ACA Guy

Tuesday, November 20, 2007

FIle Transfer Goes Virtual

It's been a while since my last post, things have got VERY busy at Accellion.

I guess the world is realizing that files aren't getting any smaller.

Anyway just in case you missed the recent announcement regarding Accellion's new virtual appliance here's the link to the news Accellion Introduces Virtual Appliance.

Also had a nice product review of Accellion in Infoworld Accellion Product Review in InfoWorld

Wednesday, August 15, 2007

File Transfer - On the Road

Dear Readers,

Over the past year, we have covered the issue of secure file transfer from many different angles. Some strategic and others tactical. I hope you are finding the information helpful in your daily dealings be you an IT god or an end user who just need to get the job done.

I'm taking a brief break from the blog, but expect additional notes and perspectives down the road. So, I hope you still stayed tuned.

Thank you for reading the ACA Guy. Please contact us at Accellion if you have any question on file transfer.

Yours, ACA Guy

Thursday, August 09, 2007

Making Fun of Wall Street Journal Would Have Been Too Easy - the Reality of Secure File Transfer for Enterprises

Summary: The Wall Street Journal courted a wave of resentment with an article on how end users can bypass IT restrictions. While the fireworks are entertaining, the real question is, how will you address these real user needs as an enabler? Here's a secure and enterprise class solution that end users would use - what a concept!

--------------------------------------------------------------------------
Don't forget to go to the bottom to see what Accellion has been up to
--------------------------------------------------------------------------

That scream of despair from the direction of the IT director and CIO that you heard a few days ago may have been a result of the Wall Street Journal's article by Vauhini Vara entitled Ten Things Your IT Department Won’t Tell You. The article provides ways of how end users can bypass IT restrictions and controls for various tasks such as checking personal emails and large file transfer.

Naturally, Ms Vara is getting an avalanche of angry letters from IT providers as noted by this WSJ blog. What I find particularly instructive is not so much the bad advice dispensed -- and indeed they were lousy ideas -- but how this points to the on-going tension between IT and the organizations and users that IT supports.

In this context, I would like to discuss the #1 hack/bypass in the article - transferring large files. Like the article noted, IT departments often purposely block large attachments from going through the corporate email system for reasons ranging from performance to protection from attacks.

As a workaround, Ms. Vara suggests using a consumer grade service, which are often free, like YouSendIt or SendThisFile. At the same time, she notes the risk, such as this "makes it easier for a wily hacker to intercept files..."

No wonder CIO's are breaking out in pools of cold sweat from this article!

On paper, IT has the moral high ground - these procedures are meant to protect both users and organizations from viruses, spam and increasing violations of regulations and corporate procedures. While no end users would disagree with the importance of these protections, it is also the reality that end users are looking to get their job done. Whether you call it protection or a hurdle, a successful end user will instinctively find a way around the limitation. (Even without WSJ's help.)

Fortunately, what we are seeing is a generation of IT professionals who are looking beyond the eternal struggle between IT and the consumers of IT capabilities in a zero-sum calculation. Instead, there is a recognition that IT is an integral part of business processes that, if appropriately deployed and managed, can become a competitive advantage for the entire organization.

Sending large files is a legitimate need for many of today's business processes, so instead of pointing accusing fingers at each other, the trend is to deploy a secure file transfer system that is specifically designed to transport large files in parallel like Accellion's secure file transfer solution.

For the users, the Accellion solution is easy to use and can handle 20+ gigabytes in file/folder size with a single click. It is designed with communicating with external partners in mind, which enables employees to easily trade large files with business partners and clients to get the job done.

IT administrators love the Accellion solution because it is a set-it-and-forget-it appliance. It can be installed in less than an hour and requires administrative intervention only when you want to change a configurable parameter. Accellion handles files in a secure fashion that is compliant with regulations such as HIPAA and Sarbanes-Oxley. This solution is engineered as an enterprise tool that fits seamlessly within the overall IT infrastructure.

So, while we ponder the flak that Ms. Vara is getting from the unhappy CIOs and IT Directors with some degree of fascination, the easiest solution is probably to install an Accellion secure file transfer solution so we can all get on with life.

ACA Guy

Accellion in the News

Media Coverage

Accellion Solves CRA International's Large File Transfer Issues

How One CIO Escaped E-Mail Attachment Hell

Press Releases

* Wyckoff Heights Medical Center Chooses Accellion to Safeguard Patient Data

* Accellion Extends Market Presence in Europe; With introduction of multi-language capability, companies profit from simple, fast and secure file transfer across the globe

Wednesday, August 01, 2007

Five Requirements for an Enterprise Secure File Transfer Solutions

Summary: What makes a solution "enterprise class"? If you are sending files using a solution meant to send pictures to grandma, you may be asking for trouble. There are five categories of capabilities that you want to consider for business file transfers.

Someone asked me recently what I mean by consumer-oriented vs. enterprise solutions. In other words, what distinguishes enterprise file transfer solutions from consumer products? While the intersection between high-end consumer solutions and enterprise solutions can be hazy, there are five sets of required characteristics that I use to determine whether or not a file transfer solution is suitable for business use:

* Management and business processes
* Policy control
* Integration with other enterprise solutions
* Security and compliance
* Branding

Let’s have a look at each of these characteristics and why they are worth the added overhead in an enterprise context.

Management and business processes
The solution needs features that map to the work flow of business processes and how a business is run. Data and documents are the lifeblood of most businesses, and they need to be handled like the critical assets they are. Important enterprise features for file transfer include automated file life cycle management, audit and tracking capabilities, verification of file delivery, encryption, automated virus checking, file integrity check, and so on.

Policy control
An enterprise-level file transfer application allows configurable automated policies at several levels. For instance, at the user level, there could be several classes of users to account for external vs internal users. Similarly, at the access level, depending on the nature of the file, there could be multiple access authentication requirements. And, at the file level, there could be a number of policies dictating the duration in which a file is accessible.

Integration with other enterprise solutions
An enterprise file transfer solution should be able to work seamlessly within the overall IT infrastructure. Integrating with existing systems like email and directory services would ensure smooth business process and work flow.

The most obvious integration is with email clients such as Outlook and Lotus Notes. However, it should also integrate with directory services such as LDAP/AD to streamline administration. And, beyond these usual suspects, there should also be API/SDK capabilities to integrate with other applications. I have seen examples ranging from intranet single sign-on to integrating with finance systems for revenue recognition.

Security and compliance
These two issues are probably the most immediate concern of most businesses today. In other words, if the file transfer process doesn’t comply with mandated regulations like Sarbanes-Oxley and HIPAA, it shouldn’t be used. While the specifics vary by industries and business processes, typical features include encryption, virus-checking, information removal based on rules and policies (life cycle management), audit trails to see who has done what with the files, and policy management to set user privileges.

Branding
Companies invest huge amounts of budget and resources developing and marketing their “brand.” An enterprise-level file transfer solution should be configured to have a specific company’s look and feel. This could include the use of the company’s logo, specific fonts, colors, and a company-specific user guide. This is particularly important for external and guest users where putting a company’s skin or wrapper makes it feel like a well-integrated part of the business process.

In the knowledge economy of today, sending your most critical assets (digital files) via solutions meant to send pictures to grandma is playing with fire. The five feature categories above should help you quickly assess your current capabilities and, if need be, can be the basis for your search for an enterprise grade secure file transfer solution.

And, yes, in case you are wondering, Accellion's secure file transfer solution does all of the above (and more) while making it easy to use like a consumer solution. Best of the both worlds, as the saying goes.

ACA Guy

Accellion in the News

Media Coverage

Accellion Solves CRA International's Large File Transfer Issues

How One CIO Escaped E-Mail Attachment Hell

Press Releases

Wednesday, July 25, 2007

Best of Both Worlds: How to Get Deep Domain Expertise Inside Your Own Infrastructure

Summary: A Gartner analyst describes an appliance as getting an outsource model inside your own infrastructure. This means you get the deep domain knowledge and best practice while controlling your own destiny.

"What is an IT appliance?" my mom would ask me. Well, it is like a toaster. If I have to hold a piece of bread to the open flame to get breakfast ready, chances are, I cannot get insurance on my house for long. With a toaster, I plug it in, set the level once, insert the bread, and nobody would yell at me for burning down the house (until I spill coffee into the toaster). In the context of the secure file transfer (IT) appliance from Accellion, you plug it, configure it once, and end users get off your back (unless you spill coffee on it).

While a perfectly good working definition, today I just heard a much more eloquent definition of an IT appliance. This comes from a discussion I with a Gartner analyst who noted that an IT appliance is an outsourced product that resides in your infrastructure.

We’ll start with the concept of outsourcing – the practice of acquiring goods or services from an outside vendor because it requires a level of expertise that is difficult to accumulate and manage internally. An example that I can speak with some authority about, since I have gone through many, is PR agencies. The beauty of the outsource model is that the provider is focused on doing the job well in order to acquire and maintain its clients. From the buyer's/user's perspective, this means that I do not have to build up and maintain domain expertise that does not exist in my organization and, thus, the outsourcing frees up resources and enhances flexibility of the organization.

Now put this into the concept of an appliance like the Accellion secure file transfer appliance. A company comes to Accellion mainly because of our expertise on how to transfer large files securely from a sender to a recipient within the enterprise context. While getting a file from person A to person B is a simple need at its core, the enterprise requirements on issues such as administration, life-cycle management, access control, and compliance/audit often require a level of expertise and experience uncommon in most organizations.

What makes the Accellion solution unique, however, is that we have put the solution in the appliance form factor. Namely, in the Gartner analyst’s words, it allows you to put this bundle of secure file transfer services (at the same level as you could have gotten from a outsourced provider with dedicated capabilities) inside your infrastructure.

This is a critically important part of the definition. It means that you, the buyer/user, have total control over this service. You are not at the mercy of another company’s policies or someone else’s infrastructure. You know how the product is deployed, and who uses it and when. You set the policies and parameters that safeguard your company’s assets (i.e., your files). You control your own destiny.

In short, an appliance allows you to access all the deep domain expertise of an outsourced model while retaining full control over your own infrastructure and usage. For enterprise IT use, this does not get any better.

So, the next time you think of an IT appliance as a simple plug-and-play box that has a specific purpose, remember also that it comes with a vast amount of technical expertise at your fingertips and under your control. For Mom, however, I will stick with the toaster example.

By the way, you can get more information about how easy it is to deploy an Accellion appliance by reading 3 Easy Steps to Secure File Transfer Nirvana – a.k.a., Why IT and end users love appliance solutions.

ACA Guy

Accellion in the News

Media Coverage

Accellion Solves CRA International's Large File Transfer Issues

How One CIO Escaped E-Mail Attachment Hell

Press Releases

* Red Dot Building Systems Selects Accellion’s Secure File Transfer Solution to Meet its Large File Transfer Needs

* Microsystems Selects Accellion’s Secure File Transfer Solution for its Large File Transfer Needs

Wednesday, July 18, 2007

Bad advice from the Wall Street Journal - How many ways can you say SOX, HIPAA, FRCP violations?

Summary: A Wall Street Journal article suggests that business users can circumvent corporate email system limitations by forwarding business correspondence to consumer-oriented email services like Gmail or Yahoo Mail. How many ways can you say SOX, HIPAA, FRCP violations?

A recent Wall Street Journal article by columnist Lee Gomes discussed the “Internet boundlessness” of consumer email systems like Google’s Gmail, Microsoft’s Hotmail, and Yahoo Mail from Yahoo! Inc. The context of the article was Yahoo!’s recent announcement of “free unlimited storage” for Yahoo Mail users.

Ordinarily, none of this should have any affect whatsoever on corporate email usage. But the WSJ article is suggesting that business users take note of the vast storage capabilities of the consumer email services and store attachments related to corporate uses there. The article claims that:

One of the ironies of the current tech scene is that the free email services available from the big Web companies are often faster and have more storage than the corporate accounts that office stiffs use in their jobs every day. It’s thus now common for people to forward work email to an outside free account, turning it into a permanent archive that’s always available for quick searching.

As a matter of a fact, Mr. Gomes proclaimed that he has no less than 40,000 messages stored in this Yahoo email account in about two years.

BIG GULP!!

Personally, I am an enthusiastic user of consumer email accounts like Yahoo Mail and Gmail. They serve their purpose and (my) world is better as a result.

But, in the era of SOX, HIPAA, and FRCP where there are severe financial and legal consequences when corporate data is mishandled, this article is suggesting that business people violate their corporate security policies and send proprietary communication outside the corporate firewall.

As the saying goes, I may be crazy but I ain't stupid.

Using consumer oriented technology to solve the problem of transferring large files and attachments in the corporate context is really substituting a completely separate and potential much larger can of worms for a small problem. For example, Gmail crawls the content of the mail in order to serve advertisements that match the content - Gmail probably know more about the content than you do. Where is your confidentiality and data security?

For companies seeking an alternative to sending and receiving large attachments in this email-centric world that we live in, Accellion secure file transfer solution solves the problem cleanly for the end users while satisfying all the corporate security and compliance requirements.

The Accellion solution is a secure appliance that integrates into your company’s IT infrastructure, and is controlled by your own IT department. The appliance allows employees to send and receive attachments of any size. (OK, 20 Gigabytes is the amount that we have tested so far, but at 5 DVDs worth of data in one click, our testers got tired!) On top of the large file capability, it comes with features like automated file life-cycle management, role-based authentication levels, and integration with corporate assets such as directory services. You know, a real enterprise solution from any angle that you look at it.

Mr. Gomes, let's talk. If you cannot send large attachments through your wsj.com business email account, I have the right solution for you!

ACA Guy

Accellion in the News

Media Coverage

Accellion Solves CRA International's Large File Transfer Issues

How One CIO Escaped E-Mail Attachment Hell

Press Releases

Wednesday, July 11, 2007

How One CIO Escaped E-Mail Attachment Hell - Accellion Leads the Way

Summary: CIO Magazine featured a story on how Accellion helps a financial services company escape the large attachment trap and turn its Accellion investment into a competitive advantage.

Laurianne McLaughlin the CIO magazine technology editor for “Essential Technology” wrote a story about “How One CIO Escaped E-Mail Attachment Hell.” There are plenty of good lessons here for every CIO to take to heart, no matter what business you’re in.

The CIO in question is Fred Danback of Integro Insurance Brokers. Mr. Danback’s enterprise email system was creaking under the weight of large attachments. His IT team was dealing with bloated email servers, slow system response times, and message delivery failures.

He tried to address the problem by asking employees to forgo attaching large files to their email messages. His “pretty please” plea didn’t work, largely because the business was dependent on employees being able to exchange large files among themselves and also with partners and clients outside the company. Preventing the large attachments clearly wasn’t a solution; he had to find a way to get the files to the people who needed them, while at the same time taming the email issues. If he didn’t resolve the problem, Integro was at high risk of losing business with its blue-chip clients.

The article noted that Integro's e-mail system, supporting some 400 users in five countries, was groaning under weighty attachments. "There's a lot of document transfer that takes place. We may get CAD drawings, MPEG files, technical specifications, it runs the gamut," Danback says. Not only was his internal system being taxed, but also, his users were bumping up against problems with clients receiving their messages, since many firms limit attachment sizes to prevent problems like denial-of-service attacks, Danback says.

Alas, these problems are universal for almost any kind of business today.

Of course, by now you are guessing how Mr. Danback and Integro solved their problems. Yes, they installed an Accellion secure file transfer appliance. For just a few thousand dollars, the appliance immediately eliminated the email system's burden of transporting large files. And because the appliance integrates with the email system, the users didn’t have to learn a new process to use their new tool.

Maybe even more important to Integro is that this new method for getting files from person to person is giving the company a competitive advantage. Ms. McLaughlin tells it like this: Danback's business users like it for another reason. Because their insurance industry competitors are dealing with the same large documents and e-mail woes, anything Integro brokers can do to make their interactions with clients more seamless can only help them win business, Danback says. "We had to find a way to differentiate ourselves from our competitors."

The moral of the story for CIOs feeling the pressure of large attachments, sagging email systems and growing business needs? I couldn’t have said it any better than Ms. McLaughlin and Mr. Danback:

The more attachment-heavy your company is, the more an appliance [like Accellion's] makes sense in terms of ROI. If you have complex discovery and compliance needs, you will want to consider using an appliance in concert with e-mail archival software. Both of these product categories are growing, with good reason: Another recent Osterman Research study found that 59 percent of enterprises call messaging storage growth a serious problem. And messaging storage needs are growing at a clip of about 35 percent per year, according to Michael Osterman, principal of Osterman Research.

What's Danback's advice to other CIOs about e-mail appliances? "Look at what could go wrong with your e-mail and do something about it now. So you don’t get yourself in a situation where you have proprietary or secret information in the public mail," he says.

ACA Guy

Accellion in the News

Media Coverage

How One CIO Escaped E-Mail Attachment Hell

File transfer security the easy way

Press Releases

* Microsystems Selects Accellion’s Secure File Transfer Solution for its Large File Transfer Needs

* Accellion Makes Global Collaboration Easier With Internationalization of Secure File Transfer Solution

Thursday, July 05, 2007

Get Back 30 - How to Let Users and CFO's Fall in Love with You

Summary: Get Back 30 is an IT initiative by a Fortune 50 Accellion customer that aims to relieve its (130,000+) employees from inefficient processes. In addition to making the end users and IT team happy, the multiplier effect on overall organizational capacity would make any CFO smile.

There's a lot to be learned from a household name Fortune 50 multi-national firm that finds innovative ways to leverage the latest IT best practice to enhance its business processes. This Accellion customer has just launched an initiative to encourage its employees to become even more efficient through the use of time-saving technologies. The campaign is called Get Back 30, and it promotes the idea of recovering 30 minutes in the daily processes by doing things smartly. It’s a tangible drive to find more value for the company in its premier resource: its people.

I’m thrilled to tell you that the Accellion Secure File Transfer solution factors into the company’s Get Back 30 initiative by allowing employees to send files and large attachments within and outside the company in an easy and efficient manner. Employees are encouraged to use the Accellion solution to send large files instead of using awkward and time-consuming processes like FTP servers. I can’t think of a better endorsement of how our solution helps improve business processes that involve sending and receiving files.

As Get Back 30 rolls out, I expect more employees will welcome the easy-to-use secure file transfer solution, and find benefit in being able to quickly and securely trade work files with coworkers, clients and colleagues inside and outside the company.

While Get Back 30 is all about helping people become more efficient, increasing use of the Accellion solution within the company delivers a side benefit of making other technology more efficient, too. I’m speaking, of course, about the company’s enterprise email system. As more and more employees grow accustomed to sending their usual email attachments through an Accellion appliance, the new usage model relieves the strain on the overburdened email resources. Consequently, the company spends less time and money managing the burgeoning growth of the email system.

So, the benefit of Get Back 30 does not apply only to the end users, which is considerable as it is, but it also accrues to the IT team. They, too, “get back 30” when they expend less effort maintaining the enterprise email system. Their time can now be better spent being proactive with other IT projects.

So, how does this work out? Let's assume an organization of 10,000 people. Each person, on the conservative side, would recoup 60 minutes per month as a result of using the Accellion solution as part of the Get Back 30 initiative. That would work out to be 120,000 man hours that would not have been available without Accellion. This particular customer has more than 130,000 employees. Now, these are IT expenditures with ROI multiplier numbers that even the CFO would love.

ACA Guy

Accellion in the News

Media Coverage

Accellion updates secure file transfer appliance - user interface now available in six languages

Press Releases

Thursday, June 28, 2007

Buy One and Get Eight Free - Let External Guest Users Use Accellion for Free

Summary: Inviting external guest users onto your Accellion Secure File Transfer solution costs nothing. There's no wait for the business users who need to exchange large files. No more midnight phone calls for emergency FTP access. Accellion makes the world a better place.

As I talk with Accellion customers, I am finding that they really like that external people also can access most of the capabilities on the Accellion Secure File Transfer solution. This makes it very easy for employees to work with clients, colleagues and partners outside of their own organization. In fact, employees of most professional firms – like advertising agencies and law firms – interact mostly with external contacts. Accellion makes it as easy and inexpensive to receive large files from external people as it is to send to them.

Often to IT administrators' surprise, field usage has shown that many fully deployed sites have eight or more external guest users for every one internal user of the Accellion system. Accellion is happy because it shows that these users are taking full advantage of the capabilities, and their business processes really need the ability to easily share data with external partners. IT administrators are happy because there’s no cost for allowing external guest users to access the Accellion file transfer capabilities.

When it comes to external guest users, it’s like a permanent “Buy One, Get Eight Free” sale with Accellion. When you purchase an appliance or a network of appliances for your company’s use, you can extend the service to all the external guest users at no additional cost. Better still, there’s nothing to add to the infrastructure, and no software for the user to download. If a guest user has access to an internet browser, he can use the file transfer service.

I’ve mentioned before how easy it is to provision service to an external guest user. (See “Let External Users Send Large Files Back Securely Without Harassing IT.”) Any authorized user within the organization can invite an external participant to have an account on the appliance. No one needs to request IT to set it up, or beg for permission to allow the access. A simple email invitation is enough to allow the external user to register for an account and begin using the service.

Compare that simple process to using an FTP server to transfer files. First of all, FTP servers are typically administered by IT personnel. Anyone who wants to use them (including internal employees) has to ask and wait for IT to provision access, even for a one-time use. There may be a company policy against giving external access. Even if there isn’t, IT needs to get involved in giving the outsider access.

Even worse than the administrative hassles of FTP are the security concerns. A typical FTP server is basically a large hard drive. Usually, people can access files that are not meant for them in the same directory. What’s more, transmissions – including passwords – are in clear text, making them vulnerable to interception. Secure FTP service adds encryption, but it requires everyone to install additional client software. This is often impossible with outside users because, increasingly, IT administrators do not allow users to install such software.

FTP invites so many complications that help desk support can be inundated on a busy day. Worst yet, when it comes to external users, do you want your scarce and expensive help desk resources to go toward supporting people who don’t even work for your company?

Relieving the burden on the IT team from chores like supporting FTP and allowing as many external users to exchange data with internal users as business processes dictate -- maybe there is still free lunch to be had after all! That is, if you use the Accellion secure file transfer system.

ACA Guy

Accellion in the News
Media Coverage

Network World: Accellion updates secure file transfer appliance

Accellion updates secure file transfer appliance - user interface now available in six languages

Clarian Health finds quick way to transfer files: Clarian Health Partners’ telemedicine program... has found a way to save time, money – and aggravation – by getting done in two hours what might have taken two weeks in the past.

Press Releases
Microsystems Selects Accellion’s Secure File Transfer Solution for its Large File Transfer Needs

Accellion Makes Global Collaboration Easier With Internationalization of Secure File Transfer Solution

Wednesday, June 20, 2007

Global Product Excellence Award for Secure File Transfer Appliance: Winner - Accellion

Summary: Accellion customers have spoken - Accellion has won the 2007 Global Product Excellence Award. It is about security, ease of deployment and administration, ease of use, and happy users.

I’m pleased to tell you that Accellion has received a 2007 Global Product Excellence Award -- Customer Trust from the Info Security Products Guide. Accellion’s award comes in the category of “secure file transfer appliance.”

While it’s always nice to garner a recognition, what makes this one especially gratifying is that it is customers and end users that cast the votes. In other words, we have won the American Idol for secure file transfer appliance all thanks to our legion of fans – the people who trust and depend on the Accellion Secure File Transfer Solution day after day.

Sweet!

As I talk with Accellion customers, I hear their stories of how our secure file transfer solution transforms and enhances their organizational processes. Most of our customers cite ease of use for end users as a main driving factor that led them to look for a secure file transfer solution in the first place. But once they looked a little closer at the Accellion solution, they found the robust security features we’ve built in. And while other file transfer products might have elements of these features, taken as a whole, no enterprise file transfer solution can even come close to the total package of security and ease of use that Accellion delivers.

For security features, here are some of the popular ones:

Information storage and transmission encryption – files can be encrypted during transmission, sending and receiving, and storage using the appliance. This protects the file while it is “waiting for delivery.”

Integration with enterprise directory systems -- For enterprise deployments, companies can link the Accellion appliance(s) to the network directory (e.g., LDAP and Active Directory) that controls all end user access to network resources. This ensures security while making it easy for the IT administrators.

Virus checking – The system administrator can set the appliance such that all files placed on it are screened for viruses and malware.

Automated file lifecycle management – The appliance has automated processes to remove files that have reached their “expiration date” on the appliance without administrator intervention while giving the senders control over the exact file lifecycle. This also helps to satisfy requirements under the Federal Rules of Civil Procedure, rule 37.

Audit features – Audit trails list who has been sending and receiving files, which helps organizations to comply with security and privacy mandates in legislation like Sarbanes-Oxley, the Graham Leach Bliley Act (GLBA), and HIPAA (Health Insurance Portability and Accountability Act).

Aside from the security features mentioned above, customers also tell me they like the appliance form factor that just plugs into a company’s network. Everything is owned and administered by the company. There is no concern about someone else hosting your files, or about pieces of files being transferred via peer-to-peer networks.

In other words, the solution is enterprise-grade in security and administration but easy to use like a consumer product. The best of all possible worlds.

ACA Guy

Accellion in the News
Media Coverage

Network World: Accellion updates secure file transfer applinace

Accellion updates secure file transfer appliance - user interface now available in six languages

Wednesday, June 13, 2007

Think Globally but Act (and Send Files) Locally with Accellion Release 6.0

Summary: English is the “lingua franca” of the global business world, but many users still prefer to operate in more familiar languages such as German, French, Korean, Japanese, and Chinese. Accellion lets you do that.

Do you have customers, partners, or clients who prefer to operate in French, German, Japanese, Chinese, or Korean? All of these languages are important tools of the business world in our global economy. With colleagues, business partners or customers in other parts of the world, chances are they prefer to transact business in a language they feel comfortable with, and this isn’t always English. What’s more, some markets, like France and Quebec, require that you use the native language.

We recognize that fact, and thus we have internationalized the Accellion Secure File Transfer solution. Release 6.0 of our product, announced in early June and now available, has user interfaces localized for six languages: English, French, German, Korean, Japanese and simplified Chinese. Our customers who need to send and receive large files with people all around the world appreciate being able to use a language that is familiar to them.

Look at Millward Brown, one of the world’s leading research companies. This company has a diverse staff located in 75 offices spread across 43 countries. As a research leader, collaboration within the company is critical. Sometimes ideas, designs and plans are shooting back and forth among colleagues and clients as fast as the workers can push “send” on their Accellion file transfer application. We’ve now made it even easier for these workers to collaborate in a friendly and familiar language.

And now consider China, a powerhouse in the world of business. With its economy expanding at a rate above 9 percent yearly since the turn of the century, this country is not a force to ignore. China’s growth comes not only from soaring sales oversees, but also from tremendous domestic demand. Accellion took this into consideration as we developed our Secure File Transfer Solution with the simplified Chinese user interface. Business colleagues all around China can use a familiar language in their business transactions that require sending and receiving large files.

I once had a colleague who kept a plaque on his wall that said Think globally. Act locally. That’s the exact principle we have in mind as we launch multi-language support in our product.

The new native-language user interfaces of release 6.0 of the Accellion solution are important, but that’s not all that’s new in our product. We’ve added increased auditing capabilities, device clustering for increased availability, support for Outlook 2007, additional user access security settings, and more. Read more about release 6.0 on the Accellion site.

ACA Guy

Accellion in the News
Media Coverage

LTN Done Deals: Accellion & Keker & Van Nest: Litigation firm Keker & Van Nest has purchased Accellion Inc.'s file transfer system.

Press Releases
Accellion Makes Global Collaboration Easier With Internationalization of Secure File Transfer Solution

Barkley Selects Accellion to Solve Inadequacy of Email File Transfer

Wednesday, June 06, 2007

Ubiquity or Commodity - What a Secure File Transfer Solution Is and Isn't

Summary: In the IT world, we often (mistakenly) use words like "ubiquitous" and "commodity" interchangeably. Secure file transfer is a ubiquitous process but the solutions are not a commodity. Remember that and you are already ahead of the game in your selection process.

In a recent conversation with a friend who runs an enterprise-class email company, I was yakking about how hosted email has become a "commodity" where everyone seems to have several email addresses from the likes of Yahoo, Hotmail, or Gmail. My friend corrected me on email as a commodity, however. Yes, email is everywhere and everyone uses it, which makes email ubiquitous. But:

A true commodity product is highly standardized and interchangeable with like products. In IT hardware, DRAM cards would be an example of a commodity. In IT software, a standard FTP package is an example.

In the enterprise solution world, however, the fact that something – like email – is common (a.k.a. ubiquitous) and often has similar functionality from many different vendors does not make it a commodity. To wit, everyone uses hosted email, but it’s extremely difficult to build and maintain an email system on an enterprise or carrier scale to support millions of users. Even for the end users, there are myriad considerations such as protocols, security features, user interfaces, administration, etc. that distinguish one solution from another.

(As the saying goes, to plagiarize is to pay the ultimate compliment.)

In the secure file transfer business that Accellion is in, I would make the same argument. The act of transferring files may be ubiquitous and common to most business processes, but the method of transferring files securely is certainly not a commodity.

In fact, if we look at how Accellion has architected the process of securely transferring files, it is a rarity compared to the alternative methods such as a homegrown FTP solution, CD/FedEx, or email attachments. We find there are very few directly competitive products because building an “on demand” file transfer solution like Accellion’s is not easy. In other words, end users and the IT team often had to compromise security for usability until they found Accellion.

I regularly hear from customers and prospects about how Accellion's features in security, availability, ease of use, ease of administration, auditability, and so on make it an ideal file transfer solution for an enterprise-class deployment.

So, let's make a distinction between ubiquity and commodity. Secure file transfer is a ubiquitous process for most enterprise activities. But secure file transfer solution is not a commodity. As a matter of a fact, by recognizing the fact that secure file transfer is not a commodity, you are already ahead of the game in selecting the right secure file transfer solution for your organization.

ACA Guy

Accellion in the News
Media Coverage

Wednesday, May 30, 2007

Process agility and Compliance - conflicting forces or a competitive advantage?

Summary: Companies are looking for ways to speed up their business processes. At the same time, they must comply with regulations governing those same business processes. How can you satisfy these seemingly conflicting requirements at once?

Part of the fun in the business world is that there are often conflicting forces at work. Since Y2K, two seemingly contradictory forces have begun to do battle in enterprises big and small, only to leave confusion in their wake.

Force One is the need for organizational process agility as a survival prerogative. Develop products with partners faster. Get to market sooner. Reach interested parties - customers, partners and coworkers on the other side of the globe - instantaneously. Drive profits up and cost down today. In the famous words of Andy Grove, only the paranoid survive. The ability to quickly adjust to the constantly shifting business landscape in days and weeks instead of years is one of the hallmarks of today's reality.

Force Two has emerged from new security and compliance regimes since the spectacular cases of governance failure at companies like Enron, WorldCom, and Adelphia. Explicitly through regulations and implicitly through business (best) practices, enterprises are now having to deal with higher hurdles in compliance and governance.

Without taking side on either of these driving forces, it is also clear that they each can demand quite different processes and the ultimate question for all the businesses is simply - how can you increase business processes agility but be assured that you are in compliance with every regulation that governs those processes?

At Accellion, we are constantly talking with companies that are looking for a way to improve their business process agility involving sharing information among internal users and colleagues outside the organization. The question they bring us usually is a variation on these three concerns,
“1. How can we speed up the way we send and receive documents, video, graphic images and other large files,
2. while at the same time ensure the privacy and security of these critical business records
3. without complicated and time consuming IT administrative oversight?”

This, lucky you, is the exact question Accellion set out to answer when we developed the Accellion secure file transfer solution.

1. Send and receive files easily:

An internal user can send files to his colleagues by sending the files via the secure file transfer appliance. From anywhere in the world, the recipient can access those files over the Internet instantly. Not next day. Not in a few hours. As fast as you can click.

An internal user can give his outside business partners the authority to send files back into the company without IT intervention via the secure file transfer appliance. In other words, the internal user can collaborate with external users on critical work files without waiting.

2. Meet security, privacy, and compliance needs:

Only authorized users can access the appliance to send and receive files.

A file lifecycle management system ensures that files are left on the appliance only for a defined period of time. If they are not retrieved in that time period, the files are securely and automatically removed from the appliance.

Management reports provide audit trails of who is sending and receiving files.

3. No IT administrative overhead

With end user self-provisioning capabilities, IT involvement in daily operation is significantly reduced.

By bypassing email for file transfer, this also removes the occasional drama when a file, say an important proposal due in 15 minutes, is too large as an attachment.

Files are screened for viruses when they are placed on the appliance.

It comes down to this. Business process agility and compliance are two forces no enterprise can ignore. Interesting, instead of deciding which one is more important, sometimes they can work together to give you a competitive advantage.

If you know what is the right (Accellion) solution to use.

ACA Guy

Accellion in the News
Media Coverage

Sarbanes Oxley Compliance Journal - Track and Report Conformance During File Transfers: Survey results confirm need for broader tracking and reporting features introduced in Accellion’s Courier Secure File Transfer Appliance.

ConstruTech - Perini Deploys Accellion: ...[P]rotect our email infrastructure with the associated archiving systems while allowing users to send very large files as part of their regular business processes.

Press Releases
Barkley Selects Accellion to Solve Inadequacy of Email File Transfer

Keker & Van Nest Selects Accellion’s Secure File Transfer Solution for Its Large File Transfer Needs

Wednesday, May 23, 2007

Be a Superhero like Spider-Man by Offering a "Stupid Easy" Secure Large File Transfer Solution

Summary: What Accellion customers and prospects are telling us. Saving marketing teams from certain doom and providing solutions that anyone can use. ACA Guy wishes he could have made up good plots like these...

If you have not seen Spider-Man 3, I will not spoil it for you. But, it is safe to say that our superhero prevails in the end. Wouldn't that be nice in real life? Just when things look their bleakest with hope fading, along comes the intrepid superhero to get the job done!

It happened to an Accellion customer recently. I have removed some information to protect the innocents, but this is more or less verbatim of the email I got:

Friday night I saw an e-mail from a colleague in our marketing department on my Blackberry. She was trying to e-mail an RFP to a prospective client, but the message kept getting rejected on the other side due to the size of the attachment. It was 7:45pm and the deadline for RFP submission was 8:00. I set her up on the Accellion box, and an e-mail successfully went through just before the deadline. The next day she got the download receipt, and the client reported that "this approach worked very well."

Ultimately it's too soon to tell if we'll get the client, but your box really came through for the firm this weekend!

I can see it all in my mind now. The marketing team slaved over the proposal, worked out all the possible scenarios, and it was the job of the team leader (played by the lovely Kristin Dunst) to get the proposal over. With 15 minutes left on the clock, zoom in on the despair of the team leader when the proposal was rejected by the client's email server. Then, swoop in our IT superhero from the ceiling (played by Tobey Maguire) whose quick thinking and preparedness saved the day by getting the proposal over via Accellion secure file transfer solution with seconds to spare.

Well, I suppose that may be a hard Spider-Man story to sell, but the emotion was probably quite real for the team leader who spent hours or possibly days preparing the proposal to submit to the prospective client. What would happen if she had missed the deadline because the email system couldn’t handle her file? She would have done a lot of work for nothing. She could have been reprimanded for blowing the deal over her poor planning on how to deliver the proposal. Instead, the Accellion solution gets the job done with minimum drama.

Lesson learnt: Add Accellion secure file transfer solution to your toolbox and you, too, can be a superhero.

---
And speaking of talking with customers, one of our super sales reps told me that he recently talked with a prospect looking for a secure file transfer solution. Specifically, the prospect came to Accellion because he needs a solution that is stupid easy because that is what his end users need.

May not be the exact phrase I would have used but stupid easy does pretty much describe the Accellion method. Naturally, I think of it more as super easy, but, secure large file transfer made stupid easy works for me too.

ACA Guy

Accellion in the News
Media Coverage

Wednesday, May 16, 2007

Keep Information and File Transfer Safe from the Omniscient and Prying Eyes of Google

Summary: Google provides an omniscient tool for the relentless searchers to find an information needle in a haystack. Use an Accellion file transfer appliance to keep confidential data away from the clutches of Google's vast tentacles.

In an old posting on ftp in the era of search engines, I mused over the new reality of Google and other search engines automatically finding and indexing information that you have stored on FTP servers. Obviously, this is a security, privacy, and compliance concern for all involved.

On top of that news comes a posting on the Future Lawyer website on Google Web History. In short, this utility keeps a history of every Google search a person does. The blogger speculates: could a person be compelled by a court to reveal his web searches as discoverable evidence in a trial?

Having Google disgorge private information is probably more common that anyone cares to contemplate. I was doing a Google search on a company recently and turned up a document listing contact and fee information for a proposal that I am sure that they do not know is in the "public domain." My speculation based on the content is that the file was sent as an email attachment and somewhere, somebody exposed the document inadvertently.

Life under the omniscience of Google can be tricky. And, if FTP and email as file transfer methods are problematic under the prying eyes of search engines and other information collection spiders, where does the Accellion secure file transfer solution fit?

The short answer is "No." Google and other spiders cannot penetrate the Accellion solution to index the information because the system requires login and comes with a sophisticated set of enterprise class access controls to prevent unauthorized access from those black hat spiders.

In addition to stopping snooping eyes at the front gate, Accellion appliance has two more features that provide extra safety. First, the life-cycle management utility regularly removes files that have reached their designated expiration timeframe. So, the quantity of files available on the system is limited - compared to FTP servers which keep files forever until they are manually removed. And second, the Accellion solution allows you to encrypt files stored on the system so that only authorized users with the correct decryption information can read the files you've stored there.

So, people all around the world can google for your private data all they want. But, if it’s stored on an Accellion secure file transfer solution, there’s no fear it will be revealed.

ACA Guy

Accellion in the News
Media Coverage

ConstruTech - Perini Deploys Accellion: ...[P]rotect our email infrastructure with the associated archiving systems while allowing users to send very large files as part of their regular business processes.

Press Releases
Keker & Van Nest Selects Accellion’s Secure File Transfer Solution for Its Large File Transfer Needs

MSA Selects Accellion's Secure File Transfer Solution for Global Large File Transfer Needs

Wednesday, May 09, 2007

Email, Security, Performance, Happy Users - a year of ideas and best practices from ACA Guy

Summary: Improve email performance, meet security and compliance mandates, and make end users and IT happy, all at the same time - a year of ACA Guy to make the world a better place.

A retrospective.

Oh-my, oh-my, oh-my! From the modest Hello, World entry on May 10, 2006, this posting will mark the one year anniversary for the ACA Guy! This is an excellent time for a quick retrospective on the business issues, solutions, and examples covered in the past year. Maybe you’ll see something here to solve your business problems and spark your interest in Accellion's secure file transfer solution!

Overworked email systems clogged up with large attachments

This is probably the number one reason why companies come calling on Accellion. Their email systems are pushed to the breaking point by the many large attachments that are increasingly common in most business processes. These email attachments are causing systematic impact on the entire infrastructure. And, more important, by rendering the email system -- the number one productivity tool for most enterprises -- ineffective, this is no longer an IT issue but a business problem.

Some email administrators try to solve the issue by imposing file size limitations. Rather than solving a problem, it just exacerbates the headache when end users can’t complete their business processes that require the transfer of files to and from other people.

Accellion's secure file transfer solution complements your existing email infrastructure and lets end users send files/folders of any size without IT intervention.

Attachment Limits: Myth or Reality? Not If You Use Accellion
Integrate Accellion SFTA with Email Client So End Users Do Not Have to Leave Email to Send Large Files Securely
Using Exchange/Outlook and Domino/Notes with Accellion Secure File Transfer Appliance
No Pain is Gain - What email focused VAR partners are doing for email size limits
Microsoft Exchange/Outlook Attachment Size: Best Practices, Limits, and Solutions

Security and compliance requirements also apply to file transfer processes

Gone are the nonchalant days when workers can send information in an open and unsecured way. Now security and compliance mandates are pushing every organizations to ask questions like: “If I send this confidential business plan via email, could it be seen by the wrong people?”, “I need to post patient information on a FTP server for a consulting doctor, but does that meet HIPAA regulations?”, “How can our lawyers send us information about the case on trial?”

Security and privacy for business processes that involve file transfer are key considerations for adopting the Accellion solution.

Listen to Forbes! Do Not Accept that Email Attachment. Use Accellion Instead
Be like Tom Cruise (or Peter Graves) and Get Your Files to Self-Destruct Securely
Ideals and Realities - Who is Responsible for Ensuring Security and Compliance for Files Transfer?
Secure and Compliant File Transfer = Technology + Human Behavior
Security and Auditability Legislative Mandates: Do Your File Transfer Processes Comply?
Are you Federal Rules of Civil Procedure - Rule 37 section (f) compliant? Accellion SFTA can help

Users need the ability to run business processes without asking IT for permission or help every time.

Technology should be an enabler, not a stumbling block for knowledge workers. An end-user should not have to request permission to have a larger file size limit in email, to post a file to an FTP server, or to receive a large file from someone outside the company. What’s more, the IT department shouldn’t get bogged down handling these kinds of requests.

How to get out of this rut? Implement a file transfer technology like Accellion's that is easy for everyone to use – including authorized people who are outside the company.

Collaboration Solution as a Business Productivity Tool
When it Absolutely, Positively Has To Get There and Back, Right Now
Let External Users Send Large Files Back Securely without Harassing IT
Secure File Transfer Comes of Age in the Era of Pervasive Computing
Putting the Machine in Deus ex Machina - Sending folders and 10GB files without IT Help

This has been a great year of sharing the Accellion experiences in solving business problems and boosting users' productivity without bugging the IT team.

And, we have just gotten started.

ACA Guy

Accellion in the News
Media Coverage

ConstruTech - Perini Deploys Accellion: ...[P]rotect our email infrastructure with the associated archiving systems while allowing users to send very large files as part of their regular business processes.

Press Releases
Keker & Van Nest Selects Accellion’s Secure File Transfer Solution for Its Large File Transfer Needs

MSA Selects Accellion's Secure File Transfer Solution for Global Large File Transfer Needs

Wednesday, May 02, 2007

Buy vs Build for Secure File Transfer - how much of a Rube Goldberg do you want to be?

Summary: Maintaining home grown file transfer solutions can be a headache if it goes well and a nightmare if it doesn't. The smart IT departments are buying secure file transfer appliances instead.

--------------------------------------------------------------------------
Don't forget to go to the bottom to see what Accellion has been up to
--------------------------------------------------------------------------
When talking with prospective customers about their file transfer needs, I always ask what ‘solution’ they are currently using. The answer usually falls into one or two of a handful of methods, such as email attachments, an FTP/SFTP server, CDs/DVDs, or a home grown solution which often involves a (non-secure) FTP server and various scripts or manual administrative processes to manage the 'solution.'

As home grown solutions, there are often layers of logic that may have met the business requirements for a time but, the overall logic inevitably ends up in an almost Rube Goldberg-like fashion. These layers of logic are often poorly documented and if the logic creator moves to a different position or forgets about the intricate details, maintenance becomes a headache if all goes well and a nightmare if something breaks! In other words, these layers are leading IT departments to look for off-the-shelf solutions like the Accellion secure file transfer solution.

It’s the classic Build versus Buy argument for an IT solution that is not a unique or core business process for an enterprise.

For decades, companies and IT departments have confronted this conundrum - buy or build. Generally, the answer is ‘Yes, build it!’ if: (1) no vendor makes an application that does at least 80% of what you need, and (2) the application is mission-critical to the heart of the business. Conversely, the answer is ‘No, we should buy the solution from outside’ if: (1) you can buy an application off-the-shelf and adapt it to your own needs, and (2) the process that the application automates is not a business core competency.

For many applications, the ‘buy’ decision has become much easier in recent years due to the advent of smart, single-purpose appliances, made possible largely by the rise of Linux and open source software. Such is the case with the Accellion solution. We developed this solution three years ago, based on an extensive list of requirements that satisfy most file transfer needs in various verticals such as advertising agencies, law firms, health-care providers, engineering companies, etc.

Accellion's file transfer solution is secure, scalable, easy to install, and user-friendly, has very low maintenance overhead, and integrates with enterprise email systems. I haven’t seen a single home grown solution that comes close!

Perhaps best of all, when you buy instead of build your file transfer solution, you have a whole company that is dedicated to ensuring your secure file transfer success. You don’t need to devote a headcount to it, and you aren’t ‘trapped’ by the people who did the original coding for it.

When it comes to a secure file transfer solution for your organization, the choice to ‘buy’ instead of ‘build’ is a no-brainer.

