Accellion blog has moved!

You should be automatically redirected in 6 seconds. If not, visit
and update your bookmarks.

Wednesday, September 20, 2006

Security and Auditability Legislative Mandates: Do Your File Transfer Processes Comply?

Summary: How to secure file transfer processes in the face of government regulations such as Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), and the Graham-Leach-Bliley Act (GLBA)? Proactive IT shops are looking for these key capabilities offered by Accellion SFTA.


At Accellion, we say "Accellion Courier Secure File Transfer Appliance (SFTA) offers a key component in implementing secure and auditable file transfer processes required for meeting IP security needs and compliance mandates..." Just what does that mean? How will this product help you with your compliance mandates?

Most large enterprises operate under at least one of the legislative mandates for the protection and validation of private information. For instance, under HIPAA (Health Insurance Portability and Accountability Act), healthcare providers must safeguard the privacy of their patients' medical records. While observing GLBA (Graham-Leach-Bliley Act), financial institutions are required to hold consumers' financial information in strict confidence. Under SOX (Sarbanes-Oxley), public companies must prove that they have adequate internal controls over business procedures and financial information.

Though the legislation can get complicated when examined closely, it really boils down to common sense. Borrowing from the good ole' "do unto others" Golden Rule we all learned as children, think of the (secure) file transfer portion of these compliance mandates at their core as the "Golden Rule for Data Handling." In other words, treat other people's private data as you would want to have your own private data treated.

Common sense aside, since nefarious means such as spyware, IP spoofing, and interception of non-secure wireless traffic abound, there are several key capabilities that growing numbers of proactive IT teams are looking for in order to secure email attachments and other file transfer processes while meeting the regulatory compliance requirements for their respective industries. Many of our customers have come to Accellion to fulfill this duo objectives with SFTA because of these considerations below.

(Hint: The words in italics relate directly to specifications of the legislative mandates we have been talking about.)
  • Automated download receipt - When a recipient downloads the file, a return receipt is generated to the sender. The recipient cannot turn the return receipt off. Users can review and track files sent and their download status.

  • End to end file security - Files are encrypted, uploaded, stored, and downloaded through secure links and recipients are authenticated ensuring only the intended recipients can access the file.

  • File management - File life cycle management is automated so when the prescribed time comes, the file will be deleted to manage the life cycle of files centrally per corporate retention policies. This means neither user nor administrators have to worry about having unattended errant sensitive information.

  • Directory services authentication - LDAP and Microsoft Active Directory are used for authentication and to minimize setup efforts. By allowing users to send large files securely using the same email id and password, this significantly improved the process flow.

  • File transfer auditing and tracking - Auditable records from third party on when recipients download attachments that can be summarized by individual recipient, file name, time and date.
The good news is that government mandates have clearly articulated the needs for securing business processes -- processes which often include the transfer of data from one hand to another. The better news is that encryption, audit trails, recipient authentication, and secure links, to name a few, are the common sense way to handle files securely. And, the best news is that all these are standard features in the field proven Accellion SFTA.

You can read more about how Accellion Courier Secure File Transfer Appliance works for security and compliance here.


No comments: