Story image

Survival in question as file transfer risks and costs escalate

08 Sep 2010

IT teams responsible for New Zealand’s business data transmissions services are likely to be operating in survival mode. Costs are rising and security risks escalating.

Organisations are sending ever-increasing volumes of business critical information across systems and exchanging high volumes of data with customers, partners, suppliers, distributors, service providers and government agencies. All these data transfer types are coming under increased scrutiny.

The cost of providing file transfer services to internal and external customers is increasing, and the risk of security or service failure has never been higher. As file transfer challenges become exponentially greater and more complex, the question of how data flows are managed and viewed becomes critical.

Many organisations allow individuals or departments to choose their own file transfer methods. While some may wonder ‘how hard is it to move a file?’ the truth is that file transfer is often difficult to classify, let alone execute. Some transfers are purely system-to-system, while others involve manual steps executed by individuals.

Some transfers are part of structured processes, others are ad hoc. Some require inspection of the file or adherence to a specific security policy, while others are simply emails between co-workers.

However, files are the core paradigm of collaboration. When defined IT infrastructures don’t understand and provide for the way that people actually work, users will resort to unsecured ‘back doors,’ such as private email accounts or file transfer protocol (FTP) scripts embedded in applications. This piecemeal approach typically offers no visibility into what data is being transferred or who is responsible for it, and places no security controls on data exiting the enterprise.

Globally it is estimated that 80 per cent of enterprise data exchange is carried out through the ‘simple’ process of transferring files.

Methods for exchanging information vary: email is commonly used for ad hoc messages, while a managed file transfer (MFT) solution may be deployed for the exchange of highly sensitive structured and scheduled data, such as personal health information, confidential financial information or electronic data exchange (EDI) files.

The more sensitive the content of a message or file, the greater the need for governance and policy. The need to set policy, govern actions and ensure security related to data transfer and manipulation makes a complete MFT solution essential.

Not so long ago, a file transfer was enabled by a simple connection between two servers. But today the process may involve many diverse systems, platforms and servers that must be integrated to exchange information effectively.

Whether sending purchase orders, invoices, advanced shipping notices (ASN), CAD/CAM files, employee/HR records, or logistical data, transactional data flows are often disrupted. Throw in mergers and acquisitions that create even more heterogeneous IT environments and the challenges escalate, transactions fail, documents are corrupted and data doesn’t match up, messages get lost. This disruption leads to lost revenue and escalating costs in manpower and resources.

When a file is lost or delayed, usually senior IT staff are called in to help. They are an expensive resource, likely already engaged in mission-critical projects. Are they serving the business best by innovating new solutions, or by tediously searching logs for a lost or problem file?

Meeting audit requirements, responding to service level agreements (SLAs) imposed by customers and partners, and establishing operational efficiency require technology that speaks the language of your business.

It’s relatively easy to send a multi-megabyte file over the Internet, just as it’s easy to expect an acknowledgement to nearly every file or message sent. However, the growth in supporting infrastructure hasn’t caught up with advances in bandwidth and storage. Large files now choke email servers, and dedicated gateways slow to a crawl as a result of peak time volumes.

Increasing file sizes and file volumes are escalating the costs associated with unmanaged file movement. These costs are leading companies to impose policy changes, such as limiting automated file transfers to select or key customers, or setting email mailbox size and attachment limits.

Unfortunately, without a reasonable alternative to share files, employees will revert to old habits, or at least to more convenient ones. Witness the rise of Gmail and Yahoo Mail accounts in corporate settings.

When employees need to send a special-needs file — a large file or one that contains sensitive data — that isn’t a structured and scheduled data transfer, how do they do it? Are such transfers regulated by written or automated policy? Can you produce an audit trail if necessary?

Where person-to-person interaction is involved, file movement is influenced by the changing nature of human interaction on the Internet — reflected in employees’ interaction with unstructured networks. But even smart people sometimes do careless things, like emailing company-confidential information to a partner because it’s easier than scheduling a file transfer through the company’s (audited and secure) MFT solution.

A true MFT solution includes five key strategies

1. A modular approach to implementation. This allows organisations to leverage and support legacy infrastructures. Holistic replacement of infrastructure to support operational improvement or risk/compliance measures is unrealistic. A ‘rip-and-replace’ approach is cost-prohibitive, adds unnecessary complexity and lengthens the time to return on investment (ROI).

2. Commitment to open standards. Investment in proprietary protocols benefits only the owner of the protocol, while customers who invest in open standards leverage the vendor’s commitment without locking themselves into a single method or vendor.

3. Comprehensive visibility into all file-movement usage patterns, including files transferred over email. System-to-system file flows are generally well understood, as are most business-to-business flows. Yet few vendors include the most common method of internal and external file movement – email – as standard in their architecture.

4. Governance and compliance through policy management. Those who don’t understand and manage the content, destination and sensitivity level of data being transferred, risk losing confidential information to the outside world. An integrated policy management solution provides a simple interface to manage content and apply a series of actions to best protect the company, while minimising disruption to business flow.

5. Agnostic visibility. While it is unrealistic to standardise on a single platform initially, it is critical to have a consolidated view into fractured legacy infrastructure through an event-based, file-optimised visibility tool that is vendor and application agnostic.

An MFT solution must be agile enough to handle the diversity of new trading partners, including the protocols and data types they require and security requirements they impose. It must be able to bring new customers online quickly, and provide a clear, easy way to manage business processes and handle the inevitable exceptions.

MFT must also be able to simplify file-based application integration challenges while maintaining a flexible architecture, and provide guaranteed delivery of large files – locally or over great distances – to ensure processing within defined timelines. It must limit or eliminate hard-coded “scripts” for process automation, while enabling visibility into how and when transactions are taking place.

In the final analysis, corporate efforts to control costs and mitigate risk will depend very much on due diligence in selecting a vendor whose solution supports the phased approach to implementing the enterprise’s critical managed file transfer infrastructure.

About Axway

Axway is the Business Interaction Networks company – the only provider in the market today to manage, run, secure, and monitor all of your business interactions, including email, files, messaging, services, events, and processes. Serving over 11,000 organisations in more than 100 countries, Axway facilitates the multi-enterprise transactions, processes and integration that accelerate business by eliminating the barriers between vendors, customers, departments, partners and suppliers.

Axway's comprehensive offerings include business-to-business integration, managed file transfer, secure email, business activity monitoring, enterprise application integration, service-oriented architecture, business process management, track & trace and identity validation solutions. Axway provides professional and managed services, as well as cloud computing and Software-as-a-Service (SaaS) offerings. Headquartered in Phoenix, Arizona, Axway's global presence spans 20 countries.

The author, John Lee is responsible for Regional Sales, Pacific, at Axway Inc.

For more information

Marketing, Axway Australia

 Tel: +61.2.9956 4555