Perceived Security vs. Real Vulnerability

Thursday, March 18, 2010

With global organizations depending on the sharing of sensitive information to support everything from financial transactions to patient care records, many believe they are relying on secure methods to exchange data with trusted partners. However, there is often a significant and alarming gap between perceived security and real vulnerability.

To handle transmission of valuable company data, typical methods that are considered secure include FTP technology, "secure email," regular email, courier services and the postal service.

However, contrary to popular belief, the aforementioned most common methods used for file transfer are often not secure enough, and lack manageability and governance. Let's take FTP technology, for instance. A shortcoming with traditional FTP and even encrypted FTP sessions is that after the data stops moving (aka "data at rest"), it sits on the FTP or SFTP server in plain text. If that FTP or SFTP server is directly connected to the Internet -- as it most likely will be to allow business partners to connect to it -- the data is at risk of being accessed and shared. This is in violation of PCI and HIPAA standards.

FTP technology can also slow down business processes, as an organization's IT team often needs to modify FTP scripts in order to support a new business initiative or bring on a new business partner that needs to exchange sensitive information with the system. Furthermore, having the ability to know if the files were transferred correctly and on time (i.e., monitoring) is very difficult to do with transfer methods such as FTP, email and couriers.

0 comments:

Post a Comment

Note: Only a member of this blog may post a comment.