How Do We Virtualize Security?

Willy Leichter, Director, Product and Solutions Marketing, Axway

ROI: The Driver for Consolidation

Antoine Rizk, VP, B2B Program, Product and Solutions Marketing

Companies are Trying to Figure Out How to Simplify Integrations Across Stacks

Dave Bennett, CTO, Axway

Three Words to Say to C-Level Management About Complete MFT Data Security (Pt. 3)

by Shawn Ryan
VP Technology Marketing & Chief Architect

(To read the first two parts of this blog post, click here and here.)

Is this overkill for file based patterns? Few would argue against a statement of complete data security. However, I think “overkill” arguments could be twofold.

One might be, “I’ve never heard of MFT.” Another might be, “I’m sure we do managed file transfer, I just don’t know where.”

The reality is that anybody who has ever sent a PowerPoint attached to an email, an Excel file attached to an email, has moved a file. Arguably every organization conducting business electronically has moved a file.

Critical transactions supporting your business, such as procurement processes (procure to pay), any order-to-cash-associated transactions done over EDI, payments done electronically, etc.—these are all file transfers over a B2B channel.

Do you have any legacy applications on mainframes, UNIX, as/400s, etc., that you’re integrating with more modern applications? Most companies do. And in the process of managing these different applications, they’re moving files between systems internally. What is the link from internal applications to B2B channels?

You have B2B channels. You have internal applications that generate and consume files. Files move within and throughout your organization on a regular basis, and without a strategy to address governance for all of these transactions, you’re putting your organization at risk.

Finally, but not least of all—let’s consider the human side.

We send emails with attachments, share documents, move files over insecure channels (e.g., FTP, email, USB stick, etc.) and for all of us there has been no common governance over the wild array of options, no easy way to secure this given all the end-user options out there. Times have changed; a level of control and a level of governance on top of all business interactions is possible.

Again, we’re talking about eighty percent of your data. You may have an ESB strategy internally. You may have a number of different strategies you’ve brought online. But are you addressing all systems, all data and all information now? If you can’t answer that question with a yes, you risk your organization, you risk your brand, you risk it all.

Securing Information without Compromising Productivity

Kathryn Hughes, Product Marketing Director, Axway, comments on Paul Meadowcroft’s article on, “How to Secure Data with End-to-End Encryption”

Integration Creates Agility

Dave Bennett, CTO, Axway

Mandates Increase Awareness

by Kathryn Hughes
Product Marketing Director

In today’s market—in today’s business environment—I see more and more compliance mandates coming at us. They come from all different directions. Some are vertically specific, others are horizontal in their approach and require encryption mandates that apply across the board.

The beauty of this situation is that it brings to top of mind, and heightens the awareness of, the true problem, which is the need to address the security of the data you’re exchanging. At the core, it’s protecting the information you’re communicating between partners and customers, both internally and externally, across your ecosystem. The key thing with that is complete MFT data security—being able to know that, within my organization, from end to end, from point to point, from application to application, from employee to employee, from customer to customer, and whether in transit or at rest, the data is secured at all times. There’s a huge benefit to that. Organizations that have a complete Managed File Transfer (MFT) infrastructure and strategy already in place are meeting that data security need, which then in turn helps them any time a security officer walks in and says, “I’m doing an audit.”

One of the biggest unjust actions around compliance is that compliance mandates come out and people are told you have to be compliant, you have to meet this certain criteria, but how you do it is rarely specifically described. It’s left up to the interpretation of the organization; they must pray that they’re actually doing what’s required to the level and extent needed to secure that data and those transmissions.

That lack of specificity directly puts the challenge back on the organization and leaves them struggling. They ask, “Is what I’m doing good enough?” and “Is what we have good enough?” As they pull back that layer, in their heart they know that it’s not good enough, that they could step up and do more. That leads back to a holistic, complete MFT solution. If you have infrastructure in place that will cover your transmissions, your community ramping, your auditing (which is going to come back on a compliance mandate), you’re going to have that all the way through.

Every time you open the newspaper, somebody else has a breach. While it’s constantly ongoing, it’s important to recognize that there are people who take proactive measures. They don’t want to be that “somebody else,” so they’re going to step up first, they’re going to be the company that, before the mandate even comes to them, says, “I’m going to have the best solution in place.”

I can think of a couple examples of that.

First, the State of California. Their executive mandates from Schwarzenegger ensured the shoring up of their IT infrastructure. Not directly to be compliant, mind you, but to ensure that they were secure, which directly impacts the compliance piece that they’re hit with. They get touched with that compliance piece across many of their different agencies, and they recognized that to not take action would be unthinkably negligent.

Second, a while back, a leading consumer and business credit reporting agency’s main competitor had a security breach, and while it didn’t involve compliance, it did involve a loss of confidential information. This credit reporting agency looked at this development and said, “We’re not going to be like them.” They took proactive measures to go back into their infrastructure to implement consolidation, then turned it into a marketing tool and touted that they were the safest solution out there.

Compliance is the tail wagging the dog. It’s a buzzword, but in truth when you look at compliance, compliance is met by having a holistic complete MFT solution that has a solid core in protecting the data and complete data security.

You have to lock the trunk, but shouldn’t you close the garage door, too?

FTP: The Lowest Common Denominator

Paul French, VP, Product & Solutions Marketing, Axway

Exchanging Information Safely and Securely within Your Ecosystem

Exchanging Information Safely and Securely within Your Ecosystem

Three Words to Say to C-Level Management About Complete MFT Data Security (Pt. 2)

by Shawn Ryan
VP Technology Marketing & Chief Architect

(To read the first part of this blog post, click here.)

There are five different types of interaction patterns that demand governance and data security: B2B, application integration, multi-site integration, portal based file transfer and ad hoc managed file transfer. When you boil business interactions down to the simple elements, these are the primary patterns, addressed here for file-based business interactions but also applicable for other mediums. The data carried across these patterns represents critical revenue channels, points of customer touch and sensitive data to boot.

To effectively govern them, they must be managed in the context of the communities and the constituents involved (the community of your suppliers, buyers and strategic business partners). As you need to bring up new transmissions, take down old ones and change your business, you can gauge the effectiveness of governance of these interaction patterns based on three criteria: quality, speed and cost.

These channels are a source of revenue for your business and they have a life cycle. The faster you perform activities associated with onboarding and other phases in their life cycle, the sooner you’ll realize revenue. Further, in this process, the closer you are to your customer, the better you are at it and, again, the sooner you will achieve revenue in these channels and increase customer retention.

Effective management means more than just establishing and maintaining life cycle—it means visibility and policy enforcement essential for subsequent phases. To govern means to have control over life cycle, audits, and alerts to anomalies and policy violations so you know when to act. Do you have this control over all patterns?

(To be concluded.)