Managed file transfer: Getting compliant, becoming secure


describe the imageMost people would agree that managed file transfer offers significantly higher levels of security and management than its predecessors. So why has it not been universally adopted? There are many reasons that cause companies to drag their feet on a new IT investment, even if the benefits of making the switch are clear. Concerns about inter-application compatibility and the scalability of managed file transfer systems cause many organizations to delay deployment.

However, the rise of compliance issues - as well as costs and penalties - is proving to be an increasingly powerful factor in organizations' information security decisions.

Changing of the guard
Depending on their sector, companies are subject to industry and federal standards that govern information access and sharing protocols. The healthcare, finance and insurance sectors, in particular, must contend with a variety of protocols for data integrity. Conditions for compliance continue to become more stringent as the penalties for a company's failure continue to grow.

A statement by the Payment Card Industry Standards Council about PCI 3.0, which went into effect on January 1, offers an explanation representative of a shifting approach toward compliance - namely, that protecting data is a group effort.

"Securing cardholder data is a shared responsibility," the statement read. "Today's payment environment has become ever more complex, creating multiple points of access to cardholder data. Changes introduced with PCI DSS and PA-DSS focus on helping organizations understand their entities' PCI DSS responsibilities when working with different business partners to ensure cardholder data security."

The trend toward spreading out accountability across supply chains and business relationships is in the effort of making companies increase their oversight and encourage others to ramp up their own practices. Information is only as secure as the weakest link, and the institution of punishments for those even indirectly involved in information compromise could help force the hand of enterprises otherwise slow to comply.

The costs of noncompliance
Data breaches are expensive. There are a variety of different ways hackers can break into company networks and steal or manipulate data, and any aspect of its information management program that is less than comprehensive leaves weak points. File transfer protocols were designed with efficiency of data transfers in mind, not their security. These security gaps not only make it easier for hackers to infiltrate the system, but increase the likelihood that organizational blind spots can lead to a catastrophic domino effect.

The cost of a data breach is $5.4 million, according to Veracode, once penalties, rising insurance rates, halted productivity, lost revenue and damaged reputations are factored into the equation. Even more disconcerting is the fact that only 41 percent of U.S. companies stated that they have the tools, employees and budgets to stop breaches from happening. It is clear that many organizations face an uphill climb in the effort to effectively shield themselves from data breaches While businesses may be facing some very real resourcing issues, it's not going to stop regulators from enacting compliance standards and holding them accountable.

Managed file transfer drives information security beyond standards
Bemoaning a lack of resources also won't stop hackers from attempting to compromise company information. A business may not be able to overhaul its security solution overnight, but a strong first step is to invest in software and services specifically designed for more secure, comprehensive information management. Additionally, compliance offers guidelines - what it doesn't offer is complete protection.

Managed file transfer solutions from Lightwell keep data protected while in transit, using state-of-the-art access and encryption techniques to eliminate instances in which unauthorized users could find an easy way in. They allow different levels of protection to be set up depending on whether information is being used within the organization or sent outward, reducing internal threats and supply chain compromise swiftly and decisively. 

If you liked this article, check out other from Lightwell:

It's not enough for the law to simply use freeware for your MFT. View the white paper below, or visit the Lightwell website for more resources: