getting at data when the file is sitting on the disk at the start or end point of the data transfer and in applications where the initial sender has little control. If you add the pressures of meeting government regulations and SLA mandates, security and reliability concerns are forcing many companies to rethink their file transfer mechanisms.

These issues are compounded by increasing volumes of data. Our industry has a successful history of blending robust legacy with new technologies for added efficiency and business growth. From the survey, companies reported investigating a number of solutions to this problem including managed file transfer, website transfers, AS2/EDI, FTP/S, SSH and SFTP. But any solution implemented must address a root cause: standard FTP has no management or scheduling tools built-in. Currently custom-coded scripts and add-on products are needed to fill these gaps.

Many companies are making file transfer more secure through new processes, new protocols and limiting where and how FTP should be used. By implementing Managed File Transfer (MFT) technologies, they are able to more closely to manage and safeguard data through a combination of security features, transfer visibility and delivery assurance. Adding these capabilities to a company's FTP use will improve business by increasing the ability to meet SLAs; improve customer service and most importantly reduce the incidence of costly data breaches.

Why are companies investing in MFT technologies? Consider the importance of the security and reliability of file transfers:

  • 47 percent of financial firms reported website, network or data is targeted by organized criminals;
  • 67 percent of CIOs and IT managers surveyed reported more than 20 percent of their file transfers are tied to SLAs and as noted above, 93 percent experienced stoppages or incomplete transfers up to 20 percent of the time.

So how do you keep your company from becoming a statistic? Identify your current file transfer processes with a thorough security audit. Start with your high value/security transfers that are most at risk. Implement procedures and tracking tools to effectively control theses transfers. A number of companies offer solutions that include software and professional services to integrate, monitor and secure these critical transfers. 

You may already have some of these steps in place, such as scheduled transfers and alerts to clients notifying them of deliveries and a checkpoint or restart feature with an automatic recovery and retry to ensure that a file (or part of a file) is resent if needed.

Basically, you need complete transfer visibility. This enables a better business process, verifiable security and a managed solution that allows you to predictably meet SLAs. Is there more to do? No doubt. The security issue alone is critical in our increasingly wired and wireless world. Make security a priority, build your in-house knowledge base, investigate MFT technology and evaluate your own use of FTP.

William McKinney, global product marketing director, Sterling Commerce

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.