ACA Guy

Accellion in the News
Media Coverage

ConstruTech - Perini Deploys Accellion: ...[P]rotect our email infrastructure with the associated archiving systems while allowing users to send very large files as part of their regular business processes.

Press Releases
MSA Selects Accellion's Secure File Transfer Solution for Global Large File Transfer Needs

Exponent Deploys Accellion's Secure File Transfer Solution to Enhance Communication of Data with Enterprise Clients

Wednesday, April 25, 2007

Listen to Forbes! Do Not Accept that Email Attachment. Use Accellion Instead.

Summary: Forbes magazines says clicking on email attachments from strangers is the most dangerous thing you can do online. Fortunately, Accellion takes the worry out of accepting file/folder attachments from others.

--------------------------------------------------------------------------
Don't forget to go to the bottom to see what Accellion has been up to
--------------------------------------------------------------------------
Forbes magazine recently ran an article about The Ten Most Dangerous Online Activities. Number One on the list is “clicking on email attachments from unknown senders.” Why is this so dangerous? As the Forbes article points out, “e-mail attachments continue to be the most likely means of contracting viruses, worms, Trojan horses and other digital infections. And because these attachments usually contain applications or executable files, they have the greatest potential to instigate the complete takeover--or destruction--of an enterprise PC.”

But that’s not the worst of it. The really scary part is that people KNOW this and often STILL can’t resist opening attachments from senders they don’t know.

In a business environment, it only takes one careless person to open a harmful attachment and unleash a disaster on the network. Network administrators know this and do what they can to prevent such actions, including banning attachments like executable files known to carry malware. But hackers know this, too, and they are getting trickier in the way they embed malware in their attachments.

A better way to combat the threat of malicious email attachments is to stop using email attachments altogether. But wait, that doesn’t mean you can’t send and receive those business-critical files that would normally go through email. I’m simply suggesting you use a more secure alternative method to transfer your business files: via a secure file transfer appliance, which decouples attachments from the enterprise email system.

Accellion’s secure file transfer solution allows you to send and receive the files you need, and it takes away the worry of receiving (or sending) a malware-laden attachment. We do this in two ways.

Number one, by off-loading attachments from the email system to the Accellion appliance, you ensure that only people you know and authorize are using the system to send files. That means you won’t be getting spam or other junk attachments from people you don’t know – at least not through the appliance. If attachments do make their way into your email inbox, you can assume they are suspect and quarantine or delete them.

Number two, all files that pass through an Accellion solution can be automatically screened for malware by F-Secure virus scanning bundled into the product. When you send a file to the appliance for transfer, or retrieve a sent file off the appliance to put on your own PC, the anti-virus program can watch your back. I say “can” because virus scanning is optional with the solution, although highly recommended. The appliance administrator can choose no scanning, scanning only on upload, scanning only on download, or scanning on both upload and download. In other words, choose the mode that suits your business practices the best.

Using Accellion secure file transfer solution to transfer files and folders makes it significantly less likely that bad attachments will get onto your users’ PCs or into your network. It should be a part of your broad security measures to protect your network and your business. Automatic security processes are a good thing, because as the Forbes article points out, users just “can’t help themselves” when email attachments tempt them.

ACA Guy
Accellion in the News
Media Coverage

ConstruTech - Perini Deploys Accellion: ...[P]rotect our email infrastructure with the associated archiving systems while allowing users to send very large files as part of their regular business processes.

Press Releases
MSA Selects Accellion's Secure File Transfer Solution for Global Large File Transfer Needs

Exponent Deploys Accellion's Secure File Transfer Solution to Enhance Communication of Data with Enterprise Clients

Wednesday, April 18, 2007

Attachment Limits: Myth or Reality? Not If You Use Accellion

Summary: Email attachment limit serves an important function in keeping the sanity of IT infrastructure. But, end users need to send large files to get the job done. How do you turn this reality into a myth by deploying Accellion?

-----
Ahhh, email! We love it. We hate it. We agonize over it. And, we can’t meaningfully function, figuratively and literally, without it. Ask any office worker, and he’ll tell you that email is undoubtedly one of his most important productivity solutions. It’s the means for him to collaborate with his colleagues to get his job done.

The popularity of email places a big burden on the email server and administrator. He needs to keep this vital application functioning well for all end users - no easy feat. In fact, it’s a rather challenging balancing act of trying to match available resources with user needs. This often means he has to impose unpopular size limits on how people can use email. (For example, Microsoft strongly urges administrators to set limits on mailbox, message and attachment sizes.)
In the broader scheme of things, limits are a practical solution for an enterprise. However, to individual users, limits are, literally, quite limiting.

No doubt you’ve experienced it: It’s crunch time and you’re trying to send some critical files to meet a deadline. You attach them to an email message, hit send, and think the message has gone through. Some time later you get an administrative notification that says your message failed because the attachments were too large. Your business process just came to a screeching halt. You curse the IT department under your breath.

This is what happened to Sonus Networks on a big contract for a key customer as reported by ComputerWorld. And, this is the very problem that Accellion eliminates. We make email attachment limits irrelevant and turn them into capabilities instead. (And, yes, Sonus Networks is now a customer of Accellion.)

The Accellion secure file transfer solution offloads attachments from email messages into a parallel system. This vastly reduces the space needed for attachments, messages and the mailbox in your email server. It also improves email performance when large messages are no longer hogging the email infrastructure. Attachment limits can go from a paltry 5 MB in a typical email setting to a hefty 20 GB with Accellion.

Now see the glint of empowerment in the end users' eyes!

End users can go about their business and the IT people can look like heroes for setting the sky as the limit. And that poor overworked email IT administrator can finally get some sleep at night, knowing his email server won’t be crashing under the weight of overuse.

Now see the beaming smile on the IT administrator's face!

ACA Guy

Wednesday, April 11, 2007

Collaboration Solution as a Business Productivity Tool

Summary: Confronted with SharePoint, eRoom, Wiki, email attachment, secure file transfer appliance. What is a smart IT manager or a smart business users to do? The bottom line is which tool(s) would boost your productivity with minimum hurdles.

-----

The old saying is No man is an island. The current hip intelligentsia phrase is The World is Flat. The business IT buzz word is collaboration.

Back on earth, we get the job done by sharing information, verbally, visually, and electronically. We send files back and forth, we edit and comment on them, we add our own bit of knowledge before sending the files on to someone else. It is the norm these days for most business processes.

Numerous technologies have been/are being developed to address the needs of sharing information as part of the collaboration process. Many of these solutions are addressing the organizational question of how multiple people can access and use the information when they need it and how they need it. And, how can one be sure that the information is protected and secure?

At the everyday level, people still rely on email and email attachments to send information to each other. Whether using email or another means of file transfer, such as the Accellion Courier Secure File Transfer Appliance, directly sending files from one person to another (or to a group of people) is still the most effective means for getting the right information to the right person(s) in most organizations' collaborative processes.

Shared repositories from products like Microsoft SharePoint and Documentum’s eRoom are typically called “workspaces for teams.” Predefined team members can place files on the shared space as well as access files that others have placed there. If you think about it, these kinds of repositories are a new and improved version of good ole' FTP servers. One drawback for shared workspaces is that they tend to be designed with an “organization-centric paradigm” and with rigid access control. In other words, outside users, consultants and partners, often have no easy access to the information even if new business processes require it.

Wikis, as embodied by the world’s largest and most famous wiki, Wikipedia (and an ACA Guy favorite), is another exciting new technical solution designed to improve collaboration. Wikis have caught on with technical audiences such as engineers, but the adoption rate by average non-technical knowledge workers is still low. The biggest hurdles are organizational security and confidentiality requirements on information access as well as user resistance on having to learn another protocol and/or managing another set of ID/password.

So, the net-net of it is that collaboration tools like email, secure file transfer appliances, shared workspaces, and wikis are often complementary. No single technology is right for all situations; they all have their place in the enterprise.

Take the example of an Accellion customer, a major global media agency. They have implemented the Accellion secure file transfer solution to allow end users to exchange large files across geographic boundaries and with external partners from day one. In parallel, they are implementing a large digital asset management (DAM) tool that would consolidate all of its media assets on a global basis.

Although the Accellion solution was a separate project initially, it is now part of the DAM implementation to enable easy transfer of the information as the evolving business processes require.

Sort of like collaborating across flattened islands, huh?

ACA Guy

Wednesday, April 04, 2007

Let External Users Send Large Files Back Securely without Harassing IT

Summary: Through self provisioning, Accellion Courier secure file transfer appliance empowers end users to work with outside colleagues without unnecessary impediments (including IT intervention).

-----

For a while now, I’ve talked about how easy it is for employees of a company with an Accellion Courier secure file transfer appliance to send files to other people both inside and outside the organization. But what about when a business colleague from outside the company wants to send a file or folder of files to someone “on the inside”? Is this person relegated to the restrictions of conventional methods like CDs, email or FTP?

No! No! No! Not at all! Forget those other methods because the whole point of the Accellion solution is to let people get on with their business!!

The Courier solution can be configured to allow outside colleagues to “provision themselves” (register as a restricted user, in official Accellion jargon) with the appliance to send files back into the company. Such provisioning can be handled in mere minutes without intervention from a system administrator, allowing for true ad hoc file transfer when the business process calls for it.

Here’s how it’s done.

The appliance administrator setups up a web page accessible to outside colleagues for creating their own accounts. This is part of the standard setup for all Accellion appliances.

When an employee wants to set up an outside colleague, he emails the web address for this page to the colleague. This new user enters his valid email address and receives an automated response at that email address to verify his request to use the service.

Once verified, the user can create his own account on the Courier solution and immediately begin using the appliance to send files to internal recipients. (Note that, since this is not a public service, the external user cannot use the appliance to send files to just anyone. He can only send to recognized internal users.)

This whole process has purposely been streamlined to (1) empower employees to work as needed with external parties, and (2) remove IT from the process of approving and setting up new users without compromising the security of the system.

Consider this scenario:

A lawyer, working late at night, gets a phone call from an outside counsel, who has new information to send to the lawyer. This information, in the form of several scanned photographs and other large size documents, could impact the case the lawyer is working on. How can the outside counsel, who resides in another state, get the information to the lawyer quickly? The total files are too large to send via email.

Using CD: If the law firm has no automated file transfer method in place, the lawyer might instruct his colleague to copy the files onto a CD and use a courier service to send the files. Given the late hour of the night, it could take up to two days for the information to be sent across the country.

Using FTP/SFTP: The lawyer knows his company has an FTP/SFTP server to allow for the transfer of large files. But, only an IT administrator can set up access to the server. The lawyer tries to call the IT administrator to make the request but can’t reach him due to the late hour. He leaves a message and hopes for a call back. If the administrator can’t be reached, the lawyer will have to wait until morning to make his request and hope that it can be handled promptly. Then he’ll have to call his colleague back and instruct him on how to use FTP to send the files.

Using Courier secure file transfer appliance: The lawyer sends an email to the outside counsel, inviting him to create an account via the self-provisioning web page. The outside colleague creates his own account in minutes and the lawyer gets what he needs in less than ten minutes.

It’s about empowerment. It’s about ease of use. It’s about letting people get on with their business without having unnecessary obstructions.

Let people work the way they want and need to work. What a concept!

ACA Guy

Wednesday, March 14, 2007

How to Buy Accellion's Secure File Transfer Appliance, Exactly?

Summary: You won’t find Accellion’s appliances in a retail store or an eCommerce website over the Internet. As an enterprise IT solution, you can buy the appliances directly from Accellion or from one of our knowledgeable partners around the world. Read more about the process and what it means for you.

-----
Someone pointed out to me recently that there is no Buy Now option on the Accellion website. She asked me, “How does a company buy your product?” Ah, indeed, a very good question because everyone should buy at least one of the Accellion Courier Secure File Transfer products!

The fact of the matter is, even though we call it an appliance, there is still a little bit of scoping work we need to do before you make your purchase. We want to understand how your company intends to use the appliance, such as how many and what kind of documents you will push through it, and how often. This helps us recommend the right model and configuration to meet your specific needs. That’s why you won’t find Accellion appliances in a retail store and you can't load it onto a virtual shopping cart on the Internet.

It’s like buying a whole-house air conditioning unit for your home. You don’t head down to the hardware store to just pick up a unit. Instead, you work through a reputable A/C dealer who will ask the dimensions of your home, and whether you will have multiple units in order to “zone” your home. Then the dealer can recommend the right products to appropriately handle the workload for your house. We do the same for your file transfer needs.

When you are ready to buy your Courier appliance(s), the place to start is at Accellion. Contact us and tell us a bit about your needs. You can buy your product directly from us, or you can choose to work with a value-added reseller, or VAR. We find that many of our customers prefer to work through a VAR they already know and trust. VARs are good because they are usually local to you and they already know your IT environment. Even if your VAR doesn’t currently sell Accellion products, let us know and we can get them to include Accellion as a solution in their portfolio.

If you don’t have a preferred VAR and still want to go though one, we can recommend one within the Accellion reseller network that meets your needs. Accellion channel partners are trained to scope your needs and install the right product for you. They can provide ongoing services and support as well. Many of our partners have specific industry or regional expertise. So, you can take advantage of their domain expertise.

By the way, there’s no price differential in buying direct from Accellion or from one of our authorized resellers. Accellion considers our partners as a strategic part of the business model, so we look for way to work with the partners instead of competing against them.

Whichever way you want to buy Accellion secure file transfer solutions, click on the link for – direct from Accellion, through your preferred VAR, or through an Accellion partner that we recommend to you. Give us some very basic information and we’ll promptly follow-up to scope your requirements and have the right resource take care of your business needs.

This is how you buy Accellion's Secure File Transfer Solutions.

------
BTW, don't forget to Vote for Accellion!

Click here to see more details.

ACA Guy

Wednesday, March 07, 2007

Make Your Vote Count; Spring Ahead "Correctly" with Your Secure File Transfer Solutions

Summary: Vote for Accellion!

This year's Daylights Saving Time is causing a stir because all systems with calendaring and scheduling functions need an update. Accellion, too, is providing an update for this reason. Find out what it means and who will be impacted as we "spring ahead."

-----

*Make your voice heard*

Accellion's secure file transfer appliance has been selected for inclusion in the Info Security Products Guide. Naturally, I think we are the best in the category. But, strangely, the editorial team at Info Security prefers to test my argument via a voting scheme.

So, cast your vote for Accellion. Click on this Info Security Products Guide voting link and select Accellion as the vendor. For the rest, follow the directions.

-----

**Returning to regularly scheduled program**
It’s March, and that means spring is just around the corner. And with Daylight Savings Time (DST) moving up by a few weeks this year, it will seem like spring is arriving earlier than usual.
BTW, don’t forget to set your clock ahead by an hour this weekend!

Accellion’s support line has been getting calls from anxious IT people who want to know if Courier Secure File Transfer appliances take into account the early change to DST. Yes, folks, it does, with a routine update of our software. Just go through the standard procedure of accepting the system update as it appears on your administrative console and there will be no problems with the time change, now or later in the year when DST comes to an end.

Why is DST even an issue for IT personnel? Well, many computer applications were not prepared for the earlier-than-usual change in time, which comes March 11 instead of April 1 in 2007. Without a patch to the software, an application could fail to recognize the time change and be “off” by an hour. This is a potentially critical issue for applications that involve calendaring or scheduling.

The Courier secure file transfer appliance does rely on a scheduling application. It is part of the life-cycle management for files stored on the appliance. Let’s say you send a file to someone and ask that it be held on the appliance for 30 days. Our scheduling tool holds the document for precisely 30 days – and not one hour less or more. This is why the DST patch is important to users of a Courier appliance.

Many Accellion customers integrate their secure file transfer appliance with their enterprise email system, such as Microsoft Exchange/Outlook or Lotus Domino/Notes. The DST patch is important for ensuring that time is synchronized between the email system and the file transfer appliance.

Applying the software update is an easy thing for the appliance administrator to do. It literally takes just a few minutes. Best of all, the end users don’t need to do a thing to effectuate the change. They can just keep doing what they are doing without a disruption to productivity.

Hope everyone springs ahead with ease.

ACA Guy

Wednesday, February 28, 2007

Hey, Get Your Own Accellion Secure File Transfer Appliance Box!

Summary: Accellion customers often start with just one of our appliances and add more boxes as workers from other departments ask for access and are told to "get your own box".

-----
Have you seen the commercials for the Cheez-It snack? A person with a box of the crackers tells others to “get your own box” when they ask for a handout because the crackers are just too good to share.

Well, I’ve found that some customers view the Accellion Courier secure file transfer appliance in the same way – it’s just too good to share. Departments who are early adopters of the appliance tell their colleagues: Get your own box!

We often find that one business group with an on-going need for secure file transfer as part of the routine business process will be the first ones to bring an Accellion appliance box into the company. It doesn’t take long before the buzz spreads that this department has this convenient new tool for sending and receiving large files that requires no IT intervention. Others ask to use it. Sharing is fine to a point, and then the group just has to tell the moochers to get their own box.

Similarly, we have also seen cases where a particular business unit within the large enterprise is the designated center of excellence for IT solutions where there are in-depth resources and knowledge to deploy, evaluate, and recommend solutions for corporate level adoption. This is a win-win process as the users get hands-on exposure to the Accellion solution without the risk of corporate wide deployment and Accellion gets up-sell opportunities.

"Get your own box" and center of excellence are how it happened with a number of large and geographically distributed enterprises from health-care (multiple hospitals), medical devices (distributed R&D around the world), to manufacturing (global design and manufacturing locations).

Equally important is that starting small and adding more appliances later is a simple process. The Accellion Courier platform is architected to accommodate an individual group via a single box to an entire large enterprise with multiple locations and very high volumes of file transfer with distributed appliance clusters. In fact, you can grow from one type of configuration to the other without end users noticing the change. So, if your department is the early adopter of the appliance or the center of excellence for new solutions, Accellion makes it easy for both the end users and IT administrators.

Of course, we have yet to see a customer willing to give up his box once it’s in place. More than anything, they love the new found capabilities and tell others: Get your own (Accellion) box!

ACA Guy

Wednesday, February 21, 2007

Latest Release of Accellion Secure File Transfer Solution Could Help More Than 75% of the Companies Surveyed on Secure File Transfer

Summary: How are more than 75% of companies sending files? Survey results reveal all. How does Accellion's latest secure file transfer appliance release provide a complete loop that is secure and easy to use, and which documents security compliance automatically? Look under the hood and find out.

-----
Recently Accellion commissioned a study to find out the various file transfer methods that companies of different sizes tend to use. Specifically, we wanted to learn more about companies’ concerns about security and compliance when sending and receiving files within the firewall as well as with external organizations.

We found that more than 75% of organizations surveyed use direct electronic methods, such as email, FTP and hosted file transfer, to transfer files/data among users and between organizations. Additionally, and not surprisingly, many of these same organizations (nearly 70%) also use less direct methods, such as burning CDs or copying files to USB "thumb drives" to send data to recipients outside the organization.

Regardless of the file transfer method(s) in use, the survey revealed that a majority of businesses are concerned that they aren’t doing enough to secure their private data when it is “in motion” and to meet the compliance requirements of government regulations.

Prior to release 5.5 of our appliance product, Accellion's secure file transfer appliance had many features that aided a company’s security and compliance measures for file transfer. This latest release addes to the capabilities for tracking information for compliance purposes.

For instance, a new feature provides a record of what files have been sent, regardless of their access status, via the Courier secure file transfer appliance. Added to the pre-existing capabilities, a user can now

* receive large files securely
* automatically log the access history of files sent – who downloaded what and when
* automatically document the send history of files – what and when was sent to whom

all within the Accellion solution. And these features help enterprise users meet HIPAA and Sarbanes-Oxley mandates which dictate that your business processes must be clearly documented. The Accellion solution's reports help you document the flow of your business files without requiring additional bureaucratic overhead.

Release 5.5 also addresses a handful of features requested by Accellion customers, end users and IT. For example, users now have the ability to specify CC: and BCC: recipients in addition to identifying people in the TO: field. Another enhancement adds standard and proprietary diagnostic tools in the administration console, so the administrator does not need to run a separate window to fire up one of these utilities.

Still more enhancements we put into Release 5.5 are completely under the hood: we made significant improvements so that the source code is easier to maintain and Accellion can bring out updates to our products more efficiently and effectively in the future.

Definitely a good thing for the many companies around the world that have come to rely on Accellion Courier Secure File Transfer Appliance for secure and reliable file transfer.

ACA Guy

Wednesday, February 14, 2007

CRN and VARBusiness on the Merits and Importance of Accellion's Secure File Transfer Solutions for Value Added Resellers

Summary: Accellion was recognized by VARBusiness as a 2006 Tech Innovator in three product categories. Computer Reseller News (CRN) told its readers that Accellion offers "a better way" to send and receive large files. Find out what the fuss is about.

-----
Accellion Courier Secure File Transfer Appliance was identified by VARBusiness magazine as a 2006 Tech Innovator in multiple categories, including Security, Enterprise Software and Software Infrastructure. Now, if you aren’t familiar with this particular publication, I can tell you that it is one of the premier journals read by companies that recommend, sell and install IT solutions of all sorts (i.e., value added resellers, or VARs).

In its annual Tech Innovators competition, VARBusiness looks at the multitude of IT solutions in the market for small and medium businesses (SMBs) as well as large enterprises. Only a handful of products are nominated for the award, and even fewer are chosen as tops in their respective category – or in Accellion’s case, categories! We are thrilled to be in the company of some very outstanding technology solutions.

The awards were judged by a panel of solution-provider executives and VARBusiness editors. The judges scored the products based on five main points -- usefulness, how new and/or improved the product is, where it sits on the price/performance scale, revenue potential and the "coolness" factor.

These Tech Innovator nominations validate that Accellion Courier SFTA offers a valuable solution for secure file transfer. What’s more, our solution is important not only to our end customers, but also to Accellion’s channel partners who benefit from selling and installing the appliances. (And speaking of our channel partners, I plan to spend a little time in future postings to tell you about our excellent partners. Stay tuned for more.)

VARBusiness isn’t the only publication to validate what Accellion is doing for our customers and partners. A few weeks ago, the magazine CRN (Computer Reseller News) provided an extensive review of the Accellion SFTA solution. Marc Spiwak succinctly captured the Accellion value proposition in his review when he said:

Anyone who regularly transfers files via e-mail knows that the process can be troublesome, and the large attachments quickly fill up an inbox. FTP file transfers also can do the trick, but many users find that to be confusing. Another alternative is to burn a disc and overnight it. But that's expensive and takes a day for the files to be received. Accellion has found a better way with its Courier Secure File Transfer Appliance (SFTA).

