The need for a better way to send files and attachments; by Dr. Paul Steiner, Managing Director, EMEA, Accellion.
Whether it is medical information, military reports or other large confidential documents, organisations continue to struggle with growing e-mail security and bandwidth concerns.
Organisations that fail to protect the confidential information of citizens regularly suffer the embarrassment of a data breach and financial penalties. For example, as of June 2010 organisations within the UK’s National Health System (NHS) have accounted for a quarter of all data security breaches reported to the Information Commissioner’s Office (ICO) . If this trend continues, the ICO could become a profit centre with its new powers introduced last April that allow it to impose penalties up to £500,000 on offending organisations.
Whether mandated by legislation or dictated by policy, every organisation has an obligation to ensure the security and integrity of the information it handles. That obligation doesn’t stop during the process when information is transferred from one party to another. A secure file transfer solution is no longer a luxury, but rather a necessity. The IT departments of corporations have a responsibility to select and provide a solution that meets the security and compliance requirements and fits into the regular workflow of business.
The Problem with Email for File Delivery
The ease with which email can be used to send attachments makes it the most frequently used file transfer mechanism in business today. While sending files through email is very convenient, email systems were never designed to efficiently handle the volume and size of attachments that are required to support business today. The result is a degradation of email server performance and slower message delivery times. Because as much as 80% of email storage can be taken up with email attachments, solving the attachment problem is becoming increasingly critical for IT administrators and users.
To stop email servers grinding to a halt due to file attachments, a common practice is to put a limit on the size of file attachments and a quota on mailbox size. Unfortunately imposing such email attachment size limits results in users seeking other IT workarounds resulting in potential security breaches. To overcome the limitations of email, organisations have turned to non-secure file transfer methods such as FTP, CDs, thumb drives, and P2P. Unfortunately, each of these options compromises security, ease of use and reliability.
•FTP is not as convenient for file transfer as email because it does not allow for ad hoc collaboration. Users do not like FTP because it is difficult to use and IT does not like it because it is difficult to maintain.
•The use of personal Webmail accounts such as Google mail generally bypasses organisational messaging security defences and does not allow files to be tracked.
•Burning files to CDs and then sending via overnight delivery is expensive, much slower than electronic delivery and susceptible to data loss.
Organisations that handle confidential information need to be confident that each file is sent only to the intended recipient and that the data will remain secure. With increasingly stringent regulatory and information security compliance requirements, many organisations are instead switching to secure managed file transfer.
A New Way of Thinking About File Transfer
The key to efficiently and securely sending files does not lie in coming up with new or smarter ways of using email or ways to circumvent the email security system. Instead, it is important to recognize that secure file transfer is a core business process that is best served by a system deployed in parallel with the email infrastructure. In short, what IT administrators and email users need is a secure file transfer solution that integrates with existing email while hiding the underlying technical complexity of sending large files.
A secure file transfer solution enables users to send files securely to trusted users without relying on FTP, USB sticks, or other unsecured methods. The solution transfers files securely over channels that can be monitored and managed by the IT department. Reporting tools confirm which files have been received, who accessed them, and when. The best solution supports two-way communication among all authorised users, including partners and trusted users outside the organisation. Employees are not tempted to abandon the secure solution as soon as they need to transfer files to a recipient who might not already have an account. The solution enables secure communication with the organisation’s community of business users, adapting as that community grows and evolves.
By adopting a secure file transfer solution and abandoning risky file-sharing practices, organisations can better protect confidential data and simplify compliance with industry regulations and governmental data-security laws.
The key features of such a system should include:
• The ability to preserve the ease of sending files through email by mimicking email functions but without being part of the messaging infrastructure. This minimises end user training requirements, while at the same time offloading attachments into a parallel file transfer infrastructure, thereby relieving email of as much as 80% of the storage it carries today.
• A low total cost of ownership by minimising the amount of management and maintenance required for the system by the IT department.
• Audit and tracking. Current business practices, as well as legal and regulatory requirements, demand that organisations implement auditable business processes, including the tracking and auditing of ad hoc file transfers.
