Despite the Risks,
Ftp Use on the Rise in the enteRpRise
New survey report reveals FTP usage on the rise despite a torrent of bad press on data security breaches, compliance penalties and recent examples of the potential liabilities inherent in FTP. This doesn’t need to continue.
�FTp use On The rise in The enTerprise
Overview:
Global businesses require the free-flowing movement of information—from sensitive customer data to logistical process information—to thrive. no one piece of technology takes more heat for creating catastrophic business process crashes than File transfer protocol, or Ftp. hilty Moore & Associates1 conducted a survey of it managers and Cios at 100 companies spanning the financial services, healthcare, retail, manufacturing and governmental business sectors to determine usage and requirements for Ftp. empirical and anecdotal information garnered from the survey revealed:
• Ftp unreliability is impacting the bottom line via transmission problems that result in missed sLAs, brand integrity impacts and customer confidence erosion due to breaches. • participant comments reflect an incorrect, and potentially painful, belief that encrypting data transfers via Ftp is a viable data security solution.
This survey repOrT:
• highlights broad industry-level challenges with and current usage volume of Ftp. • suggests a shift in approach on the issue of organizational risk away from solely a data lockdown initiative to one that provides complete data security and actual, bottom-line financial value to a business. • offers a way to address knowledge management more holistically with complete transfer visibility, business process and partner scalability, and a managed solution that secures data completely.
35 30 FTp use grOwing alOng wiTh breaches
in the course of surveying Cios and it managers at 100 25 of the world’s leading companies, the most eye-opening 20 finding was that not only is the Ftp Band-Aid approach of 15 moving data still in use within global enterprises, but that Ftp use appears to be growing. 10 Based on survey responses given during the summer of 2007, it was clear that a majority of the companies 0 contacted were conducting the same number or more file transfers compared to last year—with approximately onethird of respondents reporting use of Ftp for as much as 80 percent of their file transfers.
5
What percent of your file transfers are involved in a larger business process that has a service Level Agreement tied to it?
Other
35 30 25 20
< 2 0 per cen t 2 0 to 3 9 per cen t
Healthcare Retail Manufacturing Financial Services
Other Healthcare Retail
15 10 5 0
4 0 to 5 9 per cen t
6 0 to 7 9 per cen t
> 8 0 per cen t
Manufacturin
Financial Serv
< 2 0 per cen t
2 0 to 3 9 per cen t
4 0 to 5 9 per cen t
6 0 to 7 9 per cen t
> 8 0 per cen t
1.Commissioned by sterling Commerce, an At&t Company. sterling Commerce was not identified as a sponsor of this survey.
�FTp use On The rise in The enTerprise
how does the number of file transfers you are performing this year compare to last year?
30 25 20
these findings were unexpected and somewhat shocking given recent costly and embarrassing security breaches at tJX Companies, Card systems, the U.s. Veterans Administration, and 300 other reported instances since 2005, according to privacy Rights Clearinghouse data.
Significantly Less
15 10 5 0
F in an cial Ser vices Man u factu r in g R etail
Less More
About the same
FTp unreliabiliTy high
Health car e
Significantly Less Less About the same More Significantly more
in addition to turning a blind eye to the data security risks, survey respondents were also surprisingly tolerant of Ftp service errors. Across all industries, respondents overwhelmingly (93 percent) experienced delivery stoppages or incomplete transmissions with Ftp as much as 20 percent of the time. Given the expensive and timeconsuming nature of fixes, this finding was puzzling. therefore, the resulting willingness to pay for these unnecessary mistakes highlighted more than a data security problem, but a potentially huge financial pitfall for those organizations whose data transfer operations were beholden to stringent corporate partner service Level Agreements (sLAs) or governmental compliance mandates.
Significantly more
Oth er
Oth er
in fact, 60 percent of the people contacted said that file transfers were tied to sLAs up to 20 percent of the time, with missed transfers resulting in financial or operational penalties imposed by internal or external stakeholders.
