STOP: The Risks of Using FTP and Email for the Transfer of Sensitive Files
Are you using email or FTP for transferring files containing sensitive data or Personally Identifiable Information (PII)? If you are, we encourage you to STOP what you are doing and take stock of your situation, as you could be contravening GDPR and other regulations.
The Evolution of File TransferHistorically, when it came to investing in the digitalization of business processes to exchange information both behind and beyond the firewall, companies had the following options:
|
The problem with email is that everything is sent ‘in the clear’, i.e. is unencrypted and is therefore highly susceptible to intervention. FTP meanwhile requires technical knowledge to both configure and maintain by way of having to write / manage a vast spaghetti style landscape of scripts (to address the lack of functionality in the protocol that was invented in the 1970’s). NB: using FTPS only secures the spaghetti situation. This situation is represented in Figure 1.
Up until today, numerous ‘secure’ alternatives have been introduced to the market to address the data privacy and complexity implications of the above scenario, but do they solve the ‘spaghetti’ problem?
Let’s have a closer look:
Alternatives to Email
Popular alternatives to standard email are Internet file hosting services specifically designed to host user files and provide a so called ‘file sync-and-share service’. At the professional end of these services, one can find numerous secure data room and Content Collaboration Platform (CCP) offerings, many of which have low-cost and even ‘cost-free’ consumer and business versions.
Alternatives to FTP
FTP servers can be replaced by WebDAV (Distributed Authoring and Versioning), SFTP (Secure FTP) or SCP (Secure Copy via SSH) tools. Specialized large data streamers and data logistics offerings are based on these technologies, focussing on the controlled transfer of unstructured data and large files.
At first glance, it seems there may be enough alternatives to both email and FTP to help fix the spaghetti problem.
However, let´s step back for a moment and take a closer look at the real requirements necessary to solve the ‘pasta fiasco’ as depicted above. Actually, it takes far more than just some of the alternatives to email and FTP previously mentioned. A valid solution needs to provide answers to the following questions:
- How do I seamlessly integrate internal systems/applications for incoming and outgoing data?
- How can I secure governance and compliance for all sensitive data transfers (a question that not only the company CISO is asking)?
- How can I reduce the effort of onboarding a multitude of external partners?
- What about self-service capabilities for business departments and external partners to speed up such tasks and reduce the burden for central IT?
- How do I get secure connections to systems without state-of-the-art interfaces?
- How do I protect my intellectual property?
Figure 2 summarizes these requirements of a valid solution
The email alternatives mentioned above lack integration capabilities and can only be used for the so-called ‘ad-hoc’ file transfer. Governance and compliance issues are frequent consequences. The FTP alternatives mentioned above are limited in their integration capabilities thus preventing comprehensive integration of data logistics into the business process; think of lack of workflow, payload checks and conversion functionality. This leads to all manner of difficulties when connecting to ERP and other systems in an enterprise.
In summary, instead of providing structure, efficiency and security, these potential replacement tools only create even more dispersed solutions!
What is needed is a single platform that can handle any permutation of human and system file transfer requirement (as depicted in the lower-right corner of Figure 2). Such a platform needs to comprehensively address these and any other digital transformation requirement in order to automate entire business processes. Thus, companies should consider a true Managed File Transfer (MFT) platform such as that from SEEBURGER, that is built from the ground-up for enterprise volumes and needs.
Find out how to ensure compliance and process automation to transfer sensitive files in our next blog about Enterprise MFT solutions.
Thank you for your message
We appreciate your interest in SEEBURGER
Get in contact with us:
Please enter details about your project in the message section so we can direct your inquiry to the right consultant.
Written by: Ian Goldsmith
Ian Goldsmith is Business Development Director at SEEBURGER, a global market leader in business integration software. With ~25 years integration experience spanning development, consultancy management, pre-sales, solutions management, account management and marketing, he is well versed in understanding integration requirements of today (and tomorrow) from all angles. Ian, has utilised his industry and technical knowledge to brief Industry Analysts and ‘C’ level execs on numerous occasions, and has won awards along the way for outstanding work with clients.