Yes, Accellion has a better way, and I invite you to find out more for yourself at www.accellion.com. And don’t be surprised if your solution provider wants to talk to you about this new useful and cool secure file transfer appliance that’s going to give you a better way to send and receive large files. He probably read about in it CRN or VARBusiness.

ACA Guy

Wednesday, February 07, 2007

Secure File Transfer Comes of Age in the Era of Pervasive Computing

Summary: Pervasive computing is great, but can you send a 100MB design file easily while on the road? Accellion's secure file transfer solution lets you do exactly that in this age of pervasive computing.

-----
Since the dawn of Internet age, pundits have been tossing out the phrase pervasive computing. It’s the notion that computers fit naturally into your life, and you are able to do whatever you want to do with your computer, whenever you want and wherever you want.

The world is getting closer to truly having pervasive computing. The general populace now access the Internet and its resources from just about anywhere with connectivity via DSL, dial up, Wi-Fi or cellular service. It’s not unusual to see parents sitting on the sidelines of their children’s sporting events checking email. Similarly, between visiting clients, a sales person can sit near a wireless hot spot to connect with corporate and get some work done on the laptop.

In this pervasive (or invasive) computing world, however, the ability to send large files securely with ease has been a major missing piece. Ironically, with the increasing importance of collaborative work flow and the ever-growing file sizes as part of this Internet age, this capability is more important than ever.

Accellion's got your back! We recognize that people need or want to work at odd times and in places other than their offices. Accellion's SFTA gives users the ability to transfer files and folders to other people via the Internet using a common web interface without downloading software or going through a third party site. In other words, there’s no need to be stationed at your office in order to transfer files as long as you have (1) Internet access, and (2) the files you want to send.

The same is true for recipients of the files. All they need is email access to receive the notification and Internet access to be able to access the files via secure links embedded in the email notification.

The pervasive computing version of exchanging large files securely has finally come of age! You don’t have to ask someone in IT for help to post your files to an FTP server. You don’t need to be at a specific computer to send or receives files. You don’t need to be tied into your work network. You can get it all done in pajamas and slippers over a cup of tea.

At the same time, you are not sacrificing enterprise level features such as security or the ability to track what is happening with your files. Those functionalities are built into the Accellion secure file transfer appliance and they are automatically invoked for you. So, you get enterprise level security and management without the enterprise level hassle!

Can world peace be far behind?

ACA Guy

Wednesday, January 31, 2007

How a Litigation Support Manager turns Accellion SFTA into a Competitive Advantage that Makes Clients Happy and Attorneys Glad

Summary: While an Accellion survey has shown that 70% of end users still routinely use CD/DVD as their "file transfer" method, the Litigation Support Manager of a major law firm breaks the routine and makes both the clients and internal users happier.

-----
Accellion commissioned a consultancy to conduct a survey. Being the secure file transfer solution provider that we are, I wanted to learn more about what methods companies use to send files to business associates.

Not surprisingly, sending files as email attachments was the most dominant method (74% of all responses). A bit surprising to me, though, is how many companies still burn CDs/DVDs and ship them via courier services - some 70% of the companies in the study said they still employ this method.

(A statistical side note: many of the respondents use multiple methods for file transfer. So, these percentages do not add up to 100%.)

The continuing prevalence of CD/DVD as a data transfer method is not exactly surprising. What these users are saying implicitly is that email is simply unsuitable for sending large files or folders, i.e. to maintain file hierarchy. So end users will turn to the second easiest method. In other words, that means burning files onto a CD/DVD and then shipping it overnight.

Why CD/DVD? Well, it is because a business user can burn a disc without the hassle of getting the IT department involved. Similarly, the recipient does not need to call in IT support to retrieve the files. So what if the process is time consuming and the shipping is costly? That’s just a cost of doing business, right?

Wrong!

I was talking with the Litigation Support Manager at a large law firm who has been using the Accellion SFTA solution. Her team is responsible for converting pertinent documents to PDF format and distributing them to all relevant parties such as clients, outside counsel, and consultants.

Prior to installing the SFTA solution, the Litigation Support team would process the information into PDF format, burn them onto a CD, and then use an overnight shipping service to distribute them. This shipping costs were simply passed on to clients as part of the legal overhead.
The department manager told me the team tried to use email attachments to send the documents, but this wasn’t practical because recipients' email servers routinely reject large attachments. What’s more, there is no simple mechanism to ascertain delivery of the document to the right person without exhaustive phone calls.

After installing Accellion SFTA, the Litigation Support team starts to send files via links to the document(s) in email. The recipient clicks on the URL link and downloads the document. The sender also gets a file download confirmation so that there is no additional tracking required. The whole process now takes minutes between the sender and recipients instead of the usual days, and there are no more of those multiple triage points.

Similarly, non-technical end users, i.e. attorneys, can send files or folders of any size from their own PCs on an ad hoc basis without begging IT for help. (And according to my anonymous high level IT source in another major law firm, IT is equally happy to not have to deal with attorneys who wanted to get the files over "yesterday already".)

So, with Accellion SFTA solution, the company is able to make both users and clients happy by reducing the process time from days to minutes. Furthermore, by eliminating the costs of delivery services as well as the overhead required to handle the physical delivery, the law firm is able to be more responsive while lowering its costs of business for itself and its clients.

The equation is simple:

Because
1. Accellion SFTA = (reduced time, reduced costs)
2. Reduced time = better service to users and clients
3. Reduced costs = lower fees passed on to clients
4. A better (law) firm that makes users and clients happy = Better service + lower fees

Therefore
Accellion SFTA = Better business results

Or, as my logic lecturer would have said, "this is intuitively obvious."

ACA Guy

Wednesday, January 24, 2007

Integrate Accellion SFTA with Email Client So End Users Do Not Have to Leave Email to Send Large Files Securely

Summary: Integrating Accellion SFTA with your enterprise messaging system makes life very easy for end users and email administrators alike. Steps and sample end user interface below.

-----
If you recall my rambling about Using Exchange/Outlook and Domino/Notes with Accellion Secure File Transfer Appliance, I said that it’s possible to embed an Accellion icon inside the email client so that a user can send an "attachment" via his email and still process the actual transfer through the secure file transfer appliance without clogging up the email server. In other words, this makes the secure file transfer process transparent to the end user.

For those IT admins from Missouri (the Show Me State - for those not familiar with this American colloquialism), the integration process is straightforward for both the end users and the email administrator as described below.

Let’s say your enterprise email environment is Exchange/Outlook and you want to let end users send files from within Outlook like they always do, but still process the transaction through the secure file transfer appliance.

First, you have to buy an SFTA box from Accellion.

Then, the Accellion installation team or the IT administrator would prepare the MSI installers and registry setting which contains the automated instructions for how the SFTA client agent will install on the end users' PCs. Next, the IT administrator would push out the instructions for a controlled roll-out through programs like Microsoft Active Directory Group Policy. The Group Policy program “pings” each desktop and installs the Accellion Outlook agent. So, the key, and only, thing that end users need to do is to make sure that their PCs are turned on and connected to the network. Even the CFO can handle that task without supervision.

The process is similar if your organization uses Lotus Domino and Notes for your enterprise messaging system.

Integrated Exchange Outlook Domino Lotus Notes client plug-in with Courier SFTA

Once the Accellion agent is installed on a user’s desktop, user will notice an extra “A” icon in his email application as shown above. (Outlooks client shown.)

Email administrators can set a threshold size for files that can be sent via email. If a file exceeds that threshold, the file is intercepted and sent via the secure file transfer appliance instead. This can be done automatically, or through a gentle reminder to the end user, telling him to use the file transfer appliance to send large attachments.

How about one-off installations, say for a new employee? In this case, the administrator sends the new user an invitation to install the software. The user clicks on a link to download the installer file, which installs the agent automatically. When the installation is done, the user starts his email client and enters his SFTA account information (same as the email information if AD/LDAP directory integration is used with SFTA). And that’s it.

OK, what if the end user is using a PC that is not configured with the agent? On a public computer, for example. Secure file transfer appliance is always available to authorized users through a web interface. So, even if a user is not at his normal PC, the secure file transfer process is not impeded or compromised in anyway. Or, as an IT director once told me about his end users roll-out, if you know how to use Yahoo Mail, you know how to use Accellion.

By the way, click here to get your SFTA from Accellion.

ACA Guy

Wednesday, January 17, 2007

Be like Tom Cruise (or Peter Graves) and Get Your Files to Self-Destruct Securely

Summary: Just like the messages that deliver ‘the mission’ to Ethan Hunt or Jim Phelps in the Mission Impossible series, files on the Accellion Secure File Transfer Appliance (SFTA) will ‘self-destruct’ when you say the time is up.

-----
Watching one of the Mission Impossible movies the other day, I got a kick out of how Tom Cruise’s character Ethan Hunt received his mission assignment through a pair of glasses. When he had all the details he needed, he tossed the glasses into the air and they blew up (cool!), preventing anyone else from accessing the vital mission information.

Alas, I am also old enough to recall the original Mission Impossible television series where Peter Graves’ character Jim Phelps received his mission via audio cassette. The tape would fizzle in a puff of smoke to self-destruct (cool!), again to protect the secret information.

This got me thinking about the life of files that are often left to languish in places such as FTP servers and email in-boxes. Unlike the self-destructing messages delivered to the Mission Impossible team, these real-life files hang around forever until someone takes the action to remove them. And the longer the files sit around, the more susceptible they are to prying eyes, including search engines like Google.

While state secrets may not be involved (and, in any case, the secretary shall disavow any knowledge), most business processes and senders would like to ensure that information doesn’t hang around any longer than need be. Accellion SFTA has a lifecycle management feature that allows an administrator to set global default limits for how long files remain on the appliance before they ‘self-destruct.’ Actually, they are merely deleted, so don’t worry about the appliance sending out puffs of smoke or exploding in the data center. Sorry.

Furthermore, while there is a global default, say 30 days, the default time length can be overwritten by an authorized sender. This user can specify whatever length of time he needs to keep the file on the appliance, say, one day or 12 months.

Finally, you wouldn’t want people putting files on the server indefinitely because they might use the appliance as a long-term storage medium. (Great for Accellion because people would need to buy more SFTA boxes, but integrating your Accellion SFTA with you SAN is probably a better ROI for your IT budget.) For this, the SFTA administrator holds the ultimate power of setting the maximum lifespan of files that no user can exceed. This could be an important part of your overall corporate electronic record retention policy.

So, what does this file lifecycle management tool mean? For end users, this means senders do not have to clean up the email attachments. (Don’t you hate when your email system tells you to delete or archive files to free up space? Your SFTA would never do this to you!)

Of course, the person who is most grateful for this lifecycle management feature is the system administrator. If he sets a reasonable global default time for files, and he allows authorized users to override that default as needed, then he is not the bad guy when files are automatically removed from the appliance. Users can’t complain about disappearing files when they know it is company policy to remove files after x number of days, weeks, or months. In addition, the system administrator does not need to spend his time wading through files to determine if they are ripe for removal from the appliance. This process will happen quite naturally and automatically. In short, there’s no impossible mission when it comes to lifecycle management with the Accellion SFTA.

And, the secretary shall never disavow your actions.

ACA Guy

Wednesday, January 10, 2007

Using SFTA to Manage IT Portfolio to Stay in the Race, Win the Race, and Change the Rules

Summary: Using the concept of IT Portfolio Management, the de rigour enterprise topic of the day, find out how Accellion Secure File Transfer Appliance allows the IT team to stay in the race, win the race, and change the rules.

-----
One of the hottest IT topics for large enterprises is portfolio management. It is the notion of managing IT projects as you would a financial portfolio. Similar to financial instruments of various flavors, some projects are very low risk but provide steady value to the organization while other projects are high-risk/high-return and, if done right, can catapult your business into a higher playing level. The key insight is to manage and balance a collection of IT capabilities like a portfolio so that you take care of immediate needs as well as sowing seeds for the future.

While the concept is fairly intuitive, just like managing financial portfolios, the challenge is knowing how to balance the portfolio with the right amount of “steady/value projects” and “high risk/high return projects.”

A recent article in The McKinsey Quarterly entitled Divide and Conquer: Rethinking IT Strategy” by David Craig and Ranjit Tinaikar (free registration required) provides advice on how to segment the projects in your IT portfolio.

The article classifies IT projects in terms of their value to an organization. The low risk, steady value projects are known as stay in the race projects. These are the kinds of things that you simply must do in order to remain competitive. Enterprise email system would be a banal but obvious example.

The next level of project is called win the race. This kind of project will place you ahead of competitors, at least until they manage to catch up. An example of such a project is a customer service tool that allows a service agent to immediately get a holistic view of a client's history.

Finally, the highest level of IT project is the change the rules type of project where you do business in an entirely different way. The end-to-end integrated inventory control system between Wal-Mart and its vendors that took nearly ten years to develop is a much feted example.

So, to borrow a financial jargon, what is the recommended asset allocation for the IT portfolio? The McKinsey report offers these guidelines for your IT budget:

Stay in the race projects: 30%-60%
Win the race projects: 10%-60%
Change the rules projects: 10%-40%

As the McKinsey report puts it, up to 60% of the IT budget “should focus on maintaining and enhancing basic IT services, including core business applications, systems to meet regulatory demands, e-mail, and Web services. These are low-risk functions necessary for staying in the race.”

Secure file transfer is just such a core application. Be it a security and compliance issue, a global multi-location collaboration and communication issue, or keeping virus and other digital cooties out issue, Accellion SFTA has been field-proven to be one of the favorite tools in the proactive IT's arsenal for meeting the Stay in the race needs.

But what if you want to push the envelope toward winning the race? Can SFTA help you do that as well? [Expletive deleted], Yes! As noted by customers in verticals such as Architecture, Engineering, and Construction (AEC), Healthcare and Research Institutions, and law firms, Accellion offers a solution that allows them to re-align their business processes to better meet customer needs and improve internal efficiencies.

As for the changing the rules capabilities, Accellion will soon offer API libraries that can integrate your secure file transfer processes into other enterprise applications and processes. Similar to the ability to quickly prototype and deliver services for innovative financial products as cited in the McKinsey report, I can already see an explosion of different collaborative processes within an organization and amongst multiple parties that has been nearly impossible before as a result of the API tools.

So, introducing a platform solution that helps to address your Stay in the race, Win the race, and Change the rules needs - Accellion Courier Secure File Transfer Appliance (SFTA). Say, maybe we not charging enough for these boxes...

ACA Guy

Wednesday, January 03, 2007

Are you Federal Rules of Civil Procedure - Rule 37 section (f) compliant? Accellion SFTA can help

Summary: Have you heard of Federal Rules of Civil Procedure - Rule 37 section (f), FRCP Rule 37(f)? How does it impact your organization's electronic record retention policy and how does Accellion's automated policy based file life cycle management tool help you?

-----
Unless you are a litigation lawyer or legal/IT consultant, you probably aren’t aware that new rules governing the use of electronic records in the federal court went into affect in December of 2006. Specifically, I am talking about Federal Rules of Civil Procedure - Rule 37 section (f), or FRCP Rule 37(f) if you are in the know, which addresses the issue of record retention.

But, before going any further, I do want to give the formal disclaimer: This posting is not to be considered legal advice, and you should seek competent legal counsel for your specific situation.

OK, with that out of the way, let’s get to the heart of the matter. The FRCP are long and detailed, but the one we are most interested in for today is Rule 37(f), which states:

(f) Electronically Stored Information
Absent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system.

Don’t you just love legalese?! If your eyes, like mine, glazed over while reading the statement above, have a look at the Companies unprepared to comply with new electronic discovery rules article in Network World, which summarizes the issue nicely from an IT perspective.

What it comes down to is the need to preserve your electronic records, which includes email. How you preserve the records, and for how long, is up to you to decide. What the court is looking for is the fact that your organization has a consistent policy and a routine procedure for keeping and deleting electronic records. In other words, you can’t start to shred electronic records when it looks like you are headed to court like the infamous incident with Enron records at the now defunct Arthur Andersen.

Given that Accellion customers often use secure file transfer appliances as a complement to email attachments, the natural question is what the impact on the retention of attachments is, given the new procedures.

The first thing that you want to think about is what constitutes an electronic record. Is it just the text of an email message? Does it include the attachment? How about the audit trail that tells you who did what, and when? There's no definitive answer, so it's up to your company to set the definition. And, whatever you call a record, the onus is on you to be consistent in the way you define it and treat it.

If you decide to store your attachments as part of your electronic record, Accellion's automated policy-based file life-cycle management control can help. On one extreme, you can decide to keep a file on an SFTA for 10 years. Alternatively, I have heard cases where the retention policy is now moving toward no more than two weeks. Whatever the period, it is a simple setting in the Accellion SFTA. In other words, by using the automated file life-cycle tool for all the users, you are, by default, handling your files in a routine way, which satisfies the needs of FRCP Rule 37(f).

Because the new FRCP Rule 37(f) went into affect a few weeks ago, now is a good time to give serious thought to your retention policies. And, with the automated file life-cycle tool, Accellion SFTA provides a platform tool for an organization to create compliant processes without hiring a new army of administrators to meet the needs of the regulation.

ACA Guy

Wednesday, December 27, 2006

What customers are saying about Accellion SFTA and a Happy 2007

Summary: What is driving the demand for Accellion secure file transfer appliance? What are the experiences for users and IT once SFTA is installed? These are snippets of what customers have told us.

-----
Secure File Transfer is an universal need for all industries and organizational sizes. So, as you get ready for 2007, check if any of these typical customer comments ring true and consider if there should be an Accellion SFTA on your 2007 to-get list.

(Okay. Okay. I admit it. ACA Guy's handler is out on vacation. So, I have turned to customers for content. As always, names have been withheld to protect the not always innocent.)

***
Ouch! We have to fix this.

A few weeks ago an employee set up an FTP account for company X. People at X turned around and gave a whole bunch of people outside of X access to the FTP account unbeknownst to us. As we were exchanging data and information through that FTP account, unauthorized people were getting confidential and competitive data that they shouldn’t have seen.

Global Advertising Agency

***
Because secure file transfer is important for our clients

We have many high profile clients and securing file transfer in a way that our attorneys can easily use is important for all transactions.

Global Law Firm

***
See the Gain (usage) Without the Pain (support calls)

I initially handed out access to a few people who were regularly sending 60MB PPT files and refusing to use anything other than email. Demand for access grew virally as new users hear about and ask for this new tool.

What closed the deal for me is that as user count "takes off", the user support hotline remains dormant.

Medical Research Foundation

***
Get your own SFTA!

[SFTA] is being used by ALL sorts of people - documentation, clinical, marketing and sales, field engineers. I am getting constant calls from people who want to have access to the system immediately.

While I will probably give access to other divisions on a limited basis, this box is for our division and they'll have to buy their own.

Medical Device Company

***
Happy Users = Happy IT

I used to get lots of complaints about ad hoc large file transfer from doctors. But, since its [Accellion SFTA] installation, I have gotten zero complaints.

Healthcare Institution

***
And, regardless of where you are on the secure file transfer readiness scale, the Best Wishes for a Joyful and Successful 2007 from the entire Accellion team.

ACA Guy

Wednesday, December 20, 2006

Using Exchange/Outlook and Domino/Notes with Accellion Secure File Transfer Appliance

Summary: Offered as an integrated plug-in for Exchange/Outlook and Domino/Notes, Accellion SFTA allows users to send whatever size files without leaving the comfort of email. What does this mean for the IT Support Ticket count?

-----
Maybe you are like me. The very first thing and the very last thing I do in the office involves starting and closing my email client application.

And, between these two points, just about everything I do has an email component - requesting additional information, explaining the latest proposal, following up with people on their action items, and sending files as attachments.

The good news about a ubiquitous tool like email is that users, like yours truly, would happily take advantage of features like the ability to send file attachments. Conversely, the bad news is that if you force users to leave their email comfort zone for things like sending large files, say via FTP or CD/DVD, there will be confusion and a lot of IT support calls.

This is why Accellion has taken great care to develop the hooks necessary to integrate with the two most popular email solutions: Microsoft Exchange/Outlook and Lotus Domino/Notes. By using the Accellion email client plug-in, users can access the enterprise secure file transfer solution from within the productivity tool most intimate to the majority of business processes – the email system.

Once the Accellion plug-in has been installed on the email client, Accellion SFTA becomes a smart icon for the end users. (Click here to see an example of the how it appears on the end user's email client.) In other words, from a user’s perspective, there is no need to exit the email application or start another application to transfer a large file; it’s all streamlined. And the easier the process it is for the user, the fewer support tickets IT has to resolve.

Beyond the obvious end user process advantage, the email-integrated Accellion SFTA still works in parallel to the email system by offloading file attachments and managing the file life cycle through the policy-based mechanism. Namely, all the features that makes IT's life easy are there.

As best as I can tell, Accellion is the only company that offers this kind of Outlook and Lotus Notes email integration for an enterprise secure file transfer solution. And we bring a lot of integration experience to the table. While doing the setup is not a complicated process, it is good to know that Accellion can help you troubleshoot and resolve issues in hours instead of days, weeks, or longer.

What about when a user is out of his office, without access to his email? We’ve got it covered there, too. The secure file transfer appliance can be accessed via the web, so even when access to email is not available, you can still send files to your heart's content.

Sweet!

ACA Guy - YF Juan

Wednesday, December 13, 2006

Supporting Global Multi-Office Secure File Transfer Needs - The Six Factors to Consider

Summary: Accellion has been deploying global multi-office secure file transfer solution for enterprise users for years. How does your need compare to some of our typical deployments? What are the issues to keep in mind when designing a global multi-office secure file transfer framework? Accellion's ACA Guy tells all.

-----
Question: Can Accellion Courier Secure File transfer Appliance (SFTA) solution scale to meet large enterprise demands on a global basis?

Answer 1: There are more than 13,000 registered users on a deployment consisting of 40% internal users and 60% external users worldwide for one Accellion customer.

Answer 2: The largest Accellion installation supports over 70 offices around the world with SFTA clusters and satellites as part of the customer's global network.

Answer 3: A global media company regularly exchanges more than one terabyte (1TB or 1,000 GB) of data every month and the usage is still growing.

While setting up an SFTA is just three easy steps away, it is equally true that Accellion SFTA has been designed as an enterprise solution that allows appliances to be linked together to provide a global secure file transfer infrastructure.

