What can Chief Security Officers do to implement a secure file transfer strategy?
bTrade develops managed file transfer technology solutions for enterprises that share sensitive data across applications and organizations, and face complex security and compliance mandates. Thousands of customers depend on bTrade's managed file transfer solutions to gain control and oversight of the movement of critical corporate data to facilitate data growth, reduce security risk, and improve IT and business efficiency. The company was founded in 1990 and is led by eBusiness visionaries who have delivered industry-leading business integration solutions to thousands of enterprise customers worldwide. bTrade is privately held and profitable with its global headquarters located in Glendale, California USA.
Info Security PG: What will be the biggest data security challenges for organizations in the next 1-2 years?
Steve Zapata: This year, as has been the issue in the past, the biggest challenge will be the rogue sharing of data with local FTP servers running from laptops or services like Dropbox, etc.; companies of every size have to shut these down until there are controls for the enterprise to employ. The best remedy is to incorporate ad-hoc traffic patterns into the MFT flows. It is an imperative for all the data flows, including A2A and B2B, to be controlled. A proper managed file transfer product, such as secureXchange, does all this elegantly.
About Steve Zapata
Steve is a highly respected eCommerce executive who has held significant management positions at IBM Global Network and IBM World Trade Group, General Electric’s GlobalExchange Division, DNS Commerce, TIE Commerce, Cyclone Commerce (Now Axway) and INOVIS. With over 20 years of experience in the AS2, EDI, VAN and integration services area, Steve has led initiatives both domestically and internationally.
Steve spent twelve years with IBM as a Systems Engineer, Marketing Representative, Manager and Country Manager for IBM Global Network and its EDI/VAN/AS2 solutions located in New York and Mexico City. Steve successfully grew the GE GXS operations in Mexico and the Caribbean as General Manager. As President and CEO, Steve led DNS Commerce, a Boston-based EDI software and services company, to a turnaround and eventual acquisition by a European e-commerce company. He was also President and CEO of TIE Commerce USA and Chief Strategy Officer of TIE Holding, a publicly-held company on the NYSE, located in Amsterdam, the Netherlands. Before that, Steve was VP of Sales and Strategy for Cyclone Commerce (now Axway) an AS2 and MFT provider located in Scottsdale, Arizona. Steve also held the position of Senior Vice President of Sales & Business Development at INOVIS located in Alpharetta, Georgia.
Steve holds an MBA from San Francisco State University and a BS Degree from California State University, Chico. He attended Ventura College of Law, completing coursework towards his Juris Doctorate degree with an emphasis in Corporate Law.
Info Security PG: How has the file transfer technology changed over the last decade? Why do many legacy file transfer solutions fall short in today’s environment?
Steve Zapata: File transfer technology has changed dramatically over the last decade. With the advent of java front-ends and more centralized controls, the strategy around moving and sharing data has reached front office operations. What this means is that although MFT is traditionally part of the infrastructure, it is effecting more and more of the lines of business directly as they work to grow and manage their businesses. Today, companies require solutions that can handle larger files and comply with stricter security and regulation. The burden of ensuring compliance is better shared with a trusted vendor. The various theories/practices around SOA bus and point-to-point networks have fallen to the wayside, and as a result, the hub and spoke model has become prevalent again. That is to say, the best way to control data flows is to have them flow through the same gateway, and technology available today affords enterprises the ability to embrace this method without any hindrances.
There are several key reasons why so many legacy file transfer solutions fall short in today’s environment - one of which is operability, legacy systems are beasts, they are complex to operate and maintain because they are layered with a ton of custom coding and moreover create a senses of fear and pause when it comes to updating or moving to a current technology because the idea of migrating all of the customizations is the perceived equivalent of boiling the ocean. The reality though is that the right vendor partner offers a solution that is simple to deploy, migrate to and operate – it will be a project to move to a modern platform, but the overall design of it will provide a manageable and simple to use solution – simplicity or elegance is the key – secureXchange is simple to deploy, migrate to and most importantly operate. That all translates into a platform that is much less expensive to use, improves efficiently and maintenance is a breeze.
Info Security PG: What are some of the most common but critical mistakes still happening with file transfers, internally within an organization, and with others?
Steve Zapata: Rogue FTP, plain FTP and web transport/foldering services, all present very high risks. The use of non-secure protocols and open source encryption and compression are also of concern. What many companies fail to understand is that open source equates to hackable because the code is available for review and modification. For all traffic taking place outside the firewall, and most traffic inside, a secure protocol should be used and all transmissions, regardless of the origin or destination, must be transparent—e.g., should be logged for auditability.
Info Security PG: What can Chief Security Officers do to implement a secure file transfer strategy?
Steve Zapata: Chief Security Officers need to understand all of the governance, risk and compliance issues that their company and industry are and will be facing; a true strategic approach is necessary. The first objective would be to understand all of the I/O traffic on both sides of the firewall. The second objective would be to choose a platform which improves the current process by adding layers of security and visibility without adding new complexities. The third, and perhaps the most important objective, would be the deployment and migration to a new platform, which will be the most time consuming, but would give organizations scalability and the longest possible utilization time. It will, in effect, remove the most fearful obstacle an organization faces, which is how to modernize a legacy system and make it easier to operate and maintain.
Company: bTrade, LLC 655 North Central Avenue Suite 1460 Glendale, CA 91203 U.S.A.
Tel: 818-334-4177 www.btrade.com
Founded in: 1990 CEO: Steve Zapata Head Office in Country: Glendale, California - United States Products and Services: secureXchange Company's Goals: Delivering Innovative Managed File Transfer Solutions - bTrade has been delivering innovative managed file transfer (“MFT”) software solutions to hundreds of thousands of customers worldwide since its founding in 1990 by eBusiness visionaries. For over 20 years, bTrade has helped its customers transmit data safely, both internally and externally, through a proven managed file transfer process. Our company legacy is a living force that drives our constant quest to perfect the managed file transfer process. bTrade is defined by the collective wisdom generated from over 20 years of insight and innovation in the managed file transfer field. Our commitment to, and focus on our core purpose - MFT software solutions—has earned us the trust and confidence of our many customers. Key Words: Managed File Transfer Solutions
JOIN NOW THE CYBER SECURITY WORLDWIDE COMMUNITY ON LINKEDIN