Accellion blog has moved!

You should be automatically redirected in 6 seconds. If not, visit
http://www.accellion.com/blog/
and update your bookmarks.

Friday, May 19, 2006

Four (or more) ways of slicing Secure File Transfer

Since I broached the subject of Secure File Transfer in the last posting, please indulge me with a quick discussion on what it is in the context of organizational processes.

As a starter, File Transfer is pretty straight forward - getting a packaged data, in form factor ranging from a simple text file to a multi-GB folder containing multiple files in complex sub-directory hierarchy relationship, from point A to point B electronically.

Secure, on the other hand, is the part that people have a wide range of opinions on.

Some people take a narrow view of security and only consider secure file transfer in technical terms. The considerations tend to focus on protocols and methods of encryption such as the use of SSL and SSH in flavors like HTTPS (HTTP over SSL) or SFTP.

My contention is that technical security is a necessary but insufficient condition - ability to be secure technically is just the table stake to be in the game, in other words. Why? Because technology does not operate in vacuum.

At the organizational level, there are three typical drivers for being Secure:

  • Regulatory and compliance requirements - think HIPAA and Sarbanes-Oxley (SOX) as the most recent and prominent examples.

  • Protect institutional assets such as intellectual property (IP) and confidential information - think of all the IP involved with the outsourced activities most organizations engage in these days.

  • Build and maintain a trusting relationship with outside stakeholders - I would hate to be the CitiFinancial representative to tell customers and partners that their information is lost.
Of course, like most things in life, after slicing Secure File Transfer at least four ways, the "fun" really starts with how to go about architecting a framework for a secure file transfer infrastructure that fits all the organizational requirements the over-stretched IT team can easily support and end users readily adopt.

That's the $64 question, as the saying goes.

Coming up next: how companies meet their Secure File Transfer requirements without killing the IT staff or inciting end user riot. (Hint: Secure File Transfer Appliance, SFTA.)

ACA-Guy

No comments: