Data Privacy

Mitigating Data Security and Compliance Woes

By Alessandro Porro, Senior Vice President, International Sales, APAC, Ipswitch

Businesses today operate very differently than they did in previous decades. Thanks to the digital revolution, IT is no longer a forgotten, back-office job and as a result, companies are able to operate without borders, seamlessly and effortlessly conducting business across the globe 24/7. Business processes have also evolved. Today they’re almost entirely dependent on the digital data and files transfer between applications, people or applications and people.

Although there is plenty of technology already in place that enables business integration, many companies still struggle with protecting data end-to-end in an increasingly complex and unsafe world – especially while ensuring proper access control, audit trails and visibility. In fact, Ipswitch recently polled over 500 global IT professionals and found that 84% highly rank the importance of securely transfer and share files internally and externally, but a staggering 46% recognize they are still using insecure cloud-file sharing services. Even more alarming, 22% of companies surveyed don’t have a file transfer policy in place, and 26% say they may have experienced a data breach this year as a result of insecure file sharing. The lack of defined data privacy policy could expose enterprise to inadvertent loss of data, which could affect company’s reputation but also cause huge financial cost. In order to mitigate such risks, business leaders need to equip their IT teams with right tools and consider some key requirements:

Meeting Security and Compliance regulations and policies
Security and compliance are currently two of the biggest and most unique business drivers for many companies. Enterprises often deal with personal customers’ data that is extremely sensitive. Government and industry regulations recognize the need for security and place an enormous burden of responsibility on companies to protect and monitor the use and disclosure of that data. In the Asia-Pacific region, majority of governments are pushing for comprehensive data protection regulations, with new regulatory regimes coming into force in India, Malaysia, the Philippines, Singapore, South Korea and Taiwan.

That responsibility creates a cascade of technology and business requirements. One of those is a need for the absolute best encryption technologies, including government-certified encryption modules that protect data not only while it is being transferred, but also while it sits “at rest” on whatever systems or devices that are processing it. Visibility is another strong requirement. It isn’t enough to simply be compliant with the rules and regulations affecting a firm, business leaders must also be able to demonstrate that compliance through detailed audit logs and record keeping. That means generating audit entries each time a piece of data is touched, moved, accessed, or manipulated in any way. All of these requirements are increasingly difficult, if not impossible, to meet using low-end or custom-scripted solutions. IT leaders recognize that they can’t rely on encryption software that integrates tightly enough with a low-end solution sufficiently protect data. Essentially, these requirements can’t be met through patches, add-ons, or in a piecemeal fashion: They must be an integral part of a complete solution.

Establishing internal policies and educate employees
It’s guaranteed: When there’s no centralized IT managed file transfer solution, end users will turn to whatever tool offers them the greatest convenience. The downside is that convenience comes with a price— namely, an increased risk of security breaches and non-compliance. Respondents of the above mentioned Ipswitch survey, identified human error as the root cause by almost a third of those who admitted that their organization experienced data loss. Processing errors were identified as other cause by another third of respondents, while malicious behavior or security breach made up the remainder. Further, a research report by PwC entitled “2015 Information Security Breaches Report” states that 50% of the worst data breaches were caused by human error. Moreover, with the proliferation of mobile devices, the possibility of porous, easily-compromised security is magnified all the more. What’s needed, then, is a unified standard for all file transfers in an organization. One of the most effective ways to prevent cyber security issues is to prevent employees from using unsecure public cloud file sharing solutions, and transition to a more secure Managed File Solution (MFT) solution.

Integrating and centralizing file transfer systems
Many enterprises have several not de-centralized file transfer systems that make IT teams feel like they’re running in an endless maze. Often, the transfer systems were developed and introduced on an ad-hoc basis with one system in the operations department, for example, and another one in accounting with lots of home-grown improvisation and “band-aid” fixes along the way. Such cobbled-together patchwork is not the best way to ensure trouble-free file transfers that minimize the risk of disappearing files and exposed records. Instead, it would be far preferable if IT teams have a solution that consolidates file transfers into a single system across employees, partners, applications and systems—enabling them to ensure fewer points of failure and guarantee simpler integration efforts.

Protecting business application data end-to-end with access control is critical. IT teams are solely responsible for the infrastructure systems and technology services that make doing business today possible, so it’s important to arm them with best-in-class technology that will help them mitigate the above mentioned challenges. For instance, Medibank, Australia’s largest provider of integrated health insurance is using an automated file transfer system that not only allows IT to manage, view, secure and control all file transfer activity, but also meets Australian governments and Commonwealth regulations and policies. Before adopting an MFT solution, Medibank’s employees had no file transfer tool in place and used email to send and share healthcare files.

Many organizations are now either already using MFT products or considering the purchase of such solution. In fact, the MFT market size is estimated to grow to USD 1,524.2 million by 2020, at a CAGR of 10.2%. According to the Research and Markets report, Asia Pacific shows the fastest growth rate in the global MFT market, primarily due to the rapid increase in digitization, critical data generation and raising cybercrimes. End-to-end encrypted MFT technology can offer an enormous value to enterprises, particularly within the highly regulated industries of finance, banking and healthcare. Effective MFT solutions can integrate with existing company workflows and content-transfer processes, allow IT teams to maintain control over the entire file-transfer lifecycle, and ensure appropriate corporate governance for all data. Perhaps most helpfully, however, MFT technology can enable end users to transfer business files simply, efficiently and safely, thereby promoting business growth while at the same time maintaining optimal security and answering rules and regulations requirements.

Leave a Reply

Your email address will not be published. Required fields are marked *