Three Words to Say to C-Level Management About Complete MFT Data Security (Pt. 3)

by Shawn Ryan
VP Technology Marketing & Chief Architect
Axway

(To read the first two parts of this blog post, click here and here.)

Is this overkill for file based patterns? Few would argue against a statement of complete data security. However, I think “overkill” arguments could be twofold.

One might be, “I’ve never heard of MFT.” Another might be, “I’m sure we do managed file transfer, I just don’t know where.”

The reality is that anybody who has ever sent a PowerPoint attached to an email, an Excel file attached to an email, has moved a file. Arguably every organization conducting business electronically has moved a file.

Critical transactions supporting your business, such as procurement processes (procure to pay), any order-to-cash-associated transactions done over EDI, payments done electronically, etc.—these are all file transfers over a B2B channel.

Do you have any legacy applications on mainframes, UNIX, as/400s, etc., that you’re integrating with more modern applications? Most companies do. And in the process of managing these different applications, they’re moving files between systems internally. What is the link from internal applications to B2B channels?

You have B2B channels. You have internal applications that generate and consume files. Files move within and throughout your organization on a regular basis, and without a strategy to address governance for all of these transactions, you’re putting your organization at risk.

Finally, but not least of all—let’s consider the human side.

We send emails with attachments, share documents, move files over insecure channels (e.g., FTP, email, USB stick, etc.) and for all of us there has been no common governance over the wild array of options, no easy way to secure this given all the end-user options out there. Times have changed; a level of control and a level of governance on top of all business interactions is possible.

Again, we’re talking about eighty percent of your data. You may have an ESB strategy internally. You may have a number of different strategies you’ve brought online. But are you addressing all systems, all data and all information now? If you can’t answer that question with a yes, you risk your organization, you risk your brand, you risk it all.

Three Words to Say to C-Level Management About Complete MFT Data Security (Pt. 2)

by Shawn Ryan
VP Technology Marketing & Chief Architect
Axway

(To read the first part of this blog post, click here.)

There are five different types of interaction patterns that demand governance and data security: B2B, application integration, multi-site integration, portal based file transfer and ad hoc managed file transfer. When you boil business interactions down to the simple elements, these are the primary patterns, addressed here for file-based business interactions but also applicable for other mediums. The data carried across these patterns represents critical revenue channels, points of customer touch and sensitive data to boot.

To effectively govern them, they must be managed in the context of the communities and the constituents involved (the community of your suppliers, buyers and strategic business partners). As you need to bring up new transmissions, take down old ones and change your business, you can gauge the effectiveness of governance of these interaction patterns based on three criteria: quality, speed and cost.

These channels are a source of revenue for your business and they have a life cycle. The faster you perform activities associated with onboarding and other phases in their life cycle, the sooner you’ll realize revenue. Further, in this process, the closer you are to your customer, the better you are at it and, again, the sooner you will achieve revenue in these channels and increase customer retention.

Effective management means more than just establishing and maintaining life cycle—it means visibility and policy enforcement essential for subsequent phases. To govern means to have control over life cycle, audits, and alerts to anomalies and policy violations so you know when to act. Do you have this control over all patterns?

(To be concluded.)

Three Words to Say to C-Level Management About Complete MFT Data Security (Pt. 1)

by Shawn Ryan
VP Technology Marketing & Chief Architect
Axway

Cost, risk and brand.

In other times, the first on the list in terms of drivers is obvious: revenue. But now, three words at the top of mind are cost, risk and brand.

First, cost. Cost and benefits associated with consolidation are essential drivers to surviving and thriving. In any organization, various one-off solutions handle file transfers. Various solutions stay nailed down and in place just because they are there. They arrive when a project demands a fast solution where one does not exist. They arrive due to mergers and acquisitions. They arrive because “files” were not thought to be strategic, because “files” have not had the sizzle, and thus “files” are neither the focus of SOA projects nor the focus of technology that could bring them into a services oriented approach. But times are different, and with files representing eighty-plus percent of an organization’s data, it’s time to gain control. Various one-off solutions are costly to an organization and filled with security flaws, just as Swiss cheese is filled with holes.

By focusing managed file transfer and transmissions through a single service oriented framework, MFT consolidates the overhead of one-off services and reduces costs—a concern of all C-level management.  While cost creates a convincing argument for complete MFT data security, unified governance across the different types of interaction patterns that comprise managed file transfer brings in security and controls and is simply the best way to go.

The second point: risk. More specifically: governance, risk and compliance. GRC. Cybercrime is a trillion-dollar industry. That alone should be enough to wake C-level management up and seriously consider data security. Add compliance mandates to that, breach notification laws with safe harbors for encrypted data, and now encryption mandates like HITECH and the Massachusetts state laws coming on line, and a response is not only wise, it’s mandatory. Massachusetts 201 CMR 17, like California SB1386, is a precedent-setting mandate. It states that any data containing personally identifiable information of a resident of Massachusetts must be encrypted. A challenge like this is a formidable one that your company must not take lightly.

Third, brand. Closely paired with the topic of risk, but it deserves a front-row seat in the discussion. Data is the lifeblood of your business. Anytime you have a breach, your company makes headlines for a terrible reason, thanks to the 45-plus states that have notification laws in place. What do you want to be known for? You must protect your brand.

Complete MFT data security is essential. The only answer is to look for a complete solution that can cover all interaction patterns. Sure, start where you feel the most risk, but stop to be sure you will address the risk strategically, and have a plan to cover the entire spectrum of interaction patterns. Sure, cybercrime is on the rise, but internal jobs account for eighty-plus percent of publicized breaches. Are you just going to cover B2B? Human interactions? Portal based? You must cover them all.

But which interaction patterns demand complete MFT data security?

(To be continued.)