Being a highly scalable solution, you can start with one appliance to service your current needs. And, as the usage and company expands, just keep adding to the SFTA network to meet the new demands.

A second advantage is that, since Accellion has customers in North America, Europe, and Asia deploying SFTA on a global enterprise basis, we know as much about how to implement a global multi-office secure file transfer infrastructure as we know about what not to do.

***
So, what are the key considerations for a multi-office secure file transfer architectural framework? There are six.

1. Access Control: How to ensure and automate the process in which only authorized users can access the correct file/data.

2. Security: How to ensure file transfer security both technically, such as file encryption, and business process-wise, such as file tracking.

3. High Availability: How to ensure constant availability in light of potential hardware, location, and connectivity failures.

4. Storage Management: How to ensure efficient file storage to maximize system wide capacity.

5. Right Speed for Users: How to ensure timely file/data delivery without significant capital investment.

6. Ease of Enterprise Integration: How to make the secure file transfer process integrate with existing enterprise usage.

I won't inundate you with the whole eight pages worth of data and analysis. So, click here for the whitepaper on the six factors on how to implement a global multi-office secure file transfer infrastructure [registration required].

Whether your organization needs to support a handful of file transfer users or tens of thousands, Accellion can help you achieve it.

And, the best part of it, none of it has to hurt!

ACA Guy

Wednesday, December 06, 2006

What is the largest file attachment that you can send via Exchange and a few related incidents for the ACA Guy

Summary: Setting attachment size limit is the right thing. But, what is the biggest file that you can send via Exchange theoretically? And, see how ACA Guy sent a 6.5GB folder.

-----
There is no denying that Microsoft Exchange is a highly successful product. With more than 115 million seats (users) worldwide, this email solution has become an integral part of many organizations and it is difficult to fathom how business processes get completed without it today!

(And, in the interests of equal time, the same applies to Lotus Notes and GroupWise users.)

All the same, even a "killer app" like Exchange has its limitations, such as sending large file attachments. Exchange and its related desktop client products, Outlook and Outlook Web Access (OWA) all have limits on the size of files that can be sent and received.

In a prior discussion on MSFT Exchange/Outlook attachment size best practices, it was noted that, out of the box, the Exchange 2003 sets the default file size at 10MB. Email administrators can adjust these limits higher or lower. Setting higher file size limits allows end users to send or receive large files, but these higher limits can result in performance degradation of the overall system. And, from talking with email administrators, setting file size limits in the range of 5MB to 10MB seems sufficient for the majority of email users and business processes. Moreover, it helps to control email performance issues which impact the entire organization.

(So, why is ACA Guy so up to snuff on Exchange/Outlook? Many Accellion customers come for SFTA's ability to integrate with Exchange/Outlook so that large file transfer capability becomes a seamless process for their Outlook users. But, that is, as the saying goes, another story for another time.)

Looking at the size limit issue from the other side, for the sake of argument, what is the biggest file that an user can send under the Exchange/Outlook regime? For this, let's turn to the official MSFT Exchange team blog.

In the posting about Controlling attachment size in Exchange Server 2007 Outlook Web Access (OWA), Raj Mukherjee noted there is a default file size limit of 30 MB. Raj also provided instructions for email administrators who want to change that file size limit, and the instructions are, shall we say, non-trivial.

On the question of the hard limit, Raj discussed OWA's 60 minutes time out for file uploads and downloads which cannot be changed even by an email administrator.

So, it kind of got me thinking. Since one hour is a decent chunk of time, if you take the trouble to send a very large file, I cannot think of a worse fate than having the job abruptly terminated mid-session when the clock strikes the 61st minute.

Oh, beyond self-loathing from the terminated job, did I mention how you would also get the evil eyes from all the people whose email comes to a crawl because you attached large file in the email?

***
Afterthoughts

Never one to shirk from controversies, ACA Guy was drawn into a war of words in the comment section for the Exchange blog posting. It is a shame that "Mr/Ms Anonymous" left the party. Nevertheless, here is a Digg entry if you want to keep the flame alive.

Finally, for the record, ACA Guy's biggest file transfer job was a 6.5GB folder with one click through an Accellion SFTA box.

Just thought you would like to know.

ACA Guy

Wednesday, November 29, 2006

Ideals and Realities - Who is Responsible for Ensuring Security and Compliance for Files Transfer?

Summary: How is enterprise files transfer conducted in the trenches? Simply put, not pretty. But, instead of pointing fingers at each other, IT and end users are really looking for the same thing. And, this makes selecting the best solution possible.

-----
In most business processes today, information and data in the form of files are handed off from one person to another for processing and review, either within the organization or to parties outside the organization. This begs the question: when a file is "in motion," who is responsible for its security and ensuring compliance with business policy and government regulations?

The simple and official answer is that both the business user and the IT department have a fiduciary responsibility to ensure that information is protected and handled properly when it is transferred from one person to another (no matter if it is internal or external).

But, if you look closer in the trenches, things do not always work that way.

***An end user often thinks more in terms of ease of use than security and compliance when it comes to how to get his job done in a way that he can control. Applying this truism to file transfer, this usually means attaching a file to an email, or a distant second choice would be burning a CD/DVD – whatever is the most expedient to meet the needs of the work process. Unfortunately, neither process is very secure. Nor would these processes meet regulatory compliance guidelines.

This does not make the end user a bad person - this simply means that he does not have a tool that meets all his needs, which includes fulfilling the security and compliance requirements.

Being responsible as well as accountable for providing the tools, guidelines, and training to ensure the security and compliance of the data, there is more awareness of issues surrounding security and compliance in business process systems and solutions amongst the IT departments. On the other hand, while the IT team works hard to manage risks via appropriate security controls and compliance procedures, what can get lost in the process is the "ease of use" requirement. In practice, this often means that the controls and procedures can become so cumbersome as to impede adoption of a system solution by the end users.

This does not make the IT guy a bad person - this simply means that he does not have a tool that meets all his needs while fulfilling the security and compliance requirements.

Wait! Did I just say that both end users and IT are looking for the same thing!?

Indeed, instead of IT blaming end users for non-compliance of security procedures and end users blaming IT for erecting cumbersome hurdles in getting the job done, what everyone needs is a solution that is easy for the end users and meets all the security and compliance needs as set out by IT.

***

While the specific security and compliance needs differ amongst organizations -- for example HIPAA is of overriding concern for a healthcare practice whereas SOX is what a public firm must follow -- most IT and security people can clearly articulate the key attributes for secure file transfer capabilities as:

• The file is accessible to the sender and the recipient, and no one else in between.
• The file should be encrypted while in motion.
• The file in motion should be checked to see if it has been corrupted by viruses or other malware.
• The file transfer process must document who and when a file in motion is accessed and provide an auditable record of the transaction.

Similarly, what most end users would clearly articulate in terms of the preferred file transfer procedure is to follow a process that is as close to sending email attachments as possible, without all the email attachment problems, of course. Because sending an email attachment is a well understood and accepted process for most end users, an email-like solution would ensure rapid adoption instead of resistance.

So, the conundrum has been solved! The best way to ensure security and compliance in the file transfer process for business needs is to adopt a solution that behaves like email for the end users while transparently running various encryption and auditing capabilities on the backend.

Oh, don't forget to ask for easy to administer and maintain features like automatic user account creation and global file life-cycle policy while you're at it!

***
BTW, did I mention that ease-of-use, security, control, and more, is exactly what an Accellion Courier Secure File Transfer Appliance (SFTA) can do for your IT department and users?

Or, as the IT director of an advertising customer told me recently, he could "feel the love from end users" when he announced Accellion solution.

Shouldn't you feel that love too?

ACA Guy

Wednesday, November 22, 2006

What FTP access you can get with US$10,000 and other ACA Guy FTP hubris

Summary: "Moral outrage" was the sentiment the otherwise stoic ACA Guy felt when the reporting on an eBay auction for FTP access to a .gov domain surfaced. And, a few other incidents highlighting ACA Guy's FTP hubris quickly followed.

-----
I thought I had seen it all but my jaw dropped when I read the posting about selling FTP access to a .gov domain server.

To quickly recap, there was an auction on eBay for access to "parasitic host" files on a .gov domain with a winning bid of nearly US$10,000.

What is in it for the buyer? You see, in the wild world of SEO/SEM (search engine optimization/search engine marketing), having your information/files addressed in a .gov domain name is like putting your SEO/SEM effort on a super steroid that nobody else can get. And, as a US$10 Billion industry that did not exist just a couple of years ago, there are plenty of SEO/SEM players who will do anything to get that extra edge.

And, this, what I can only presume to be unauthorized, "service" is rendered by sending the seller your files and the seller FTP'ing your files to the destination .gov domain. In other words, a legitimate web server, owned and operated by a government agency, will soon be playing host to unauthorized and unknown files. All because someone left an FTP access that is (I can only hope) unintentionally open.

Like a really good scary story, this is extra spooky precisely because everything makes sense and it could as easily happen to you and me.

ACA Guy's FTP hubris #1: I thought my FTP ghost story was good. But, monetizing unauthorized FTP access is, what can I say, wow!

While we are talking how human users can behave badly around FTP, here is another one as reported by Computer World. The gist of the story is that an employee uploaded a copy of Windows 2000 Professional OS onto a public-access FTP server that is frequently used to download software patches and the like. Needless to say it was not a legal distribution of the copyrighted software. Furthermore, this incident was only discovered after a product marketing person who just happened to notice the "odd" software image on the server. Let's not even speculate on the potential legal liability for the company.

ACA Guy's FTP hubris #2: I am reminded of that saying about firearms and crimals, and I thought - FTP does not kill, users do.

Looking for more ways to scare yourself on FTP? In the world of viruses and other malware, Panda Labs reported that the top ranking malicious code most frequently detected in October 2006 (and in fact, throughout 2006) is Sdbot.ftp which is a script used by the Sdbot family of worms to download themselves via FTP.

ACA Guy's FTP hubris #3: I thought, erroneously, FTP is relatively secure vis-a-vis email as the most prevalent target of virus and malware.

To be fair, FTP has a long and illustrious history in the world of scripted and machine-to-machine file transfers.

But, given the prospect of having somebody making off with US$10,000 in pure profit to insert unauthorized info onto my domain, I would much rather invest $3,500 on an Accellion Secure File Transfer Appliance (SFTA) to have secure control over internal and external file transfer access or, better yet, spend the whole US$10,000 for a beefy SFTA appliance and let your security and compliance officer have a thanksgiving day.

On that note, Happy Thanksgiving to all the gentle readers of ACA Guy based in the U.S. And, a most pleasant rest of the week for everyone else.

ACA Guy

Wednesday, November 15, 2006

Secure File Transfer for Architecture, Engineering and Construction Users

Summary: Architecture, Engineering and Construction (AEC) firms are increasing looking to Accellion SFTA as a solution that allows end users to easily and securely send large files and folders without requiring IT intervention.

-----
To state the obvious, enterprise users need to send and receive large files to and from people both inside and outside the organization. As transferring large files among work colleagues become de rigueur for many business processes, proactive IT teams have abandoned their FTP servers and added a secure file transfer appliance to make sure their users have the right tools to get those critical business files to the right person, at the right time, securely.

Since this is a Horizontal Business Process Improvement Opportunity, at Accellion, we have found that many industries have a clearly articulated need for solutions like SFTA. The legal industry, as well as healthcare, are two industries I have previously highlighted in this blog.

Architecture, Engineering and Construction, otherwise known as AEC, is another industry where we are seeing a surging demand for a solution that lets end users easily and securely transfer large files and folders. Given the nature of AEC, most of the works are collaborative across organizational and geographic boundaries and they have some pretty hefty files to send around.

For instance, take a civil engineering firm that is designing a freeway overpass. This firm would produce a series of CAD (computer-aided design) drawings for the construction firm that is going to build the bridge. Because industrial CAD files can easily get to the range of hundreds of megabytes in size, this isn’t something you can simply email from one person to another. (Not without getting the evil eye from the email administrator and your fellow co-workers because you just completely choked the email system, anyway.) So, traditionally, this transfer is done either by an FTP server, which usually requires IT intervention, or by overnight delivery service of a CD/DVD, which is costly in transit time.

So, when AEC companies like Bigge Crane & Rigging Company find a solution like Accellion SFTA that allows end users to operate within the familiar email interface while sending large files and folders of any size without impacting the email server, it is a Eureka moment.

Or, as somebody has not so delicately put it, size matters. (When it comes to large files, that is.)

ACA Guy

Wednesday, November 08, 2006

3 Easy Steps to Secure File Transfer Nirvana - a.k.a. why IT and users love appliance solutions

Summary: Like the humble toasters, a dedicated appliance solution like Accellion Secure File Transfer Appliance can be installed and deployed in three simple steps that would allow IT and users to get on with their lives.
-----
I enjoy all aspects of culinary arts. I can regale you about the Atlantic spiny lobster in Spain as discussed on eGullet or the results of the Dim Sum Civil War in the San Francisco bay area instigated by ChowHounds and I have been known to take three months to prepare a dish (duck confit, in case you are wondering).

But, truth be told, the tool that I use most frequently in the kitchen is the humble toaster. Just press down on the handle and, by the time table is set, crunchy and golden toasts are ready.

I’m convinced that most people prefer simple appliances that do exactly what you need them to do, with practically no setup and intervention. Just press and watch it work.

It’s the same in the IT world. Technology buyers prefer solutions that do exactly what you expect them to do - requiring minimum setup and as little on-going IT intervention as possible.

End users, they want the technical equivalent of a toaster too, because they want to get a job done without getting a second degree in IT support.

In this light, it is only appropriate that the "A" in Accellion's SFTA stands for Appliance (as in Secure File Transfer Appliance). Unlike FTP/SFTP servers or email attachments that require extensive initial setup and vigilant on-going monitoring, you plug in an SFTA and it works.

Toaster for IT Administrators

To prove that I'm not overstating the easy plug-and-play nature of this appliance, I want to share the gist of the installation guide that I got from the Accellion Field Support team. Or, as I like to think, these instructions are the "three steps to secure file transfer nirvana for IT administrators":

Step 1: Pre-installation
- Configure your firewall to allow access to and from the appliance.

Step 2: Physical installation
- Rack mount the server and connect the cables (monitor, keyboard, Ethernet, and power)

Step 3: Configuration
- Specify network settings (host name, IP/subnet mask, DNS, and gateway)
- Choose a notification email address

All told, these instructions should take a prepared IT professional less than half an hour to have an SFTA up and running. When was the last time you had a complete IT solution available to all users in that short amount of time?

Toaster for End users

For an end user to send a large dataset:

a) Select the recipient’s email address
b) Select file/folder(s) to send
c) Add a personal note if desired
d) Press 'Send'

No complicated steps. No long URL strings to copy/paste. No extra settings to worry about. Like Dr John Halamka, CIO of Harvard Medical School, said, "[SFTA] is exceptional because the numerous emails about ad hoc large file transfer have vanished since its installation."

End users like SFTA for their secure file transfer needs. Sort of like making toast with a toaster.

ACA Guy

Wednesday, November 01, 2006

What Network World and Gartner are saying about Secure File Transfer

Summary: What a difference two years make. What leading publications and analyst firms, such as Network World and Gartner, are saying about secure file transfer and its expanding applications.
-----
Like most information technology vendors, I have my ambivalence about industry analysts. For example, how can anyone not clearly see that Accellion Secure File Transfer Appliance is the best thing since sliced bread? Honestly. On the other hand, it is gratifying to see analyst reports on market growth and feature diversification matching up with experiences on the ground.

In a 2005 Network World review: Learn to love e-mail attachments again, Linda Musthaler, an IT industry analyst, outlined the concerns on "large e-mail attachments several megabytes in size often fail to make it to the intended recipients" and "[FTP], too, has its shortcomings, including lack of security, burdensome administration, lack of document versioning and tracking, and non-compliance with government regulations for certain documents."

Bingo.

When Accellion first rolled out the Courier Secure File Transfer Appliance SFTA solution in late 2004, it was an uphill battle to convince people that SFTA is not only a better technical solution but would make both the end users and the IT support personnel happy.

The typical objection we would hear was that FTP/SFTP and email attachments, while not perfect, were serviceable solutions that both end users and IT departments are willing to put up with.

While we worked with early adopters to overcome these objections, we also began to hear murmurs on the increasing number of FTP/SFTP and email infrastructures that were buckling under the growing volume of information exchanged. Slowly but surely, across industries and business functions, both IT professionals and end users were coming to the realization that secure file transfer is a core business process that cannot be ignored.

Gartner’s 2006 report Replacing FTP With Managed File Transfer: Not All MFT Suites Are Equal states that "Gartner previously defined the MFT suite market as a combination of internal and external technology that enables users to manage all aspects of file transfer. Increasingly, however, we've noticed that there are multiple, disparate deployment scenarios with regard to MFT suites. "

Bingo. Bingo.

Instead of a monolithic and FTP-centric view where only machines need to exchange large files, the market place has embraced and demanded secure file transfer solutions that are user-centric. In other words, machine-to-machine file transfer has become a sub-segment to a much larger market where users need the ability to securely communicate and collaborate with external partners and organizations on an ad-hoc basis with files of any size.

As a result, the market place for MFT solutions deepens and widens to include additional processes and usage behaviors, and we are seeing a surge from proactive IT departments inquiring about the Accellion SFTA solution. This is chiefly driven by the desire to treat secure file transfer as a horizontal business process improvement opportunity. Similarly, instead of us educating the buyers about FTP/SFTP and email attachment issues, we are hearing from them on how FTP means Failure To Protect and what kind of strange maneuvers on Microsoft Exchange/Outlook Attachment Size that they no longer wish to engage in.

Equally important, this need is not confined to a niche industry or function. Many knowledge workers of disparate fields -- ranging from hospitals, research institutions, law firms, to advertising agencies -- are now wondering aloud how they ever lived without Accellion SFTA at their fingertip.

Back at the ranch, Accellion has grown its SFTA customer base from single digit to triple digits in the space of six quarters! In many ways, this feels like we have just passed the early adopter stage and are now on the cusp of an emerging solution that is about to go mainstream for every user and IT professional.

But, more importantly, Accellion pledges to continue to make file transfer easy and secure for end users and IT alike. It’s our belief that the easier we make it, the more it will be used, and the more productive it will make people. And isn’t that the main reason why anyone installs new technology in the first place?

ACA Guy

Wednesday, October 25, 2006

Comparing the costs of FTP/SFTP, Email, and SFTA for Secure File Transfer Needs

Summary: Why "industry standard" is often wrong, 20 years ago and today. And, a closer examine of the comparative costs of Accellion SFTA, FTP/SFTP, and Email for file transfer needs.
-----
We all know how to make "apple to apple" comparisons. But, the reality is that "apple to orange" comparisons are far more common in the business world. I guess that's what makes our jobs more interesting. If all of our choices were "apple to apple," the decision process would get pretty obvious.

Why am I going off on a seemingly "fruitful" tangent? You see, I was having a chin-wag with a respected IT veteran and was told of the time when she was tasked to recommend whether her employer should go with leasing a word processing solution on a Wang Labs mini-computer and terminals vs purchasing and installing PCs with word processing software and connecting them by LAN.

(I realize that this may seem like an obvious decision today. However, 20 years ago, when PCs were considered marginally smarter than a dumb terminal and everyone you would meet on a professional basis considered the Wang Labs solution as the industry standard for enterprise word processing, the decision was anything but.)

The point is, it’s often difficult to do a direct comparison of two things because features and costs often do not line up one-for-one. On the other hand, her instinct that the PCs' capabilities were equally or more important than cost was right on. The LAN would usher in a new era of business process enablement where engineers were more productive because they could process their own documents whenever and however they wanted. And, instead of typing letters and files, secretaries could move into higher level roles (e.g. administrative assistants) and added more value to business processes new and old.

And, naturally, this recommendation launched our heroine to the better and brighter future that eventually let to our chitchat as related above.

Fast forward 20 years and compare FTP/SFTP or email attachment to a secure file transfer appliance from Accellion. IT teams are coming to Accellion for SFTA because, even though FTP/SFTP is a free utility on most server operating systems and email attachment is a standard capability of the email system that has already been paid for, SFTA is a Horizontal Business Process Improvement Opportunity. It's just like how installing PC and LAN can give you so much more than the "industry standard" word processing solution could 20 years ago.

How about the costs? SFTA is not free and how does the cost measure up against the "business process improvement opportunity"?

The costs of an SFTA include:

* The purchase price of the appliance(s) for your organization

* The annual maintenance agreement, which covers updates and support

* The IT department’s implementation time, which is about an hour

* Eliminating an overwhelming majority of support requests on secure file transfer needs

In dollar terms, there is a one-time purchase cost followed by the cost of less than one (<1)> headcount for an experienced IT person going forward because support and maintenance are largely automated and do NOT increase as the organization ramps up with SFTA usage.

The costs of FTP include:

* The purchase of hardware for a dedicated FTP server and the time to setup the software to run ftp

* The on-going time for administering FTP services, such as adding and deleting users, maintaining files, managing directories

* User training and support as FTP is notorious for being user unfriendly.

In dollar terms, there is an one time hardware purchasing and software setup cost followed by one headcount for an experienced FTP administrator. And, as usage ramp up, there will need to be proportional increase in FTP staff for support. And, in extreme cases where the end users have tight deadlines, such as law firms and other professional service firms, the FTP support staff need to be available 24/7.

The costs of Email attachments includes:

* The cost of increased storage capacity for the email system to process and store large attachment files

* User time spent clearing out or archiving email messages when storage limits are hit

* Monitoring and contingency procedures when an user inevitably decides to send a 50MB file to 20 recipients (and create a 1GB surge on the email server with a single click)

* The nights and weekends spent in recovering from crashed email servers when that 1GB surge was not caught in time

In dollar terms, the hardware cost is often hidden as part of the overall email upgrade. However, the headcount cost for email administrator and IT support will increase as the usage spread in the organization. This is partly to monitor and prevent those attachment surges. And, you would expect to add more email administrators after the first email crash.

As you can plainly see, and please pardon the "buzz word", SFTA provides a Scalable secure file transfer process that lowers its usage cost as users adopt it. Whereas the traditional FTP/SFTP and email attachment processes are Not Scalable and requires more feeding and caring as more users come on-line.

So, the question is not unlike what our heroine faced 20 years ago. Do you go with the accepted "industry standards" with FTP/SFTP and email attachment for file transfer process or go with SFTA that has been proven in the field to lower the cost of same transaction while making the whole organization more productive?

