Secure data transfer with FTP alternative MFT

Transport Insurance

Examples

An example of MFT software is Policy Patrol MFT [10], which integrates fully into all popular email systems and classifies the attachments in outgoing messages according to defined policies. Another solution that uses MFT as its transmission technology is ShieldShare, by Swedish manufacturer BlockMaster [11]. An open source solution that uses MFT as its transmission technology, JADE (Job Scheduler Advanced Data Exchange, the successor to SOSFTP) [12], was developed by programmers from Germany (SOS GmbH), France (Paris SOS), and Switzerland (SOS AG). JADE offers private users a safe alternative to services like Dropbox. With JADE (Figure 1), the user can select from a range of technologies for transferring files, including WebDAV, UNC, and ZIP.

Figure 1: Schematic structure of JADE, the open source solution for MFT.

Other solutions integrate with email systems and extend the email user front end with appropriate buttons. The user must decide whether to classify attachments as confidential and then enable the appropriate function before transferring. If this function is overlooked, the attachments are sent unencrypted.

This solution is problematic in terms of data protection, and the company is liable for security breaches if the user does not follow instructions or misclassifies the attachment, and sensitive data gets into the wrong hands as a result.

Wherever businesses and individuals have primarily used FTP to transfer files, an MFT solution can be quite useful as a standalone application. These MFT systems often work just like email applications and try to duplicate their usability. A local client or a web application is used to send files; the sender must authenticate and then can send the recipient an encrypted message in the style of an email message, including attachments. Once the MFT system has become part of the user's daily grind, the overhead of duplicate administration of targets is something that speaks in favor of an integrated MFT system.

Collaboration and Sharing

MFT technology goes beyond secure data transfer in some of the solutions on offer today by unifying what are otherwise often parallel, isolated solutions, such as file sharing, e-collaboration, online storage, and secure data rooms. An overall solution that offers all of the MFT building blocks is not always useful and also not desired by each administrator. The software available on the market thus usually only provides partial solutions. Usability is often crucial for businesses. If MFT is not ergonomically integrated into standard applications, the extra overhead often causes users to work around the software or simply not use it.

In addition to MFT features for secure file sharing and secure data rooms is online storage that differs significantly from free services like Dropbox, in that all data are encrypted for storage. Because these services are hosted by the company itself, they offer the option of saving files in a private cloud. They also consist of a system for data encryption, as well as access and rights management. If the user data is stored locally in a container, editing is also possible without an Internet connection. When a connection becomes available later, the data is then synchronized and possibly versioned accordingly.

Conclusions

Overall, MFT is capable of exchanging large volumes of encrypted data over insecure public networks. Additional management features enable comprehensive reporting and auditing, as well as proof of successful delivery. To ensure compliance with national and international laws and regulations, it must not be possible to bypass or manipulate the system or for a user to forget to employ the feature. Classification of the files to be sent should not be left to the user; rather, it should be handled automatically by policies. High usability and integration into existing workflows or standard applications like email also increase acceptance. File sharing, e-collaboration, and secure data rooms all use the basic functions of MFT, but each must be optimized for the application in question.

Infos

  1. "Data Protection Laws, an Ocean Apart" by Natasha Singer, The New York Times , February 2, 2013, http://www.nytimes.com/2013/02/03/technology/consumer-data-protection-laws-an-ocean-apart.html?_r=0
  2. Directive 95/46/EC of the European Parliament and of the Council, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML
  3. Commission proposes a comprehensive reform of data protection rules to increase users' control of their data and to cut costs for businesses, http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en
  4. Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG): http://www.iuscomp.org/gla/statutes/BDSG.htm
  5. Sarbanes-Oxley Act: http://en.wikipedia.org/wiki/Sarbanes-Oxley_Act
  6. Payment Card Industry Data Security Standard: http://en.wikipedia.org/wiki/PCI-DSS
  7. ISO/IEC 27001: http://en.wikipedia.org/wiki/ISO_27001
  8. Basel II: http://en.wikipedia.org/wiki/Basel_II
  9. Overview of online storage: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Download/Ueberblickspapier_Online-Speicher_pdf.pdf?__blob=publicationFile (in German)
  10. Policy Patrol MFT: http://www.policypatrol.com/managed-file-transfer/
  11. ShieldShare: http://www.blockmastersecurity.com/shieldshare-secure-file-sharing/
  12. JADE: http://www.sos-berlin.com/

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Secure Alternative to FTP

    Although FTP still does loyal service despite its age, if you need to send sensitive data, you should consider managed file transfer.

  • SafeNet Announces StorageSecure
  • Halting the ransomware blackmail wave
    In the tsunami of ransomware infections this year, the Locky encryption trojan is a high-water mark. With a constant stream of novel attack patterns, this continually evolving pest makes life difficult for IT managers, users, and security vendors. Here's how to protect yourself.
  • Moving your data – It's not always pretty
    The world is swimming in data, and the pool is getting deeper at an alarming rate. At some point, you will have to migrate data from one set of storage devices to another. Although it sounds easy, is it? We take a look at some tools that can help.
  • Moving Your Data – It’s Not Always Pleasant

    The world is swimming in data, and the pool is getting deeper at an alarming rate. At some point you will have to migrate data from one set of storage devices to another. Although it sounds easy, is it? We take a look at some tools that can help.

comments powered by Disqus