encrypTiOn viewed as securiTy saFeTy neT
More than half of those surveyed also remarked that their Ftp solution was secure because their transfers were encrypted “a majority of the time.” sixty percent of respondents added that they were in the process of stepping up their encryption efforts with plans to encrypt 80 percent or more of their file transfers by next year. these types of responses may indicate a fundamental lack of understanding about where data security breaches typically occur—not during movement from data origin to destination but at the point of origin or destination by hacking the FTp servers that house the data. A recent breach at a major online brokerage firm vividly illustrates that encryption shouldn’t be viewed as a reliable fall back strategy for Ftp’s shortcomings. While details of the breach are still being revealed, early reports indicate that one of the company’s databases was hacked, resulting in the personal information of more than 6.3 million customers being stolen. the company reportedly found malicious code that left a door wide open to access one of its databases, according to a story in DM News, a leading publication in the direct, database and internet marketing field. encryption of data in transit is certainly an important component of any data security strategy, but there is even a greater need for a more comprehensive
�FTp use On The rise in The enTerprise
approach that includes the ability to see where the data is at any given moment, maintain administrative control to restrict access, and ensure that the infrastructure can handle pipeline growth without creating security leaks. prat Moghe, Cto and founder of tizor, a database security provider, based in Maynard, Mass., told DM News in september 20072 that database security and the ability to see and monitor all activity is vital. he went on to offer a few key components of any information security and theft monitoring strategy. “know where all of your sensitive data is located [through] data discovery,” he advised. “have good records, [and] a trail of when and how data may have been exposed. Lastly, have a real-time alerting system in place—so you know when something is going wrong.”
did you Know?
Data security breaches typically occur at the point of origin or destination by hacking the Ftp servers that house the data.
survey cOnFirms FTp grOwTh, desire TO change
While the survey confirmed substantial growth of Ftp usage even in traditionally risk-averse industries, respondents also reflected a desire to abandon Ftp for a more complete, reliable data security solution.
• Research validated Ftp usage growth with 64 percent of all companies performing 'significantly more' or 'more' file transfers this year compared to last, with Financial services seeing the largest increase—71 percent. • Customer comments reflected significant Ftp handcoding/building or sourcing from unsecured third-party sources by it staff for the purposes of moving data perceived to be non-critical or not holding customer information. • Comments from respondents also showed a general recognition that Ftp is a problem and noted a desire to seek a comprehensive, secure solution, but they didn't know necessarily how to swiftly and cost effectively address that problem.
cOnclusiOns/OppOrTuniTies
Based on evidence compiled in the survey, the reason for the continued reliance on Ftp appears to be three-fold:
• A continuing commitment to the status quo. internal writers of Ftp code expressed an opinion that because they’ve written it for years it is acceptable to continue the practice, even in the era of massive information thievery and mounting compliance regulations to the contrary. • A misunderstanding of the critical business risks faced by an organization heavily reliant on an unsecured file transfer protocol—even if the transfers themselves are encrypted. • A general lack of knowledge about how to address the security, transfer visibility and business scalability challenges of using newer, more secure solutions.
2. source: DM news, september 26, 2007. http://www.dmnews.com/cms/dm-news/database-marketing/42518.html
�FTp use On The rise in The enTerprise
A way out of this co-dependent relationship is a Managed File transfer (MFt) solution that not only secures data but also provides the visibility to see and proactively address file transfer service errors before they impact operations or service Level Agreement commitments. organizations using Ftp, therefore, need to distance themselves from relying on Ftp as a data exchange option now, and assess current usage by redefining risk beyond the easy target of losing data. Assessment and expenditure discussions on secure file transfer alternatives should take into account the financial reward that comes with meeting client agreements, business growth requirements and governmental regulations. those financial rewards, it should be noted, lie well beyond the reach of the capabilities of traditional Ftp offerings or code-based tweaks to make it viable. Currently, MFt is the only way to achieve the operational benefits of complete transfer visibility from a centralized Web-based console, the promise of growing the bandwidth of the solution as the business grows, and the complete lockdown of information from all thieves and malcontents. For more information on this type of holistic file exchange solution—and what it can do to secure the business, ensure compliance and intelligently grow business opportunities—visit www.sterlingcommerce.com/products/mFT.
about sterling commerce
sterling Commerce helps 80% of the FoRtUne® 500 thrive in a global economy. We provide innovative solutions to process integration challenges between companies and their customers, partners, and suppliers to help them achieve higher levels of performance—and business without borders. With over 30,000 customers worldwide, we have unparalleled experience in the retail, consumer packaged goods, manufacturing, financial services, logistics, and telecommunications industries. sterling Commerce is an At&t (nYse:t) company. Learn more at www.sterlingcommerce.com.
©2007, sterling Commerce, inc. All rights reserved. sterling Commerce and the sterling Commerce logo are trademarks of sterling Commerce, inc. or its affiliated companies. All products referenced are the service marks, trademarks, or registered marks of their respective owners. printed in U.s.A. sC0484 10/07 ©2007. sterling Commerce, inc.