ACA Guy

Wednesday, October 18, 2006

Horizontal Business Process Improvement Opportunity: Complement the Email Infrastructure with Secure File Transfer Appliance

Summary: A horizontal business process improvement opportunity cuts across departments and functions. If done correctly, such as implementing a secure file transfer appliance in support of the enterprise email infrastructure, you can realize and sustain the benefits quickly.

-----

CIO Insight just released some results of a "Research study on business process improvement (BPI)." There were basically two main findings:

Finding 1: Improving business processes is the top priority for many IT executives, especially at small and midsize companies.

Finding 2: Although process improvement is a priority, the pace of change is moderate.

Why is BPI so important? Here is what CIO Insight writes on the topic: One of the most important lessons from the last 25 years of business computing is that you can't throw technology at a problem and expect it to go away, or fling a system at an opportunity and expect the dollars to rain down.

Other than nodding in agreement, I think it is important to note that business process improvement opportunities come in two flavors. There is the vertical process that involves a specific set of data and people, e.g. inventory control for a just-in-time production. Then, there are the horizontal processes that are less visible but no less vital for an organization's everyday operation -- processes such as sending large files securely; for example, engineers send blue prints, marketers send collateral, sales people send product quotes, finance people send consolidated accounts, and so on.

While the horizontal processes are less visible, the CIO Insight article observation applies equally -- that throwing money and technology at them does not solve anything. Thoughtful implementation of a solution that makes sense from the end users' perspective is what will drive the success of a technical solution for a horizontal process.

The good thing about the horizontal process improvement solution, however, is that it is easier to realize and sustain its benefits because it usually does not involve significant re-engineering of the existing processes in a manner that causes resistance from users.

For instance, exchanging information with people inside and outside is a (horizontal) business process common to most departments. In the early days, we did this by physically sending and receiving memos, letters and printed documents. The process to send something could take days. If we wanted to improve productivity (i.e., reduce the time involved), we paid extra money to use a courier service to speed up delivery.

Then, the horizontal business process solution, email, came along. We address our communication to one or more people, include the information we want them to have, and send it along its way. Only now the bits travel at the speed of electrons instead of the speed of the mail carrier. Email is so entrenched in virtually every business and every department today that we can’t imagine doing without it even though it has not been in wide use for more than two decades.

So, what is the next horizontal business process improvement opportunity? Put simply, what is the most common complaint about email for both IT and end users? I’m talking about email attachments.

Email systems were not architected to send large files; rather, these systems were designed for sending short messages that are just a few kilobytes in size. As a result, none of the major email systems in use today were developed with the notion of attaching large files (i.e., those that are 5 megabytes or larger) in mind.

Yet business processes have evolved from the days of simple text in email to sending the ever burgeoning files and documents as part of the routine email communication. Contracts, proposals, drawings, photographs, blue prints, and so on. They are all a critical part of the business process today.

Given the acrobatic moves required of end users and IT to send large files securely as attachments for the daily business needs, I would submit to you that this is as much of a horizontal business process improvement opportunity as email was back then. Does this mean that there is a miracle email system re-architected to handle large attachments? Unfortunately, no. Like most successful legacy systems, email vendors have too large of an install base to risk making that kind of departure.

Fortunately, secure file transfer appliance is available today. It offloads the large attachments from the email system, and still allows the business users to use the beloved email as a normal business process. As discussed in No Pain is Gain - What email focused VAR partners are doing for email size limits, there is no need to change how people work, how work is organized, and how work flows that often pose as obstacles in realizing the benefits of a business process improvement opportunity as argued by CIO Insight.

Don't take my word for it. What do the IT team and users from BIDMC (teaching hospital affiliated with Harvard medical school) , Foley & Lardner (US law firm with 1,000+ attorneys), Millward Brown (global leader in market research) have in common? They all recognized that sending large files securely is a core business process and none of their highly trained (a.k.a. demanding) users want a compromised solution that forces them to deviate from getting their job done.

Come to think of it, you and I deserve no less, too!

ACA Guy

Wednesday, October 11, 2006

Cutting Total Cost of Ownership by 50% with a true Enterprise Plug-n-Play at the expense of good ID-Ten-T stories

Summary: When analyzing the total cost of ownership (TCO), it is important to keep in mind that more than 50% of IT cost and resources are usually devoted to support and maintenance. So, an enterprise "plug-n-play" SFTA appliance that eliminates the bulk of support and maintenance expenditures can do magic to your performance numbers!

-----
When an IT manager thinks about implementing a new solution, he takes into account the cost of the entire life cycle – the total cost of ownership (TCO), in other words. There’s the obvious cost of the purchase price to start, but that cost is often dwarfed by support and maintenance expenditures. What’s more, there are often hidden support overhead costs that the IT department does not consider when calculating the TCO of a solution.

According to a Gartner analysis, these hidden costs – for example, non-technical, non-IS personnel attempting to resolve end user computing problems -- can be as much as 24 percent of the entire IS budget. Furthermore, the cost of new technology is not limited to the IT organization because the same report states that end-user time spent on non-job-related PC activities accounts for more than 40 percent of a PC's total cost and more than 50 percent of IT-related expenses are incurred outside the IS organization.

One classic example of a "waste of time” that costs a company money is user time spent freeing up disk space, such as when his email storage has reached its limit and the person must delete or archive messages to be able to use the application again.

Given the extra costs of support, it’s a wonder that companies choose to install new IT solutions at all!

I mention all of these issues with support costs because just the other day, an Accellion customer – the CIO at a large teaching hospital – said he has virtually no support costs associated with the implementation of the Accellion SFTA solution. Ad hoc secure file transfer of very large files used to be a constant source of complaint from his users, but, with SFTA, his Help Desk gets no calls from end users needing to send large files. With the lessened burden on his organization, this is a true case of saving money by spending money.

If you think this is unusual, I will tell you that we hear the same thing regularly from other Accellion customers. For example, Daniel G. Rhodes, IT Director at the law firm of Foley & Lardner, has implemented SFTA to help lawyers and clients exchange files securely without IT intervention, as outlined in this announcement. (And, we all know how time-pressed and hard-to-please attorneys can be.)

With practically no need for technical support, can it be that the Accellion Secure File Transfer Appliance is the first true enterprise "plug and play" solution?

Our customers tell us that they install the appliances, integrate the interface with their directory services, and away they go! Training requirements are minimum, if any, because the solution user interface is intuitive. Support for SFTA has almost become a sinecure because end users don't have questions. I suppose the major drawback of deploying an SFTA is the virtual elimination of good ID-Ten-T errors war stories!

Sorry.

ACA Guy

Wednesday, October 04, 2006

Secure and Compliant File Transfer = Technology + Human Behavior

Summary: Meeting security and compliance requirements for secure file transfer as a core business process requires both technology and human behavior for its success.
-----
File Transfer in the context of security and compliance is hot these days. Vendors, Accellion included, offer technology solutions that would address various requirements such as Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), and the Graham-Leach-Bliley Act (GLBA) as discussed in "Security and Auditability Legislative Mandates: Do Your File Transfer Processes Comply?".

What is often lost in the discussion, however, is a higher level recognition that file transfer for security and compliance is really a process requirement and it takes both technology and human behavior to fulfill the mission. In other words, there has to be a holistic approach on providing a technical solution that would seamlessly integrate and support the organizational flows so that users will readily accept it.

Typical is this discussion from Dr Dobb's. Breaking down the security requirements into layers from Application, SSL, IPSec, to Link Layer is a very robust approach on setting up a secure infrastructure, technically. However, what is the impact to the end users, and how would they incorporate the infrastructure into their daily business processes are the real questions, in my mind, that would determine the ultimate success of a deployment meant to address security and compliance needs.

One could argue, with some validity, that it is a question of level. The technical details are for the network manager to worry about whereas the CIO/CTO should address the holistic/business process angles.

But, I would submit that this is a short-sighted approach. As we all know, most CIOs/CTOs rely on the recommendations of the IT department in the solution selection process. If the network manager's mind set is narrowly focused on the technical protocols like SSL and IPSec, the organization often will get a solution that looks great on paper because of its technical capabilities without really addressing the end users' needs. This type of technically focused selection usually comes back to haunt the IT team in the form of unhappy users and increased IT support needs since the new process cannot be easily integrated into the users' natural work flow.

In the context of secure file transfer, we often see this type of dichotomy with FTP/SFTP for ad hoc file transfer, where users would rather burn a CD and send it overnight than have to deal with IT support. Alternatively, a close second favorite method for users is to cut down the size of one large file into multiple pieces and send each as an email attachment to be re-assembled by the recipient. If you can think of a way to circumvent the official file transfer method (FTP/SFTP or Email attachment), I probably have heard about it from end users.

I suppose everyone, IT and end users alike, would agree that whatever solution is used, it should be user-friendly. But, politically correct answer aside, I think the real $64 question is why users are circumventing some solutions and whole heartily embracing others.

From talking with customers and prospects, it always boils down to this very simple insight for me - users (non-IT people) just want to have a sense of control over their own destiny.

Requesting FTP/SFTP access and waiting for IT to show up around 2:30pm tomorrow is just a drag. On the other hand, if I can burn a CD, I can see the progress bar to know that it will take 15 more minutes to finish. If I send it via FedEx, I can track it to see where it is and get an automated notice when it gets to the destination.

If you think of these two processes rationally, FTP/SFTP probably takes significantly less total time - say 20 minutes over 24 hours to get the job done, whereas burn-n-send probably takes 1-2 hours over 48 hours. But, users are happier with burn-n-send, an inferior solution, because they feel that they are in control.

End users just want to get the job done and move on to the next thing. Rationality has nothing to do with it.

So, are you looking to implement a secure file transfer solution that will meet the organizational security and compliance requirements? Yes, you would still want to meet the technical standards such as encryption and management reports on who sends and receives what. That is the basic requirement. But, what will determine the success of the deployment is a secure file transfer solution that fits easily into the human processes, so that end users will embrace it.

Why? Like most users, because a USB thumb drive with 2GB capacity always sits in my drawer...

ACA Guy

Wednesday, September 27, 2006

FTP (Failure To Protect) and an early Halloween ghost story

Summary: According to Microsoft TechNet, FTP fails to protect the data and file that it transfers. And, find out if your FTP/SFTP servers are haunted too.

-----

When I talk with perspective customers about their current file transfer solutions, FTP (file transfer protocol) is a common one, but the insecurity of the service scares them.

As it should.

You don’t need to be an information technology guru to understand the business implications of the shortcomings of FTP as the following passage from Microsoft TechNet describes:

FTP is commonly misunderstood as a secure means for transferring data, because the FTP server can be configured to require a valid user name and password combination prior to granting access. Be aware that neither the credentials specified at logon nor the data itself is encrypted or encoded in any way. All credentials are sent across the network in plain text. In other words, all FTP data can be easily intercepted and analyzed by any station on any network between the FTP client and FTP server. The risk of plain text credentials is that someone other than the intended users could log on to FTP and download the files you have placed there.

In other words, don’t put anything on your FTP server that you wouldn’t feel comfortable publishing in a press release – that’s how wide open your data can be. This is especially true today when everything imaginable and unimaginable are being indexed by search engines and as I have noted in FTP (In) Security in the Google Age.

Of course, there are ways to add security to FTP. It generally involves some kind of additional wrapper around the FTP server. It can be an encrypted channel such as a VPN (Virtual Private Network) through IPSec (Secure Internet Protocol). Alternatively, you can utilize some flavor of encryption such as SSL (Secure Sockets Layer) to scramble the traffic.

The problem is that now you’re talking about adding significant complexity and cost, just to be able to transfer files. This level of overhead may have made sense in the old days when a majority of the file transfer were done via scripts and schedulers with minimum human input required. But, given the increasing importance of secure file transfer in the day-to-day business processes by non-IT users for things like multimedia presentations and legal electronic discovery, FTP and SFTP bring unpleasant memories to IT and end-users alike.

***

I recently heard this FTP ghost story about a haunted server.

A contract employee was given access to an FTP server where files pertaining to his project were stored. (As a standard IT procedure, the FTP administrator would provision access for any user who showed a valid need, and this contractor proved his need.)

But then the contractor finished the project and left. (Naturally) the FTP administrator didn’t know this and thus didn't de-provision the user. In other words, the contractor still had the ability to view everything on the FTP server. Unbeknownst to everyone within the organization, this contractor paid a few more visits to the FTP server to download files - after all, no one canceled his access to the FTP server.

And, since this is a process issue, even if the server had been running secure FTP (SFTP) instead, the same haunted scenario could still be played out. So, have you ever wondered what kind of unauthorized FTP/SFTP access is happening in your organization? It is more common than you think! A major vendor is selling a tool that claims to catch exactly this type of detection as noted in my posting Much Ado About Tumbleweed and FTP Security.

So, this could be a fun thing to do to your security officer.

First, tell him about the importance of securing file transfer processes as part of SOX/HIPAA/GLBA compliance - feel free to use my posting Security and Auditability Legislative Mandates: Do Your File Transfer Processes Comply? as a cheat sheet.

Then, tell him this FTP/SFTP ghost story.

Booooooo!

And, before the security officer faints, tell him to pay Accellion a visit because Secure File Transfer Appliance SFTA can solve all of these problems and headaches.

ACA Guy

Wednesday, September 20, 2006

Security and Auditability Legislative Mandates: Do Your File Transfer Processes Comply?

Summary: How to secure file transfer processes in the face of government regulations such as Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), and the Graham-Leach-Bliley Act (GLBA)? Proactive IT shops are looking for these key capabilities offered by Accellion SFTA.

-----
At Accellion, we say "Accellion Courier Secure File Transfer Appliance (SFTA) offers a key component in implementing secure and auditable file transfer processes required for meeting IP security needs and compliance mandates..." Just what does that mean? How will this product help you with your compliance mandates?

Most large enterprises operate under at least one of the legislative mandates for the protection and validation of private information. For instance, under HIPAA (Health Insurance Portability and Accountability Act), healthcare providers must safeguard the privacy of their patients' medical records. While observing GLBA (Graham-Leach-Bliley Act), financial institutions are required to hold consumers' financial information in strict confidence. Under SOX (Sarbanes-Oxley), public companies must prove that they have adequate internal controls over business procedures and financial information.

Though the legislation can get complicated when examined closely, it really boils down to common sense. Borrowing from the good ole' "do unto others" Golden Rule we all learned as children, think of the (secure) file transfer portion of these compliance mandates at their core as the "Golden Rule for Data Handling." In other words, treat other people's private data as you would want to have your own private data treated.

Common sense aside, since nefarious means such as spyware, IP spoofing, and interception of non-secure wireless traffic abound, there are several key capabilities that growing numbers of proactive IT teams are looking for in order to secure email attachments and other file transfer processes while meeting the regulatory compliance requirements for their respective industries. Many of our customers have come to Accellion to fulfill this duo objectives with SFTA because of these considerations below.

(Hint: The words in italics relate directly to specifications of the legislative mandates we have been talking about.)

Automated download receipt - When a recipient downloads the file, a return receipt is generated to the sender. The recipient cannot turn the return receipt off. Users can review and track files sent and their download status.

End to end file security - Files are encrypted, uploaded, stored, and downloaded through secure links and recipients are authenticated ensuring only the intended recipients can access the file.

File management - File life cycle management is automated so when the prescribed time comes, the file will be deleted to manage the life cycle of files centrally per corporate retention policies. This means neither user nor administrators have to worry about having unattended errant sensitive information.

Directory services authentication - LDAP and Microsoft Active Directory are used for authentication and to minimize setup efforts. By allowing users to send large files securely using the same email id and password, this significantly improved the process flow.

File transfer auditing and tracking - Auditable records from third party on when recipients download attachments that can be summarized by individual recipient, file name, time and date.

The good news is that government mandates have clearly articulated the needs for securing business processes -- processes which often include the transfer of data from one hand to another. The better news is that encryption, audit trails, recipient authentication, and secure links, to name a few, are the common sense way to handle files securely. And, the best news is that all these are standard features in the field proven Accellion SFTA.

You can read more about how Accellion Courier Secure File Transfer Appliance works for security and compliance here.

ACA Guy

Wednesday, September 13, 2006

Secure File Transfer for Teaching Hospitals and Research Institutions

Summary: Teaching and research hospitals are finding the Accellion secure file transfer solution helps them conduct critical work more efficiently.

-----
Secure transfer of very large file is an universal issue for most organizations. So, in addition to supporting law firms (read Secure File Transfer for Law Firm Attorneys, Counsels, and Clients), Accellion also has a sizable number of installations in teaching/research hospitals throughout the country.

Beyond providing a first class solution to meet users' needs, we do take special pride in supporting these institutions because their Accellion secure file transfer appliances, as part of their everyday workflow, contribute in their own way to improving healthcare and medical research for cancer patients in Boston and children care in Memphis.

It is a karma thing.

Feel good sentiment aside, what these organizations need to address is very similar to most professional organizations that trade in knowledge -- how to exchange very large amounts of information securely and easily with internal and external users.

Researchers at most of these institutions work on projects that draw on resources and knowledge across a number of organizational boundaries to solve life and death questions. A study of avian flu may be conducted in Memphis but the field experts on N5H1 outbreaks with the most current data are in Asia. Or, a less dramatic, but equally pressing, issue for researchers is the ability to share grant data with collaborators on a timely basis because financial support from these grants is what makes most of these works possible.

In these scenarios, the problems are myriad:

1. There may be attachment size limits (within email) so that the sender cannot send the data to the research facility.

2. A recipient may have an incoming attachment size limit so that the email attachment is rejected.

3. An external sender may have an attachment size limit preventing the the data to come back.

The traditional answer is to use a flavor of FTP/SFTP for file transfer. But, end users -- typically brilliant Ph.D.'s and medical doctors -- often find the FTP/SFTP interface confusing and cumbersome to use. (Read When it Absolutely, Positively Has To Get There and Back, Right Now.) So, time can be wasted on IT issues instead of the research at hand.

Worse yet, with FTP/SFTP and its common directory structure, there is a real chance of picking up the wrong data files. Imagine spending a whole week conducting analysis on file "09072006-114B" instead of "09072006-114C". Oh, and as we’ve pointed out in Virus, via Email File Attachment, FTP/SFTP, or Website Download, is still a Virus, FTP is insecure and the research dataset may even get infected with a computer virus, rendering it useless.

So, the real solution is a secure file transfer appliance designed to handle very large files that not only complies with various regulations like HIPAA but also allows users from different organizations to easily share the dataset and grant proposals.

Equally important, with Accellion SFTA's self-provisioning capability for external users, researchers are no longer at the mercy of IT administrators as part of their work flow. And, frankly, from what all the IT people that I have talked with have told me, they too love to get out of the business of setting up FTP/SFTP access for users.

Like my fellow bow-tie collector and Senior Director and Chief Security Officer of Cornell University's Weill Medical College, Dr. Steve Erde, said, "The [Accellion Courier Secure File Transfer] appliance alleviates the concerns associated with file transfers that have troubled our users for many years, and does so in a very cost-effective manner.”

Read the announcement on the Cornell WMC deployment.

Find out more about how Cornell University Weill Medical College uses Accellion SFTA by clicking here.

Yes, folks, we’re all about getting the files from "here" to "there" and "back" quickly, securely, and cost-effectively. And if Accellion happens to help in the race to make your life better, it is all in a day's work.

ACA Guy

Wednesday, September 06, 2006

Secure File Transfer for Law Firm Attorneys, Counsels, and Clients

Summary: Lawyers cannot afford to wait for FTP/SFTP access setup to send large files securely to clients. Accellion meets law firms secure file transfer needs while keeping both attorneys and IT happy.

-----
There are many reasons that people come to Accellion for their secure file transfer needs. Because each industry has its own quirks and specific requirements that may not be obvious to the less nimble vendors, Accellion has built up experiences and insight for a wide spectrum of industry verticals.

The legal space is one of those verticals where Accellion is seeing quite a bit of adoption of our solution.

How does secure file transfer fit into law firms?

It is somewhat of a no-brainer to say that law firms deal in sensitive documents. Traditionally, these documents are in physical forms. With the digitization of the legal practice and proliferation of email as a common communication tool, the focus has shifted to how to best transmit the same information electronically.

So far so good.

What has changed with the digital age, however, is one of expectation. In the old days, the physical transfer of documents could take days, and it's not just accepted, but expected. However, today, when it takes more than 10 seconds for the email attachment to get over to the client, somebody (like those in IT) will have to pay. With billable hours and productivity a major measurement for most attorneys, any delay is no longer acceptable.

Email attachment with its size limits (see my posting on No Pain is Gain - What email focused VAR partners are doing for email size limits) can cause issues on two fronts. One is the internal limit where an attorney would complain that he cannot attach a critical document to send over to the client outside because IT is blocking it. Conversely, some IT departments may have intentionally set no size limit to avoid internal complaint, but the recipient's email infrastructure can have its own incoming email and attachment size limits. So, the same attorney may very well complain about the inability to get that critical document to the client because it is being rejected by the client's email system.

So, it's no surprise that law firms look for an alternative means to transfer digital files and FTP is a typical technology these firms try. The IT team at a law firm regularly has to fulfill requests to provide "FTP" access. FTP (file transfer protocol) is the conventional technical solution for sharing large files. While it does the job well enough, it is a major no-no for law practices because FTP is highly insecure (FTP's security hole is well documented, see my posting FTP (In) Security in the Google Age on the latest twist on the FTP security issues.) So, instead, the IT department has to set up Secure FTP (SFTP) access. And, the problem for SFTP is that its setup and administration are much more cumbersome and time consuming as a result of its additional security components.

And, let's not forget that, in the meantime, the less experienced and anxious legal types are breathing down IT's neck and wondering aloud why it takes so long since sending a file via email takes no more than one click!

Oh, right. Have I mentioned the fact that attorneys, depending on what transaction they are working on, may request "FTP" access any time of the day and any day of the week? Pity be the lone IT support dude on that 1am-9am New Year's Eve watch.

What we are seeing more and more of are proactive IT departments in law firms coming to the realization that bulking up the support infrastructure for these types of ad hoc file transfers is a game that IT can never win. Instead, the strategic insight points to giving users like attorneys and paralegals the ability to control their own secure file transfer process. This not only gets the "SFTP setup" monkey off IT's back, it also makes attorneys happier because their billable hours and client transaction destiny are no longer controlled by IT.

