The master copy of your data is usually protected by access controls at the application and database. Is securing the master copy of data enough? It depends on which of the 3 pillars of security (integrity, availability and confidentiality) are relevant. For integrity and availability, protecting the master copy is the key requirement. Availability also means that back copies are available and protected. And integrity does require that inbound updates such as the transaction or extract files described below are protected.
But when we say “security” today we are mainly talking about the third pillar - confidentiality. And with confidentiality every copy matters. After all, for external information thieves and internal Snowden-types any copy will do provided it's sufficiently current. And most confidential data has a long shelf-life.
Hopefully master data copies stored in your applications and databases already have reasonable controls in place. But what about the data flows between system, both on your network and with the systems of business partners? Much of the integration between systems today remains file-based as opposed to SOAP or REST. One system produces the file, it's transferred and another system ingests the file. The file may be a single data item or may be an extract of multiple records or a batch of transactions.
From my experience as a developer and auditor I know that these files are very vulnerable. These files:
- Are almost never encrypted.
- Sit around sometimes for days or even months in directories or shares with little to no access control and usually no auditing.
- Are not audited.
- Transferred using insecure protocols.
- May reside on vulnerable file transfer servers exposed to the Internet.
To address the security risks with inter-system file transfer you have 2 options. First you can try to secure each file transfer link on a case-by-case basis trying to figure out how to audit, control access, encrypt and securely transport the file type in question. But this approach has so many problems, the biggest being that finding a common denominator of file transfer options that both systems supports and that is also secure; is often not even close to being possible. After all, the systems probably weren't designed to talk to each other in the first place.
The other approach is to re-factor inter-system file transfer as a separately identified and controlled IT process and implement managed file transfer technology to automate and secure all the file transfer links between internal systems as well as those of partners.
Automating file transfers actually goes beyond just protecting the files in question. Done right it can actually make your entire network more secure. By automating movement of encrypted files to DMZ or to external servers at remote locations and 3rd party datacenters you can close down other ways to transfer files in and out of your network making it more difficult for malicious actors to exfiltrate data or to bring in malware.
In this real training for free ™ webinar we'll explore the risks of inter-system file transfer and show you how to solve them. Ipswitch is sponsoring this webinar and Tony Perri will briefly show you how Ipswitch MoveIT can automate file transfers and files are secure every step of the way with auditing, encryption, network security and access control.
Please register now.