VSM: What’s the most common use case for secure file transfer?
BH: Sending electronic files can be accomplished a variety of ways. For many people, it’s FTP, but people also attach files to emails, or even copy files to a flash drive or CD and ship it out. There are two main reasons people use SFT – to protect a file that contains sensitive information such as protected health information (PHI), financial data, or any other confidential information, or to send extremely large files. Sometimes it’s both reasons.
One of the most popular features however, is receiving an email notification that lets you know that your recipient has received and opened your delivery. That notification of receipt is incredibly useful – otherwise, you’re in the dark about whether or not your important file actually made it to the other side. Ultimately, SFT is useful because it’s easy to use and you don’t have to call IT for assistance, it’s secure, and it’s faster than most other alternatives.
VSM: What’s the most popular Biscom SFT add-on?
BH: By far, our most popular add-on is the Outlook integration. This little plug-in adds a button to the Outlook ribbon or toolbar, and people simply have to click the button to create a secure delivery. But even better, the SFT Outlook add-in can be policy-driven – so files that exceed a certain size or match specific file types will trigger a secure delivery. Policies can even be created to match keywords found in the subject line and those messages can automatically route the message and its files through the Biscom SFT server. I think it’s popular mainly because it doesn’t change the user’s behavior much at all – the secure message looks just like a normal Outlook email. But there’s a lot more you can do to customize the delivery such as set expiration dates, define notification options, and even password protect it.
VSM: For customers that already have a secure email solution in place, why is a secure file transfer solution necessary?
BH: Secure file transfer (SFT) complements secure email in many ways. Secure email solutions often have the same limitations that standard email has. That is, there may be limitations on the size and file type of attachments. The capability to re-route large or sensitive file attachments through an SFT solution maintains the security requirements, but also enables content sharing that was not available through email. Also, if the SFT solution integrates with the email client, sending large files is seamless. In fact, because Biscom has a secure messaging component that is included with file transfer, many of our customers are replacing their secure email with our SFT solution to lock down their files and messages in a single step.
VSM: When an FTP server seems to be running fine, shouldn’t that be sufficient?
BH: File transfer protocol (FTP) was developed in the early 1970s when security concerns and usability were less important than getting data from one place to another. Most end users were Department of Defense or university researchers exchanging data across a very limited network and user population, and may not have had to worry about hackers and external threats. FTP hasn’t changed much in over 40 years which is a testament to the original design, but the world has grown exponentially connected and people have new concerns and requirements that didn’t exist back then.
Security, ease of use for non-technical users, and reporting requirements have made FTP a less ideal solution for many people. Also, sending passwords in clear text is no longer acceptable but there’s no easy way to prevent this on an FTP server. The administration and IT involvement needed to send a file is often a manual, tedious, and error-prone process. If permissions are not set up correctly, people may have access to files that are not intended for them.
VSM: What’s so important about scalability?
BH: Scalability is important for any application because small deployments often grow and large deployments grow even more. Scalability, or the inability to scale, depends on several factors, such as the design of the overall architecture, modular and extensible coding practices, standards-based component support, well-defined APIs, and platform neutrality.
Support for load balancing becomes important when deployments grow beyond the departmental level, for both performance and availability reasons. Look for solutions that were designed from the ground up to be enterprise solutions, that support clustering and redundancy, or can be used in conjunction with virtualized environments.
VSM: What are the differences between hardware-based and software-based SFT solutions?
BH: Some SFT vendors are appliance-based solutions and others are software-only solutions. Appliances are useful in situations when deployed at network edges, such as a firewall or network switch, but because sensitive data is potentially being stored and transferred through an SFT application, software-based solutions are often more flexible and secure. For externally facing applications, such as SFT, placing an appliance in a public accessible location such as the network demilitarized zone (DMZ) potentially exposes corporate data to the world. Hackers are constantly exploiting vulnerabilities, and patches are usually one or two steps behind most intrusions; any system that has openings to the public Internet is susceptible to being attacked, and there is significant potential for data to be accessed. Bots have been specifically designed to crawl sites looking for open vulnerabilities, and download any files they find during their search.
Software solutions, especially those that support multiple tiers, can simply expose the presentation layer in the DMZ without compromising sensitive data, which can be stored (and encrypted ideally) in a more secure part of an organization’s private network. Also, since most IT departments have standardized hardware and patches can be applied globally as the rule rather than exception-based patching for unique hardware systems.
Hardware-based solutions also face the inherent risk of obsolescence. The pace of CPU advances and a declining price/performance ratio means hardware becomes outdated even more quickly today than in years past. Proprietary appliances may be harder and more expensive to upgrade than standard servers, and if increased user demands require scaling, you may be forced to replace the appliance hardware rather than a more cost-effective upgrade route.
VSM: What is Biscom’s Secure File Transfer solution?
BH: Biscom Secure File Transfer is an enterprise file transfer solution that enables users to send files, documents, and messages securely while maintaining a complete transaction and audit trail. As mentioned earlier, SFT is useful in so many cases, and these days, more and more information is being shared with people inside and outside an organization. Biscom SFT provides all businesses need to manage large file transfers and comply with increasingly strict state and federal security regulations, all in an easy-to-use package that ensures widespread adoption by employees, customers, partners, and others. Biscom’s solution integrates with Outlook, Sharepoint, iManage, anti-virus, and meta-data cleansing applications.