Talk about a win-win solution.

Typical is what Foley & Mansfield, a national law firm, found out. As Adam Pugh, Foley & Mansfield's Director of Information Services & Technology said, "We were looking for a self contained and easy to use secure electronic file transfer solution... our users, other counsel, and clients are busy people... Now, we can send and receive very large files within minutes."

And, the result? Pugh added "since the [Accellion] SFTA deployment, we have been receiving compliments from users inside and outside the firm about our enhanced secure file transfer capability for its ease of use and the time it saves."

Read more about Foley & Mansfield's perspective here.

So, the question for law firms is not whether to move away from SFTP/FTP, but whether Accellion Courier SFTA is the right choice for you. On this point, just like picking an attorney with the right kind of experiences and knowledge for your legal counsel, you should retain Accellion as your secure file transfer counsel because we have been there and done that many times over.

ACA Guy

Wednesday, August 30, 2006

Hosted File Transfer Solutions - the four hurdles for enterprise users

Summary: How important is secure file transfer for you business needs? When considering a hosted solution vs a solution installed inside the IT infrastructure, factors such as convenience, security, performance and cost are the key concerns for adopting hosted solutions.
----------To rent, or not to rent, that is the question. Whether 'tis nobler in the mind to suffer the slings and arrows of outraged users, or to take arms against a sea of large file attachments.

(With profuse apologies to The Bard of Avon, the saddest part of it is that ACA Guy isn't the first nor the last to have the urge to get his own bastardized rendition of the famous soliloquy out of his system.)

But it is a serious question for users who are looking for an enterprise secure file transfer solution. There are three categories of solutions. One is to install a dedicated solution such as Accellion Courier Secure File Transfer Appliance SFTA as part of the IT infrastructure. The second one is to build an in-house solution based on a variant of the FTP platform which, as noted in FTP, Email, HTTPS, and BitTorrent? A historic perspective on sending large files/attachments securely for enterprise users, is going out of favor for user-unfriendliness and security reasons. And, the third is to "rent" the service from a hosted file transfer solution provider.

Generally, if secure file transfer is a low business priority because you rarely need to send a large file through the network or security is not a concern, then a hosted solution is more than adequate.

However, if sending large data set and design files is a regular part of the business process, or if securing the information is important, enterprise users that I have talked with have a lot of reservations about hosted file transfer solutions for the following four criteria: convenience, security, performance and cost.

Convenience

Because this is to address a business process need where end users are involved, the solution needs to be non-techie friendly for both the sender and recipient.

Can a hosted file transfer solution do that? Well, with difficulty. Most would force users to go through a web site to upload and download files. Some require client software to be installed on the desktop, which the end user can find confusing and IT people are loathe to support. Worse yet, some hosted solution vendors require the recipients to also install software so that the IT team needs to ensure that not just the internal user has the right software installed and configured but the external recipient also has done the same.

Not exactly a shining example of user convenience in these days of Web 2.0!

Security

Security/privacy requirements come from two needs. One is to protect your digital assets because those vital data have taken years to accumulate, and protecting them makes your boss and clients happy. The other is that there are specific regulations such as HIPAA or Sarbanes-Oxley that may require compliance on your part. The key thing about security/privacy is that, as a process, it is only as good as its weakest link.

And speaking of the weakest link, asking a hosted file transfer vendor to safeguard your data and ensure compliance to your precise and granular business process requirements seems almost unreasonable. After all, they also have to support the needs of other users on the same platform, and, like it or not, your needs might conflict with what others want.

It's important to understand that not all files and secure file transfer processes are created equal. Many enterprises have needs like:

The ability to control the lifecycle of a file -- some files need to be removed within 48 hours and others should be accessible for years.

The ability to control the level of file access -- sometimes by person, sometimes by organizations, and at other times it does not matter.

Easy access to a detailed audit management report -- it is important to know who is using the file transfer system, what files are being sent and to whom, and when they are retrieved and by whom.

In the world of "one size fits all" with hosted solutions, these business process level requirements can make it very painful to adopt a third party hosted file transfer solution.

Performance

Then there is the issue of performance. When you rent a service, you have absolutely no control over performance; you are at the mercy of the infrastructure that someone else provides. It is bad enough that you cannot "tune" performance to take advantage of your infrastructure investment or to eliminate bottlenecks that can occur during peak usage. But, what happens when the hosted solution goes AWOL on you?

Let me share a personal story with you. Back at the Accellion ranch, we use a hosted CRM solution. A few months back, there were some intermittent connection outage issues. During those few days, I saw way too many sales people puttering around in misery as a result of the disruption. The hosted solution provider has since fixed the problem, but my own company has had to come up with contingency plans should it happen again. Suffice it to say that it was an unpleasant experience all around.

Trust me -- you don't want to be left so vulnerable when a key business service is down, and it's out of your hands to get it up and running again. Imagine telling the CEO that a large key document cannot be sent to a client because the hosted file transfer solution is not available!

Cost

This is usually the main reason most IT teams would even consider a hosted solution; the acquisition cost is usually the lowest. But, if you consider the total lifetime costs, hosted file transfer solution expenses can sneak up on you.

Because secure file transfer is a common need for most business users, what often happens is that more users end up requesting this service than originally projected. In the context of hosted solution, this also means that instead of achieving the cost benefit of scale with a solution inside the IT infrastructure as more users come online, the cost will grow proportionally or even spike as the demand grows. On top of that, there may be unanticipated seasonality in usage pattern which can easily blow out the bandwidth threshold for surcharges in a busy day.

When this happens, there are basically two unpleasant choices. One is to go hat-in-hand to the finance people for more money and explain why the initial usage projection was inaccurate. The other is to start restricting access to this tool and incur user sneers.

So, the ironic verdict is that, for most secure file transfer processes that enterprise users engage in, a hosted file transfer solution is a good standby if you don't really need it.

As for what was once (almost) said, "To rent, or not to rent." I think we’ve answered that question, dear Hamlet!

ACA Guy

Friday, August 18, 2006

Enterprise File Transfer Hurdles for BitTorrent and other Consumer oriented Technologies

Summary: BitTorrent is a hot new peer-to-peer technology for sending large files over the Internet. Teens use it to (often illegally) trade music and movies. Could the technology be harnessed for business users who want to send files to each other? If the current incarnation is any guide, the answer is a definite No because it poses great risks to your information assets.

---
With a glass of ice tea in hand, ACA Guy continues the musing on BitTorrent where he left off last week...

***
The way I see it, BitTorrent provides a very robust tool for consumer level digital proliferation. For example, for those niche, aka long tail, digital products, BitTorrent removes the burden of central administration of hosting a dedicated server to host file transfers, which was the standard operating procedure of the Web 1.0 yesteryear. What is cool about the BitTorrent technology is that there is no longer a throughput issue, even if the demand for the file transfer service grows. As a matter of fact, if demands grows, with the multiplying effects of "peers" (i.e., PCs) within "the swarm" (i.e., the network of participating PCs) to send "torrents" (i.e., pieces of your file), the performance benefit actually snowballs instead of drags. See this posting for a quick note on how BitTorrent works.

That is the good news.

But the question that ACA Guy is trying to answer is, does BitTorrent work within an enterprise file transfer context? The answer, to the best of my knowledge, is a resounding NO with the current incarnation.

Unlike the grandparents in Hoboken, New Jersey, who are anxious to see the latest pictures of their darling grandchild snapped by proud new parents in Palo Alto, California, enterprise usage has a lot more requirements beyond proliferation speed that are legally required and/or demanded by business users like you and me.

For example, since bits and pieces of the information travel through different peers, how does the enterprise ensure privacy protection? Similarly, would you let the company's confidential information, such as R&D results that have taken one year to compile, travel through some unknown peer computers? An analogy is to think of delivering your financial statements to your advisor down the street by passing parts of them through other neighbors’ houses. What is to prevent each neighbor from reading the pieces before delivering them to the intended recipient?

Furthermore, these peer computers may intentionally or accidentally tag on undesired payload in the transmission. It could be in the name of "national security" or a common place virus targeted at BitTorrent, but, as I have argued here, whatever the route, malware is still an unwanted payload.

It is with these reservations in mind that I read the Wall Street Journal columnist Walt Mossberg's review of Pando Networks's BitTorrent file transfer solution. In fairness, Pando is targeted to consumer usage and it seems to offer a new P2P perspective. At the same time, its implementation also points to the key fault lines between consumer and enterprise file transfer solutions.

The key difference between consumer and enterprise solutions for file transfer, beyond the minor privacy and security concerns noted above, are things like the ability to create detailed audit trails for review, the ability to configure a solution to meet specific process needs, and, for good or ill, the ability to monitor/prevent users from engaging in unwanted activities. Just like this comment from James Musto noted: firms have been telling users to NOT install P2P software for years. A BitTorrent-based solution is probably an even bigger no-no because it allows users to forward files whilst these files are being received.

I can already imagine the cry of agony if enterprise users were to start trafficking company information in BitTorrent.

People! Be nice (to IT)!

ACA Guy

Friday, August 11, 2006

FTP, Email, HTTPS, and BitTorrent? A historic perspective on sending large files/attachments securely for enterprise users

Summary: For enterprise users, FTP was the first dominant solution for file transfer. Email attachment teased the non-technical masses with a taste of what is possible. HTTPS and Web 2.0 is now the de rigour technology for secure file transfer. The question is, would BitTorrent be the next thing?

------------
Being a lazy summer day, ACA Guy's attention (naturally) shifts to the evolution of sending large files securely by enterprise users, from FTP in the 70's, to the rise of email throughout the 80's and 90's, and the current competing crop of file transfer solutions from HTTPS to BitTorrent.

***
What makes the information technology (IT) industry interesting is its constantly shifting benchmarks and non-stop sprinting by all concerned just to keep up with what is technically adequate because no one wants to find himself being the last man using the wrong technology. The trouble is that only hindsight is 20-20. New technology and protocols are being introduced by vendors and adopted by users, with or without the approval and support of the IT department. Any semblance of IT clairvoyance is only possible with a combination of business perspective and technical acumen tempered by a long-term view.

FTP: the first file transfer solution

The first dominant technology for file transfer was FTP, or file transfer protocol, as first described in the 1971 RFC114 document. In its basic form, as described by Wikipedia's FTP section:

The FTP server listens for connection requests. The client computer initiates a connection to the server. Once connected, the client can do a number of file manipulation operations such as uploading files to the server, download files from the server, rename or delete files on the server and so on.

Since it was designed by and for technical users, FTP has earned the notoriety of being a technically powerful but end-user unfriendly solution. Many vendors have tried to put pretty user interface wrappers around it to enhance the usability, but its legacy status continues to both haunt its wider adoption as a business tool and make it a deeply entrenched tool in many IT shops.

As a business tool for file transfer, FTP also suffers on the security and privacy side. For example, I have noted concerns over Google indexing FTP servers and a major managed file transfer vendor admitting the need to monitor FTP activities.

Email: file transfer for the rest of us

In the late 80's and early 90's, email started to emerge as a new dominant solution for sending files while FTP began the process of becoming a mostly machine-to-machine niche solution using its scripting capabilities.

With the proliferation of PCs in the 80's and Internet in the 90's, email has become a universal business communication tool. More importantly, in the context of this missive, there is just no easier way than email attachment to send files.

The trouble with email attachments as a file transfer solution started as purely a performance issue. Email is not designed as a file transport solution, so when the CEO wants to share a 5MB presentation with 200 key people around the globe, he has just pumped about 1GB worth of data (5MB x 200 recipients) through the system with one click and, if he is really unlucky, crashed the email server. In response, IT departments started to impose increasingly stringent email attachment size limits which I have addressed in more detail here.

But the headache with email attachment does not stop there. With its near universal popularity, email has also become the main target for cyber crime and pranks. And, with the payload carrying ability of attachments, email attachment is the most common conduit in which computer infections spread. Yes, there is a whole industry focused on addressing this problem with lots of chatter, including yours truly in this posting, surrounding it. But, the net net of it is that IT administrators are, wisely, putting in additional constraints on email attachments to lock down the cage and protect one of the most visible corporate processes.

In short, sending data and large files through email attachment has become increasingly difficult or simply disallowed in many enterprise environments.

HTTPS, XML, and Web 2.0: secure file transfer pretenders

The irony is that as email is being locked down, we are entering a hyper-collaborative world where most business processes involve some sort of information exchange with both internal and external senders and recipients. Exacerbating the issue further, the IT industry has enabled users to generate more data, larger files, and bulkier presentations with greater ease and less time than just a few years back.

With an increasing number of people who require the ability to easily, quickly, and securely exchange large sets of information, the issue of secure file transfer has elevated beyond a technical consideration and become a core business process issue.

The truth is, business users just want the ability to send a 20MB PowerPoint presentation to 100 recipients with a single click, because that is what they need to do to get the job done. Finance/compliance people just want to have a process where information/data/file gets from user A to user B in a secure and auditable manner. And, IT folks just want to be left alone.

The current pretender to meet the user's secure file transfer needs come from the family of web technology, XML, HTTPS, etc., whose acronyms we have grown accustomed to in the late-90's. Amongst its many merits, web technology offers a compelling combination of features for enterprise users as a file transfer tool such as:

It does not require any specialized software beyond a browser which is free and, overwhelmingly, preinstalled on every computer.

It can enforce security through various encryption methods which are considered highly robust.

Its basic architectural capability is such that it can push a file to the recipient without involving FTP or impacting email servers.

Of course, there are the issues of Web 2.0 and AJAX (which Accellion has implemented) as well as the browser imposed file size barrier of 2GB (which Accellion also broke through). But, these are details.

Within the context of HTTPS and other web protocols, there is a wide selection of vendors whose products range from letting you upload and download files from a website on a pay-per-use basis to Accellion, which offers a dedicated secure file transfer appliance. This appliance, by the way, sits within the enterprise IT infrastructure to provide extensive IT administrative capability as well as integration into Exchange/Outlook and Domino/Notes.

Think of these as field tested and crusty veterans in the current incarnation of secure file transfer solutions for enterprise usage.

BitTorrent: is it ready for enterprise secure file transfer prime time?

Then there’s BitTorrent, the newest kid on the large file transfer block. As a P2P (peer-to-peer) file sharing protocol, it is mostly mentioned in the context of teenagers exchanging (pirated) files with each other. At its most basic level, unlike the classic approach of sending a file from user A to user B through a dedicated connection, BitTorrent breaks up the file and passes the pieces through peer computers via a swarm from the sender to the recipient. Because a swarm can have many peers, the performance of sending a large file can be improved as a distributed grid design. Furthermore, with each peer machine having bits and pieces of the file at any one time, it also removes the bottleneck of the origination sender for a file's proliferation.

I can definitely see the process advantages BitTorrent offers in the P2P and consumer context as its creator Bram Cohen argued. But, what ACA Guy wants to know is, would it work for enterprise file transfer and what form would it take?

***
Let me know what you think while I fetch a glass of iced tea.

ACA Guy

Friday, August 04, 2006

Virus, via Email File Attachment, FTP/SFTP, or Website Download, is still a Virus

Summary: Virus and malware can find their way into your infrastructure via infected file attachments by ways of email, FTP/SFTP, and file hosting websites. A dedicated secure file transfer appliance with anti-virus option is a highly effective solution in addressing these concerns.

-------Virus/malware spreading through email attachment may be old news, but it is nevertheless real and particularly devastating if you are the victim. For this reason, there are a number of tools that email administrators utilize to check and block infected attachments such as dangerous attachment blocking offered by Microsoft. But, email is not built for virus/malware detection, so the onus is on the IT team and individual users to keep these bugs away by practicing safe hex.

Ideally, there are three layers of virus protection in a corporate IT infrastructure:

1. A virus checking and blocking box before the email server
2. A virus checking and blocking software plug-in installed onto the email server
3. A virus checking and blocking client on the user's desktop

Admittedly, when a brand new virus not yet recognized by the anti-virus solutions knocks on the door, you can only count on luck and common sense to keep yourself out of trouble -- but that is a pretty low probability in an enterprise context.

Well, what is the problem then, you might ask?

First of all, the ideal anti-virus regimen does not often exist. For example, most small to medium operations expect end users to check for viruses with their desktop anti-virus solution. Say the marketing department is working with an outside graphic designer on a big PowerPoint presentation. Lo and behold, the graphic designer picked up a PowerPoint virus unknowingly and sent it along as an attachment to the good folks at marketing who are most anxious to review the work. Ask yourself, how many marketeers will remember to check the attachment for a virus before opening it? Simple answer: it's not going to happen unless the scanning is automatic.

How about attachment size limits and ways of bypassing these limits? As discussed in prior posting, there is a time and place for attachment size limits, but users still need to send large files and attachments for everyday business processes. This is traditionally done via FTP/SFTP servers or file hosting websites which opens up additional channels for picking up a virus, amongst other things.

FTP/SFTP servers usually do not have an elaborate anti-virus scheme installed like email servers since the usage frequency is lower. So, if an external user --say it's our unfortunate graphic designer -- places an infected file onto the FTP server, internal users can unknowingly pick up digital cooties that way. And, there is already a reporting of virus designed for FTP.

Similar problem exists with file hosting websites, which act as a purely transitory storage unit. An infected file on the website is not a problem until the user downloads and try to use (activate) it.

So, having anti-virus for email and desktop are both important but insufficient conditions to prevent malware from finding its way into the enterprise IT infrastructure if FTP servers and website transfer is not closely monitored and controlled.

On the other hand, instead of putting patches around these processes and having sleepless nights on what other innovative ways infected files can sneak in, it seems a lot easier to get a dedicated secure file transfer appliance that comes with anti-virus options.

By centralizing the file/attachment transfer capability into a dedicated SFTA appliance, there is a cage to check files for virus and malware on upload and download regardless whether the sender and the recipient are external or internal users. In other words, there is no more concern about if external users are practicing safe hex and there are no more loopholes, like FTP or file hosting websites, in which infected files can sneak their way into the environment.

The Accellion Courier SFTA comes with the F-Secure virus scanning bundle. When you send a file via the appliance, or receive a file sent to you via the appliance, F-Secure can watch your back. I say “can” because virus scanning is optional, although highly recommended. The appliance administrator can choose no scanning, scanning only on upload, scanning only on download, or scanning on both upload and download. In other words, choose the mode that suits your business practices the best.

ACA Guy

Friday, July 28, 2006

FTP (In) Security in the Google Age

Summary: Data and information residing on FTP sites are indexed by Google. Do you know what is on your FTP servers?

----------------Although I am a Google power user and a veteran of FTP, I still find it a touch scandalous, although logical, to know that FTP sites are being indexed by Google.

It really makes sense because FTP sites hold tremendous amounts of information and data and Google's stated mission is to crawl all the information fit to index. (To paraphrase the redoubtable New York Time's motto.)

The trouble is, do you really want Google to index information on these FTP sites and make them searchable?

Conversely, do you know what is in your FTP servers?

I have known of cases where companies routinely exchange large proprietary data sets using FTP for user to user file transfer because other traditional file transfer methods like email and CD delivery are inadequate to the task. In today's Google mode of operation, a great deal of IP (intellectual property) can be exposed to your favorite search engine.

Or, like this Search Engine Roundtable posting shows, you have to be very wary of (hidden) FTP logs being indexed.

So, here are three things that you should do:

1. Search Google (and other search engines) for your (company) information to make sure that there is no proprietary information not intended for public consumption floating around. (I find it's helpful to set up Alerts to automatically have search engines tell you what it is finding with a specific search criterion.)

2. Lock down FTP servers. This would make FTP unfriendly to users and administrators alike, but imagine the alternative...

3. Look for a secure alternative means to sending large files that will not be exposed to the prying eyes of Google.

ACA Guy

Friday, July 21, 2006

No Pain is Gain - What email focused VAR partners are doing for email size limits

Summary: Should IT impose file size limits on email users? While limits can help IT manage the beast that is enterprise email, they also can hinder business processes. Perspectives from those who deal with this issue everyday, email-focused VARs.

-------------------------------
"[Should] security and stability of an email infrastructure be a separate issue from whether Beth in accounting, or Pete in marketing, or Ed in Editorial can store 200 Mb worth of email or 2 Gb worth of email," asked Edward F. Moltzen of CRN on a July 14th article.

Ah, the conundrum of email size limits. Should it be set? What limit is reasonable? How would the limits impact actual business processes? What happens to the limits when the email (attachment) size gets larger, as it always does?

Stripping away all the rhetoric, the gist of the problem with message size and in-box limits comes down to the attachments. After all, nobody is going to compose a 10MB email purely in text; it’s the large attachments that hog the resources. Exacerbating the problem is the common moral hazard of not just sending attachments, but sending them with numerous CCs and BCCs, because the capability is there.

Theoretically, there is no technical reason why email cannot be designed to be robust enough to handle unlimited size. However, the problem of building an email solution that does it well is that it has to be architected specifically with this requirement in mind from the start. Adding to this Herculean goal is the IT truism that what is considered large size today is often the mere starting size tomorrow.

Now, let's face the facts here. Nothing is more core than email in most of today's business processes. The surest way for IT to rouse the ire of the bosses is when there is an email problem. Under the motto of if it ain’t broke, don’t fix it, no sane IT department of an enterprise with a keen sense of self-preservation is going to push the envelop on the email front. So, it is theoretically possible and technically feasible to allow unlimited size, but it is not going to happen, given the current code base for both Exchange/Outlook and Domino/Notes.

So, what do the email-focused value-added resellers (VARs), who are paid to confront and resolve such issues everyday, do? What our (Accellion’s) email-focused VARs are telling me is that looking at the issue as a purely email size limit problem is a myopic way of framing the problem. Namely, take a step back; email is nothing but a tool to get things done. And, the key thing that users are really asking for with large email size is the ability to easily exchange large file/attachments as the business process requires.

What we are seeing in actual field usage is that while limiting the size of messages and in-boxes is a common practice, these limits have the undesirable effects of restricting legitimate business processes that require large emails/attachments. Sure, there are the FTP sites, USB key Sneaker-Net, and the good old fashioned CD/DVD burners -- but nothing comes close to email's ubiquity and ease of use for end users. So, the question is not so much how/what size limits to impose. Rather, it is about how to let users operate in an efficient manner with increasing attachment sizes without requiring extensive and on-going contortionist trainings for both IT and end users.

We are seeing an increasing number of email-focused VARs adding Accellion Courier Secure File Transfer Appliance (SFTA) to their arsenal because it allows end users to use the familiar email application to get things done, while offloading attachments from email servers to a complementary secure file transfer appliance for IT's ease of management and ease of mind. As a result, happy users can go about their business without the frequent disruption of dealing with email limits, and IT (and the VAR) can look like a hero for solving an enterprise problem with a simple solution.

In life. No pain is gain, sometimes.

ACA Guy

Friday, July 14, 2006

Microsoft Exchange/Outlook Attachment Size: Best Practices, Limits, and Solutions

Summary: 5MB is the effective [email attachment] size limit cited as examples for Microsoft Exchange/Outlook on Microsoft Support. How to send large email attachments through Accellion SFTA without causing Exchange/outlook problems.

---------------------------
"Massive email accounts [are] killing our [E]xchange server" -- Louise H.

This was an actual quote that I got earlier today from an IT officer who requested information on Accellion's Courier Secure File Transfer Appliance.

I recall reading an Osterman Research study where 80% of the email traffic is in attachments. All these attachments end up at somebody's email inboxes. The trouble is that when these email accounts get too big - they can crash email servers.

Adding to the woe is the degradation of network performance when an email with a 15MB attachment is sent out to 20 recipients (spiking the effective email attachment load to 300+ MB with one click). While all those bits and bytes are making their way through the network, the entire email system will come to a near stand-still.

There are very few things that IT does that would get the CEO's attention immediately. But, trust me, when the email server crashes or when the email/network is crawling, the CEO will notice.

Fun, huh?!

That is precisely why IT uses attachment size limit settings in the email server.

The trouble is that there are legitimate cases where large files need to be shared and attachments via email is the most intuitive and convenient method for both senders and recipients. (Lawyers and advertising curative teams come to mind.)

I was recently told by a reseller who specializes in Microsoft Exchange/Outlook implementations that the Microsoft Exchange 2003 best practice for maximum email attachment size limit is between 5MB and 10MB. Consequently, they are using Accellion SFTA to complement their Exchange/Outlook deployments so that the users can have a high-performance email infrastructure while preserving the ability to send very large attachments as part of the everyday business process.

This kind of got us thinking and we dug around the Microsoft support site for examples of effective [email attachment] size limits. Of the two examples found (shown below), I think what is glaringly obvious is that a 10MB limit as suggested by the reseller is, if anything, on the generous side.

Examples of effective size limits

Example 1
• The global setting is set to 5 MB.
• The Exchange SMTP connector is set to 3 MB.
• The SMTP virtual server is set to 4 MB.
• The user mailbox setting is set to 2 MB.

Example 2
• The global setting is set to 2 MB.
• The Exchange 2000 SMTP connector is set to 5 MB.
• The SMTP virtual server is set to 2 MB.
• The user mailbox setting is set to 3 MB.

I then looked at my own folders full of PowerPoint presentations. I am - after all - Accellion's "marketing guy," and 20MB sized files are dime a dozen.

So, here is a question with an obvious answer. Why fight a battle on controlling email attachment size limits that nobody has a clear solution for when you can use the field-proven Accellion Courier File Transfer Appliance that would seamlessly integrate into your Microsoft Exchange/Outlook and give users the ability to send really large files without overwhelming the messaging infrastructure?

Granted, the CEO may not notice the change. But, as the saying goes, "no news is good news" as far as limiting email attachment sizes and allowing daily business processes are concerned.

Or, as I like to think, you should have the "email + unlimited large attachment size" cake and eat it too.

ACA Guy

Click here to request more info on Accellion Courier SFTA

Friday, July 07, 2006

World Cup, virus, worms, and Accellion

Like many Silicon Valley firms, people at Accellion are a pretty international bunch. Translation: World Cup fever is gripping all of our offices in Asia, North America, and Europe.

So, here is a short list of five things that, fingers crossed, will fade in a few more days.

1. Longer meetings: impact of Ronaldo's heft this year vis-a-vis his 2002 World Cup appearance is a recurring topic of passionate debate in most meetings.

2. Office envy: people who have attended a 1994 World Cup game in person become instant object of awe and envy.

3. Skewed working hours: the Asian team keeps very odd hours.

4. Singing: muted, but you can almost hear people humming La Marseillaise (for the French) and Inno di Mameli (for the Italian) in preparation for the final.

5. Nudist World Cup game: I am not making this one up. According to a BBC report, the Sixem-A worm is inviting people to click on a link to download those Nudist-in-action pictures. (Naturally, if you use Accellion Courier Secure File Transfer Appliance to send digital assets, nude or otherwise, you would not have to worry about worms and viruses. But, this is probably a different topic for another time.)

In the meantime, be you one of the "[les] enfants de la patrie" or "fratelli d'Italia," may the best team win on Sunday. As for me, I wonder what is Trinidad and Tobago's national anthem...

ACAGuy

Friday, June 30, 2006

File transfer in the world of AJAX (Asynchronous JavaScript + XML) and Web 2.0

AJAX fashionista

Before people can pin down exactly what Web 2.0 is, the most tangible buzz for gearheads, like yours truly, in Silicon Valley and beyond has been the use of AJAX (Asynchronous JavaScript + XML). How it can be used. Who is using it. What people are saying about it.

Envision my glee when I learn that Accellion SFTA has been using AJAX as part of its implementation for a while.

AJAX is cool

References for AJAX background information abound; so, I would not belabor the issue except to say that it is très chic because Google is using it to make their UI slick. On the other hand, according to a Network World article on AJAX, enterprise users are weary of complex implementation and its potential impact on network performance.

AJAX inside Accellion Secure File Transfer Appliance SFTA

The key advantage of using AJAX is the streamlined UI via its ability to bring processing to the client side using browser native tools such as JavaScript, XML, HTML, and HTTP calls. AJAX was first implemented as part of the Accellion Courier SFTA 4.5 release to streamline the user UI. For example, instead of popping up another browser window to transfer a file (think how it works with Yahoo mail right now), the user would stay within the same browser window (think Gmail from Google).

Release 5.0 of Accellion Courier SFTA extended the product features to include folder transfer beyond 10GB. Here too, AJAX played a key role in implementations such as LDAP validation and dynamic table structure. So, not only that you can send and receive folders instead of just files with SFTA, all interaction will stay within the same browser window.

And, people thought file transfer solutions cannot possibly be sexy. ("Au contraire," say I while queueing up Right Said Fred's shirt song.)

AJAX Concerns for Enterprise IT

New technology, even if it is the re-combination of existing protocols, always comes with its own quirks and the first issue that Network World raised is the fact that it takes a good team to get the AJAX implementation right. In this respect, being an appliance maker, Accellion has the advantage of being able to focus the engineering resources on a self-contained form factor which improves the output quality while shortens the development time required for the AJAX implementation.

Drawback number two, according the same article, is the potential impact on network performance. In the context of Accellion SFTA, this issue is alleviated by a great team and Accellion's unique knowledge from the years of optimizing global file transfer performance since our CDN days. For example, sorting, LDAP validation, and dynamic table structures are all done on the browser side using AJAX to eliminate the associated server CPU load as well as to minimize the round trip communications with the server.

AJAX, Web 2.0, Accellion, and you

So, are you still struggling with technologies from Web 1.0 to let users send large files securely across the world?

Join Accellion. Implement a Courier SFTA. So you, too, can be a member of the AJAX toting Web 2.0 set - with or without Right Said Fred.

ACA Guy

Digg this posting

Friday, June 23, 2006

When it Absolutely, Positively Has To Get There and Back, Right Now

I was talking with the CTO of a global media company, a customer, and was impressed by the fact that his users are regularly trading more than one terabyte (1TB) worth of data using the Accellion Courier SFTA clusters per month. (Just to give a sense of scale, that is more than 1,400 CD's worth of data every 30 days!)

What is even more impressive beyond the sheer size of data exchanged is the fact that more than 50% of the users of the systems are outside of the company - clients, consultants, partners.

In other words, the ability to exchange files with external user is a critical capability.

While the unabated file size growth and nascent compliance requirements are driving the adoption of Accellion SFTA for file transfer needs, another key operational driver is the collaborative and rapidly iterative nature of most business processes today.

A mere five-ten years ago, depending on your industry, you would ask a partner to send you a document for review via FedEx when "it absolutely, positively has to be there overnight." With each delivery taking one to two days, collaboration is at a somewhat leisurely pace.

Today. It is one hour away from a meeting with major investors. The CEO wants to have 15 minutes to go through the slides one last time. The trusted (and outside) graphic designer is just about ready with the 75MB killer presentation that you finally got everyone to agree to and sent over 20 minutes ago.

Problem. The designer has an email attachment limit of 5MB. You cannot get a straight answer from IT on who is in charge of the FTP server, let alone who can create a new ID/password for the designer to upload the file right now. You know that the security and compliance team would come down on you like a ton of rocks if you let the highly sensitive information travel through a hosted site whose infrastructure they know nothing about.

Solution. Accellion Courier SFTA lets you invite the designer to log into a web interface and send that 75MB hunk of a file to you right now. No IT intervention required and, if your designer knows how to use webmail like Yahoo (and who doesn't these days), she does not need training to know how to use the file transfer.

In today's collaborative and rapid iterative processes with compressed time frame, overnight is an eternity.

Maybe the new business mantra is "Accellion Courier SFTA: when it absolutely, positively has to get there and get back, right now."

ACA Guy

Friday, June 16, 2006

Much Ado About Tumbleweed and FTP Security

Neighborly is my motto. I talk regularly with other companies in the file transfer space and I believe that everyone, end users and Accellion, benefits from having a wide spectrum of solutions.

With that bit of personal philosophy in mind, I am much amused by Tumbleweed's announcement on their latest FTP tool, a sniffer to track FTP traffic designed to monitor unsecured and unauthorized FTP activities. Then, there were comment from L. Frank Kenney of Gartner on the importance of securing file transmissions for security and compliance.

(Note to self: call Frank, it has been a while.)

The irony is that FTP is one of the pillar protocols of Tumbleweed's Secure Transport.

To quote Tumbleweed's own press release on the peril of FTP: "The use of unmanaged FTP to share sensitive data continues to put organizations at risk. Internet FTP usage is widespread, often insecure, and leaves company data exposed and vulnerable. In many instances, organizations are unaware of the FTP traffic taking place within their IT environments. Without a monitoring system in place, organizations have no visibility into the volume and type of FTP traffic traversing their networks. Over time, many organizations find that they have fostered an environment with a large number of "rogue" FTP servers."

On one hand, I admire people who try harder when it does not work the first time. On the other, I think the ability to step back and declare that more patches and analyzers would not address the root causes of "rogue" FTP servers is the true sign of a strategic (IT and business) thinker.

Enterprise users need to send large files and folders securely to users in other parts of the world and outside of the organization. Technology is but an enabler.

Or, to paraphrase a famous political slogan, "It's the results, stupid."

Despite being the obvious technical solution since the 1971's RFC114 document, FTP is not cutting it for most enterprise users in today's collaborative environment.

The strategic insight is that secure file transfer is a core business process - a critical part of the day-to-day transactions that must be robust enough in the face of the myriad of unimaginable yet inevitable human glitches and operator errors. It is not about making FTP transmissions secure. It is not about monitoring "rogue" FTP traffic.

It is about giving the end users the ability for secure file transfer that fits into existing processes without adding to IT management burden. It is about finding solutions like Accellion Courier SFTA.

Give a straight answer when the CEO wants to know your strategies to remove company assets from a protocol known for "unsecured" and "rogue" traffic according to Tumbleweed, without crossing fingers behind your back.

Now, imagine that!

ACA-Guy
Postscript

TechWorld fumed that the Tumbleweed announcement was a sales-get ploy to get your contact information.

Chill, I say.

In solidarity with my file transfer brethren in Tumbleweed, I would like to offer our whitepaper, with no 30 day limitation, on Secure File Transfer as a Core Business Process.

Better yet, click here so we can tell you how Courier SFTA works for you.

Friday, June 09, 2006

Putting the Machine in Deus ex Machina - Sending folders and 10GB files without IT Help

I regularly have tête-à-tête sessions with IT users and prospects. Okay, they are more like griping fests on the latest end user faux pas. The point is, however you describe these discussions, the ability to send folders and ability to send really large files are easily amongst the top five IT obsessions I hear about.

Why are folders and really large files big headaches?

Folder Headache 1: There are times when the ability to preserve specific directory hierarchy and file relationships is the whole raison d'etre for the transfer. This usually happens with complex projects in industries like advertising/media production and engineering.

Folder Headache 2: Another oft-cited reason for wanting folders is because there are many files to send. So, instead of attaching or downloading 100 files individually from an email, the world would be a better place if there is just one folder (containing 100 files) to process on both ends. This happens a lot with professional services industries such as law firms.

Really really (two times) large files: we all have different definitions of what constitutes large file. The typical IT threshold is about 10-20MB, same as the email attachment size limit. For me, I consider files north of 1GB as decent size. For most web-based file transfer solutions, 2GB is the maximum limit due to a number of browser technical constraints. Beyond 2GB, FTP is the most common choice for file transfer, but the trouble is that most end users and some IT folks detest FTP with passion.

So, what are the conventional coping strategies since these problems are, surely, not new? Well, the old strategies on how to deal with folders and large files generally involves the use of some kind of data compression technology with a variant of the zip utility.

For folders, a few clicks with a compression utility creates one single file that contains all the files with the directory hierarchy information intact.

For large files, usually zipping makes them smaller. This does not always work, however, because some file formats are already compressed or they start as really really really (three times) large files. For example, legal deposition and discovery that involves emails can easily run into 5-10GB per transaction these days.

The unspoken assumption with the traditional strategy is the fact that end users are comfortable packaging these folders and files with a compression utility. The trouble is, as intuitively obvious as Zipping may be to the tech-savvy, it is not obvious enough for a vast number of end users. In other words, IT intervention is still often required and nobody is happy about the process.

The unpleasant truth is, as complex projects with intricate directory structures become mundane, as the file quantity to be exchanged per transaction continues to increase, and as file size growth keeps up its cancerous pace unabated, these issues are not going away.

If anything, folders and large files have become a part of today's core business processes and IT can no longer afford to address them in a case-by-case fashion.

In the face of this classic and seemingly intractable end users vs. IT drama, a deus ex machina is needed to restore the cosmic balance. This sanity-saving solution needs to:

Transfer folders as easily as files

Transfer 10GB or even 20GB in one go (as a reality check, 10GB is more than 2 DVDs or 14 CDs worth of data).

Be as easy to use as webmail.

Ahem... Send folders and Send 20GB files with one click using a familiar webmail interface - putting the Machine in Deus ex Machina - please meet Accellion Courier 5.0 Secure File Transfer Appliance.

Or, click here to get more information.

P.S.
* You can click here to see a picture of the appliance and the note from Computer World's Mark Hall.
* Or, click here on what Linda Musthaler of Network World has to say about SFTA.

ACA Guy

Digg this posting

Friday, June 02, 2006

Four features to let you have the large file transfer / large email attachment cake and eat it too

In this file transfer business, the need to seamlessly receive and send large files is usually mentioned in the same breath as security concerns. The trouble is that IT and end users have very different views on the same issue.

IT's typical refrain

End users are always trying to sneak huge files through email. One time, an user tried to send 1GB in attachments through email. Big sigh. Then, we had to deal with crashed email servers and got yelled at for poor email performance.

End users don't understand what emailing large files does to the network, especially when they send to a long list of CC and BCC. We have massive files replicated all over the place, taking up bandwidth as they go across the network, and taking up storage space on our email system.

We try to limit the file sizes in email, but all users do is complain and get their managers to approve exceptions which adds to our workload.

We recognize that end users want ability to exchange large files with external users. The trouble is that we have no control over the external user's IT infrastructure and there is not a lot we can do when something, inevitably, goes wrong.

We have tried setting up FTP servers for exchanging big files. But, end users complain that FTP is too hard to use. And, truth be told, administering an FTP server is painful because we are always running behind in cleaning up files in the directories and setting up new accounts for users.

End Users' familiar tune

IT just don't get it. Sending large attachments via email is the most straight forward method. We do not have time to master a new set of technology to conduct everyday business. The last thing we need is to learn some complicated system to send email attachments somewhere and have to talk the recipients through the process on how to retrieve these attachments.

And, heaven forbid that we have to call up IT for support!

The attachments are large. But, that is just the reality in today's enterprise environment and we all know that they will only get bigger.

We have tried sending documents via overnight services, but that added days to our schedule when we had to make lots of changes. Besides, I don't want the bean counters breathing down my neck to contain delivery service expenses.

Same issue but different interpretations - Sometimes it feels like I am watching Kurosawa Akira's adaptation of Rashomon by Ryunosuke Akutagawa all over again.

Half of the battle in finding a solution to this he says, she says problem is to get all parties involved to think beyond whether it is a large file transfer issue or large email attachments concern.

Fortunately, unlike the renowned Japanese story, there is a simple way to address this Gordian Knot.

Just get a solution that does the following:

Easy to use through email client integration or webmail interface

Offload traffic from the email infrastructure

Automate administration tasks such as file life cycle management and account creation

Allow external users to send and receive files using the same platform

By the way, yes, Accellion makes a secure file transfer appliance (SFTA) that does all that and more. And, no, it is not called a pain reliever.

You may say "It is all well and good, but would it handle really large files and how about folders?"

(Trouble maker, you!)

Let's talk about strategies, new and old, on how to send folders and really large files next week.

ACA-Guy

Friday, May 26, 2006

Happy CEO, Happy CIO, Happy End Users - a true story

CEO's are a special breed of end users - their time is too limited to deal with technology that does not work the very first time, and that includes user errors.

So, imagine the delight of a Chicago manufacturing firm CIO who deployed the Accellion secure file transfer solution and had the CEO become an early user.

This is a true story.

Knowles is in the precision manufacturing business with a global manufacturing footprint. After years of email, FTP, and overnight CD's, the CIO wants a secure file transfer infrastructure that does the following:

Business Security: built in security capabilities to fit end user processes

Minimum User Training: require minimum deployment planning and virtually no end user training

Technical Security: encrypted storage and transmission

Take Load Off Email: move the file transfer function away from the mail server

Minimum On-going IT Management: allow IT resources to focus on other priorities

Accellion Courier Secure File Transfer Appliance SFTA was selected. Fast forward a few months.

This is what the CIO said on the impact on IT, "[it] allows me to address our security needs without hassle and lets me deploy my limited IT resources to other priorities."

And he thinks it is easy for end users, like the CEO. "The appliance has become an integral part of our processes with senior management regularly using the system to exchange confidential information," said the CIO.

Like I said last time, the real art in implementing a secure file transfer framework is on how to do it without killing the IT staff or inciting end user riots. And the Knowles case is a real masterpiece. (You can click here to read the Knowles experience. Warning: you are required to enter some basic information to get to the file. Sorry.)

Post script: Knowles was later acquired by Dover Corporation for US$750 million. I've heard that Accellion SFTA played a small part in facilitating a smooth transaction.

So, what does SFTA do beyond providing secure file transfer? Boy, am I glad that you asked.

ACA-Guy

Friday, May 19, 2006

Four (or more) ways of slicing Secure File Transfer

Since I broached the subject of Secure File Transfer in the last posting, please indulge me with a quick discussion on what it is in the context of organizational processes.

As a starter, File Transfer is pretty straight forward - getting a packaged data, in form factor ranging from a simple text file to a multi-GB folder containing multiple files in complex sub-directory hierarchy relationship, from point A to point B electronically.

Secure, on the other hand, is the part that people have a wide range of opinions on.

Some people take a narrow view of security and only consider secure file transfer in technical terms. The considerations tend to focus on protocols and methods of encryption such as the use of SSL and SSH in flavors like HTTPS (HTTP over SSL) or SFTP.

My contention is that technical security is a necessary but insufficient condition - ability to be secure technically is just the table stake to be in the game, in other words. Why? Because technology does not operate in vacuum.

At the organizational level, there are three typical drivers for being Secure:

Regulatory and compliance requirements - think HIPAA and Sarbanes-Oxley (SOX) as the most recent and prominent examples.

Protect institutional assets such as intellectual property (IP) and confidential information - think of all the IP involved with the outsourced activities most organizations engage in these days.

Build and maintain a trusting relationship with outside stakeholders - I would hate to be the CitiFinancial representative to tell customers and partners that their information is lost.

Of course, like most things in life, after slicing Secure File Transfer at least four ways, the "fun" really starts with how to go about architecting a framework for a secure file transfer infrastructure that fits all the organizational requirements the over-stretched IT team can easily support and end users readily adopt.

That's the $64 question, as the saying goes.

Coming up next: how companies meet their Secure File Transfer requirements without killing the IT staff or inciting end user riot. (Hint: Secure File Transfer Appliance, SFTA.)

ACA-Guy

Wednesday, May 10, 2006

hello, world

Greetings! I'm very excited to have this opportunity to begin an open dialogue with you about the trends and issues of secure file transfer. Just like email has become a basic and ubiquitous building block of an enterprise's DNA, transferring (large) file securely has become a core business process in ways that nobody had envisioned just five years ago.

Raise your hands if this has happened to you.

Received a notification from IT saying that you MUST clean up attached files in your inbox because it will reach its quota soon?

Somebody complained to you that your data-and-graphic-rich presentation is being rejected by the recipient's email server as being too big?

Made an IT administrator's face turn green by demanding a new FTP account be set up THIS INSTANT because you "need to share a critical file with an external user. Yesterday!" (Try not to do this since those IT types have long memories.)

I rest my case.

With this forum I hope to share best practices, compliance information, retention policies, ideas for storage management, security tips, and more in the context of getting the best ROI from your secure large file transfer infrastructure. You have an open invitation to tune in regularly and contribute to the discussions. Like the book The Wisdom of Crowds says, we can learn a lot from each other.

Just so you know where I'm coming from, I am the "marketing guy" at Accellion, I have a front row seat and back stage access on secure file transfer appliance as a new market. From its recent introduction as a new product category to the current rapid growth, this has been one heck of a show so far and things are just heating up!

Before Accellion, I've always been involved in various aspects of B2B space. I was a programmer, hence the tribute to Brian W. Kernighan's work on C programming in the title. I was a consultant, still refer to most airports by their three letter IATA code such as ORD for Chicago O'Hare. I was a product manager, coaxing new products and upgrades to walk out of the engineering lab into enterprise usage in the fields. And I can bear witness to the vicissitude of Silicon Valley - some uplifting, some banal, some pathetic, but always entertaining.

So, how do you send large file securely today?

ACA-Guy