Every day, millions of files are exchanged all over the world by corporations, government entities and other organizations. These electronic transfers include the critical data needed to conduct business, such as customer and order information, EDI documents, financial data, payment information, as well as employee and health-related information.
Most file transfers use a popular protocol known as FTP. This is a very aged protocol, since it was designed and implemented in the infancy of computing networks; even before the Internet was even heard of. Few managers realize the security and management risks that have blossomed in their organization with the prevalent use of FTP. Fewer still have begun to take measures to bring the use of FTP into compliance with regulations such as PCI, SOX, HIPAA, State Privacy Laws or other mandates.
The best solution to securing your FTP implementations will be one that best centralizes and manages the control of those transfers. The practice of distributing file transfers off the main information system complicates management and opens security holes. How does centralizing FTP reduce the number of management issues?
Centralization:
- Maintains the rigor of the native operating system’s security mechanisms.
- Sustains the compliance requirements that have been already been implemented on the host system. This includes authority controls and reporting prerequisites.
- Provides a single-point of maintenance for all FTP user profiles and passwords.
- Contains standardized data encryption techniques and centralized key management.
- Instead of building subsystems for encryption on individual user platforms, IT can engineer a comprehensive solution that provides better control and security.
- Provides a centralized logging system of all file transfer activity for auditing purposes, along with descriptive error logs and message alerts when transfers fail.