This episode of What Do Other Companies Do is typed before a live studio audience. The question comes from Bill of Jack’s Joke Shop (Remember, “If it ain’t funny, it ain’t worth jack!”), and he asks:
“We’re looking for a large file transfer solution that will secure data in-transit. We have a small I/T shop and Help Desk and do not have the capacity to handle user provisioning & management for a solution, and really don’t want to start managing a file repository with aging requirements. Like most companies, we are subject to various compliance initiatives such as PCI, HIPAA, and GLBA, but our top management has asked us to exceed compliance baselines where possible.
What do you see other companies doing to attack this problem?”
Excellent question Bill. Many companies struggle with file transfer systems for various reasons. Most large file transfers are automated and handled with various forms of secure file transfer like SFTP/SCP (which requires software on both ends of the connection) or Pretty Good Privacy (PGP). For those tranfers that are ad-hoc or smaller, email is a dangerous solution by itself. It’s very easy to drop a file as an attachment to an email, but unless you add additional security features to the message, the information is no longer safe. You should only put things in email that you would be comfortable telling someone face to face in a crowded Starbucks.
Several companies have created solutions to assist in providing secure file transfer solutions that are low maintenance. Some solutions started with a focus on email such as Tumbleweed, Voltage’s SecureMail, and ZixCorp’s ZixMail. That said, most of those companies also offer non-email based file transfer solutions. Another company of note is Accellion that provides a combined product that hooks into Outlook or Lotus Notes with a plug in and also focuses on secure file transfer management with an appliance for files that just don’t need to be sent via email (think size constraints).
Some of these solutions can exceed SOME baseline requirements (these solutions just appear to meet PCI Requirement 4, not exceed), but your mileage may vary depending on exactly how it is implemented.
There are other products as well (thank you Google!), but the ones mentioned above are ones that this consultant has seen in use at various companies, large and small.
Thanks for the question Bill! And here’s a guy that needs to visit your shop!
Possibly Related Posts: