RSS Alerts
Kyle Parris advocates for advanced managed file transfer
Kyle Parris, nuBridges

Share

More services

Related Links

Related Stories

  • The State of Smartphone Security
    An awful lot of lip service has been paid to smartphone security. Whereas most industry experts agree that, to date at least, smartphone security threats are mainly hype, that doesn’t mean this won’t change. Davey Winder investigates…
  • Virtualization: virtually a commodity
    Virtualization is a welcome medicine for many of IT's irritating symptoms. But is there a risk that basic information security hygiene will suffer as a result? William Knight investigates
  • Spotlight on Cloud Computing: Security Risks in the Cloud
    The cost savings of cloud computing versus the anticipated security risks: it’s the broken record that seems to be on continuous loop for security professionals contemplating their strategy. Ted Kritsonis examines the key considerations
  • Spotlight on Cloud Computing: Security Risks in the Cloud
    The cost savings of cloud computing versus the anticipated security risks: it’s the broken record that seems to be on continuous loop for security professionals contemplating their strategy. Ted Kritsonis examines the key considerations
  • Comment: Is your data in the hacker's firing line?
    We all put sensitive data into files that enables us to access the information we need quickly. Within the public sector, there is even more sensitive data – from patient records, benefit details to draft government policies. Raphael Reich of Imperva looks at the wealth of sensitive data within the public sector stored in widely accessible files, the value of this information and why these files must be secured to ensure it doesn’t get into the wrong hands

Top 5 Stories

Feature

Comment: A better approach to enterprise and trading partner data security

31 March 2010
Kyle Parris, nuBridges

Protecting confidential business information is more complex as cybercriminals find new ways to steal data in transit between trading partners, and even from the application level within the enterprise. Kyle Parris of nuBridges believes the best offensive approach is a comprehensive lifetime data security program comprising advanced managed file transfer, encryption and tokenisation solutions.

The exponential growth in electronically sharing business information produces many more opportunities for cybercriminals to steal it. With data theft now happening even at the application level, there is no place inside or outside the enterprise where information is safe.

Today most enterprises use a jumble of file transfer options – FTP servers supporting isolated departmental activities, point-to-point connections such as AS2, email and more. End users struggle with ad hoc large file transfers and clog IT helpdesks. Every trading partner connection is a fire drill.

As a result, many transfers are not secure, much less the data, as it moves around internally or sits at rest. Fortunately, CISOs can develop a comprehensive lifetime data protection program that secures sensitive information from the time it is created or received until it’s archived or deleted.

Step 1: Protect files in transit between trading partners and your enterprise

Encrypting files and/or establishing a secure pipeline to transport business files between companies are widely used and necessary security practices. But when the file reaches the receiving server in the DMZ it is written to a disk, where it sits, making it susceptible to compromise. Files are also vulnerable when they move from the DMZ to its destination within the enterprise because an inbound hole has to be opened momentarily in the firewall.

A more secure approach is using a managed file transfer (MFT) solution to establish a B2B gateway. MFT solutions put trading partner verification and authorization in the DMZ, preventing the need for inbound firewall holes that can expose the network. The portion of the MFT solution behind the firewall opens an outbound hole in the inner firewall to receive the incoming file and manage its movement between business partners and internal end points.

When incoming files are written to a disk in the DMZ, they become data at rest and are no longer protected by the transfer protocols. Using a MFT solution that provides secure streaming ensures that data never touches the iron in the DMZ. This has the added benefits of moving large files faster and handling escalating file transfer volumes.

Step 2: Protect files moving within your enterprise

MFT solutions handle file transport in different ways. Advanced solutions use ‘intelligent routing’ of transactions – this ensures that documents are delivered in their secure wrappers directly to the intended end point, bypassing intermediate servers. Another benefit of intelligent routing is that application servers do not have to request files from an intermediate server, where they may be sitting unprotected in clear text, unless a data protection application that automatically encrypts the files when they are writing to a disk is being used. This eliminates another layer of security management as well as the need for those servers to have an FTP client installed, scripts written to request and direct files, and for them to be managed separately.

Intelligent routing also allows transactions to be chained together based on file characteristics. This allows the security methods to be changed as needed, and it enables a file to be routed to multiple application destinations or based on its metadata. This means fewer places to manage files and fewer users to grant access to them, further reducing security risks.

While MFT solutions securely handle scheduled and event-driven transfers, some fall short with ad hoc transfers. Using an MFT solution that handles ad hoc file transfers closes another security loophole while reducing IT helpdesk requests.

Step 3: Protect files stored in your enterprise

When the MFT solution delivers files securely to the prescribed end point, they sit unprotected until they’re needed. Installing a data security solution to protect stored data is the final component of a comprehensive lifetime data protection program. Two methods are effective: strong encryption and tokenisation. Tokenisation substitutes a token – or surrogate value – in place of the original data that can then be passed around the network safely, leaving the encrypted data it represents securely stored in a central data vault.

Implementing a comprehensive lifetime data protection program using an MFT solution with advanced security capabilities, along with strong encryption and/or tokenisation, is well worth investigating. Protecting the confidential information your organization sends, receives and stores until it is no longer needed it is the ultimate offensive move.

Kyle Parris is director of product management for data protection software and managed services vendor nuBridges.

nuBridges is exhibiting at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th – 29th April in its new venue, Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offers practical and professional expertise. For further information please visit www.infosec.co.uk.

This article is featured in:
Application Security • Encryption • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012