Seven Steps to Securing File Transfer’s Journey to the Cloud
Blog Article Published: 09/12/2011
By Oded Valin, Product Line Manager, Cyber-Ark Software “When it absolutely, positively has to be there overnight.” There’s a lot we can identify with when it comes to reciting FedEx’s famous slogan, especially as it relates to modern file transfer processes. When you think about sharing health care records, financial data or law enforcement-related information, peace of mind is only made possible when utilizing technology and processes that are dependable, trustworthy – and traceable. Organizations that rely on secure file transfer to conduct business with partners, customers and other third-parties must maintain the same level of confidence that that slogan inspired. Now, consider taking the transfer of sensitive information to the cloud. Still confident? In many ways, when you consider the number of USB sticks that have been lost in the past six-to-nine months due to human error or the number of FTP vulnerabilities that have been routinely exploited, it’s clear there must be a better way. For organizations seeking a cost-effective solution for exchanging sensitive files that can be deployed quickly and with minimal training, it may be time to consider cloud-based alternatives. But how can organizations safely exchange sensitive files in the cloud while maintaining security and compliance requirements, and remaining accountable to third-parties? Following are seven steps to ensuring a safe journey for taking governed file transfer activities to the cloud. For those organizations interested in starting off on the right foot for a cloud-based governed file transfer project, either starting from scratch or migrating from an existing enterprise program, here are important steps to consider:
- Identify Painful and Costly Processes: Examine existing transfer processes and consider costs to maintain them. Do they delay the business and negatively impact IT staff? If starting from scratch, what processes must you be securing and ensuring are free from vulnerabilities in the cloud? Typically, starting a file transfer program from scratch requires significant IT and administrative investments ranging from setting up the firewall and VPN to engaging with a courier service to handle files that are too large to be transferred electronically. The elasticity of the cloud enables greater flexibility and scalability and significantly decreases the amount of time and resources required to establish a reliable program. Utilizing a cloud-based model, organizations can become fully operational within days or weeks versus months, while reducing the drag on IT resources. Ultimately, in cases like one Healthcare provider that turned to the cloud to share images with primary MRI and CT scan providers, services being provided to the patient were more timely and efficient, and less expensive.
- Define Initial Community: Who are the users – internal? external? When exchanging files with third-party partners, particularly business users, it’s important to provide a file transfer solution that works the way they work. User communities are increasingly relying on tablets and browser-based tools to conduct business, so the file transfer process and user-interface must reflect the community’s skill sets and computing preferences. The ease of deployment and the level of customization made possible in cloud-based environments encourage adoption and effective use of file transfer solutions.
- Determine File Transfer Type: Do you need something scalable or ad-hoc? How important is automation? Compared to manual file transfer process, a cloud computing environment can support centralized administration for any file type while also providing the benefits of greater storage, accommodation for large file transfers and schedule-based processes, all without negatively impacting server or network performance.
- Integrate with Existing Systems: Can you integrate your existing systems with a cloud-based file transfer solution? What automation tools are provided by the cloud vendor? Many organizations believe that file transfer systems are stand-alone platforms that can’t be integrated with existing systems, like finance and accounting, for example. Utilizing a flexible cloud-based solution with open APIs and out of the box plug-ins not only assists with secure integration with current databases and applications, but it can also be deployed very quickly with the flexibility to support the adoption of a hybrid cloud/on-premise model, should the organization decide that scenario worked best for its business.
- Define Workflows: Examine how business, operations and security are interrelated. What regulations and transparency requirements need to be considered? How are they different in the cloud? Ensure segregation of duties between the operations and the content, between the content owners themselves. Organizations seeking to adopt a cloud-based file transfer solution must make sure the service provider can support its user-defined workflows. It’s also important to ensure your cloud vendor goes “beyond the basics.” Specifically, many file sharing services allow organizations to share data and information simply from Point A to Point B. But, if you need to add additional functionality like automatically converting to a .pdf and adding a watermark for additional security, manage audit permissions, scan the file for viruses and other advanced features, an enterprise class cloud solution is necessary.
- Continuous Monitoring: Take steps to ensure file download activity is being monitored, file exchange validated and transfers are smooth. Organizations must be able to verify when files arrived and know who opened them. These actions are absolutely supported in a cloud environment, and are overall governed file transfer best practices.
- Ongoing Operations: Is it quick and easy to add new partners or set up new file transfer processes? How reliable is the service in terms of high availability, disaster recovery and automatic recovery of file transfer processes? The cloud-based solution should provide an easy-to-use interface to empower the business user and encourage autonomy at the operations level without requiring IT involvement. Additionally, organizations should find a cloud provider that provides a simple pricing model. For example, paying per email is not scalable and doesn’t align with typical business use. Finally, you shouldn’t have to fly alone, be sure to take advantage of all the consulting services and expertise your service provider offers to support ongoing operations without interruption.