As business operations evolve, the challenge of securely moving data within the cloud is one of elevated concern. Transferring sensitive information to it is another. Many are caught between what worked in on-prem technologies and what is needed in cloud-based architectures. Others have sidestepped the security challenges by implementing a Managed File Transfer (MFT) solution.
Fortra canvassed opinions from a group of subject matter experts across multiple industries in order to better understand the challenges with modern file transfer. What were the roadblocks when moving files from on-prem to the cloud? What were the challenges within the cloud? What issues make file transfer such a liability in the first place?
While this list of takeaways isn’t exhaustive, it gives a good introduction to the topics discussed in Fortra’s “Control in the Cloud: Using MFT to Solve Your Data Challenges” eBook.
On-prem file transfer challenges
Takeaway 1: Data transfer today is expansive, and most users simplify by cutting corners
This point is well documented by Funso Richard, Information Security Officer at a healthcare company. To paraphrase, there are problems with using on-prem tools to transfer data across the organization, such as “lack of security, lack of mobility, performance issues, maintenance cost, productivity impact, and poor user experience.”
That’s when teams start to migrate data transfer to the cloud, but without knowing exactly what you’re doing, “ineffective planning, financial cost, misconfiguration, and poor user experience” get in the way. With enough frustration, users will eventually give up and take to unapproved – and unsafe – methods of transferring data. This results in “data loss, exfiltration, and data breaches.”
Given these data challenges, teams need a file transfer solution that can safely move files across “multiple protocols, platforms, and environments.” As Richard puts it, “Such technology is Managed File Transfer (MFT).”
Takeaway 2: Home-brewed solutions get too complex and costly
As Michael Barford, Solutions Engineer at Fortra, put it:
“For on-prem data transfers, we still see the high complexity associated with developing and maintaining custom solutions [as one of] the top challenges.”
Distilling Barford’s points, lots of organizations script in-house solutions to handle complex data transfers. Not only does that cost the hourly or salaried rate of whoever is scripting, but when something breaks down, there’s a large cost associated with picking code apart and finding the error. When one of the developers moves to a different department, tribal knowledge goes with them, and teams have to take the time to train someone new.
When it comes to the cloud, these solutions often have to be re-vamped, requiring even more cycles. And while some may still choose to stay the course, there comes a time when changing data laws, trading partners, or industry regulations will require custom changes to the code. As Barford states, “This commonly the turning point for when customers look towards an MFT solution.”
Cloud file transfer challenges
Takeaway 3: Compliance is non-negotiable when transferring data to the cloud
In the words of Soulos Panagiotis, Global Information Security Manager at Intrum, “There should be no chance that the introduction of a cloud-managed file solution would lead to legal, regulatory, or any compliance non-conformities.”
His point is supported by Richard, who states, “For highly regulated organizations, compliance
requirements play a significant role in moving data to the cloud. To address compliance concerns, organizations should select MFT solutions with built-in compliance and security controls.”
Who you choose is every bit as important as choosing to go with a cloud hosted MFT provider in the first place. The point is to eliminate risk, threats, and compliance landmines.
An MFT platform engineered to adhere and adapt to current compliance standards is key for making sure your new cloud-based file transfer solution is an asset to your cybersecurity posture, not a liability.
Takeaway 4: If it gets in the way of business, it won’t be used
As important as security, compliance, and an audit-proof trail are to overall business goals, most employees will prioritize usability over safety. Richard warns that “adopting a cloud strategy requires thorough planning to avoid business disruption.”
The main challenge of any cloud-based transfer service is to do its job without getting in the way of day-to-day operations or creating undue friction for the senders. In terms of the CIA triangle, confidentiality and integrity can’t get in the way of availability. When it comes down to it, users won’t let it. As Ray Sutton, Technical Consultant at Fortra, states,
“If by moving to the cloud the system performs poorly or has timeout issues, this could cause your customers and users of that service to not use it, or in the worst case, find alternate means of copying files.”
Good and bad practices
Unfortunately, the landscape is rife with bad file transfer practices, but dedicated solutions like MFT are changing the game.
Takeaway 5: Secure file transfer technologies need to work beyond your organization
Christos Syngelakis, CISO at Motor Oil, explains that unsafe file transfer measures are often used to send information to third parties because “business leaders just want the information transferred now” and there is no safe transfer method to do it compatibly. At least, not conveniently.
He continues, “In a lot of cases, the recipient only has a public account for mail transfer, and nothing else. The corporate tools that ... adhere to your organizational policies don’t fit well into this scenario...
Sometimes, you may have the ability to create an account to give the recipient access to the security products that you use, but generally, these on-the-spot communication tools are not affordable. They entail not only human costs, but perhaps the license cost.”
Putting secure file transfer out of reach – especially when transferring outside of your organization, where threats are the highest – is one of the major problems with niche and home-brewed solutions today.
Conclusion
So much has evolved about the way companies do business; it's time file transfer methodologies evolved, too.
Increasingly, the ability to securely send files will be a metric of an enterprise’s ability to securely do business (because that’s what it is). The cloud is the current and future business arena, and those who can’t play safely might not get the chance to play at all.
In today’s world of remote workforces, rapidly expanding supply chains, international trading partners, and increased cloud technology, the coded file transfer solutions of ten years ago can no longer keep up. Compliance requirements and data privacy laws have heightened the stakes, and companies need a way to send large batches of sensitive files at the pace of business, not the rate of security.
Managed File Transfer (MFT) solutions do both. A cloud-based solution like GoAnywhere can streamline the movement of files between disparate cloud platforms, and it can do it all from one interface. It cuts down on resources, lets you quickly scale new regulatory change requirements into your file transfer workflow, and helps you make the transition safely from on-premises to cloud.
About the Author:
Chris Bailey is the product leader for Fortra's Secure File Transfer products, GoAnywhere and FileCatalyst. Recently, Chris led the integration of Fortra's Rights Management technology into its Managed File Transfer solutions. Prior to his current role, Bailey was the co-founder and CEO of FileCatalyst, which he led until its acquisition by Fortra in January of 2021. Bailey holds a BSc in computer science from Dalhousie University in Halifax, Canada. He holds a patent for the core protocol used by FileCatalyst to accelerate file transfers. Bailey has accepted two Emmy Awards on behalf of FileCatalyst for pioneering accelerated file transfer for the broadcast industry and for his work with the NBC on the 2014 Winter Games in Sochi. In 2016, Bailey received a Top 40 under Forty award in Ottawa, Canada for his achievements in business.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.