A New Method for Dealing with Rogue Data Transfers

By Pete Cafarchio
Most companies have been grappling with the trend of consumerization in their corporate IT environment. For many, this means that there is a growing tendency for new technology to first emerge in the consumer market and then spread into business and government organizations. With growing pressure to achieve results, coupled with tightened IT budgets, employees are looking to efficiently get their jobs done by using freely available tools. However, when these tools are introduced into the workplace, it creates an inherent lack of centralized IT control, which not only leads to potential data leakage, but also can create security risks. This tension becomes painfully apparent when employees need to exchange large, confidential files.

Unsuspecting Employees
Let’s consider the following scenario: Brandon works in a marketing department. As an important initiative for the year, he needs to send a copy of his company’s prospect database to their outsourced marketing firm to initiate lead generation campaigns. However, Brandon’s firm needs the file within a short timeframe or a key deadline will be missed that will most likely result in lower revenue this quarter. As Brandon tries to send the file, his e-mail server notifies him that his message is too large and that he should contact the IT department. This forces a domino effect. Brandon considers turning to his overtaxed IT department to send it via FTP. However, in the past this process involved an extraordinary amount of resources, and took days to send something that needed to be there in a matter of hours.

As a result, individuals like Brandon turn to rogue applications that are free and cloud-based, but lack necessary security controls. With a simple Google search, people can access multiple utilities such as Dropbox, YouSendIt, Google Sites and iCloud to send large files in a matter of minutes. This is what Brandon did to send his file, so the lead generation campaign is on schedule and Brandon could move on to other projects. Unfortunately, he just created a potential nightmare for the company and the IT department.

Brandon transmitted a highly sensitive file containing contact information for all of his company’s customers and prospects. Ultimately, his IT department cannot control, track, or even see what happens with these files. The problem is that he just used a free utility that could very well have weak or non-existent security controls.

All too often, employees face this situation and unknowingly open their infrastructure in a way that holds seriously detrimental implications. In fact, because of these major security concerns, companies such as IBM recently banned the use of Dropbox and iCloud in their corporate environment. What can people do in order to successfully send large and sensitive files yet still complete their tasks?

Apps For Everyone—IT Departments and Employees
When companies ban rogue applications they need to offer viable, easy-to-use alternatives for exchanging data or employees will simply find another way. Fortunately, some vendors are filling this need with tools that offer the best of both worlds, enabling workers to effectively get their jobs done while also giving IT staff the visibility, security and control over files as they are transferred. This is especially important for healthcare and financial institutions, who need to comply with extensive industry regulations.

For organizations evaluating vendor offerings, ask the following questions to help find the right solution:
• Does it have tight security? Is the data encrypted while it’s in transit and at every “hop” where it is stored? Dust off your security policy to ensure compliance with your standards.
• Is it intuitive to users? If the tool is not easy to use for both senders and recipients, extra training will be required and the IT support burden will increase. Check obvious things like password resets and easy account provisioning.
• Is the solution cloud-based or on-premise? Does the vendor has a certified data center and can they demonstrate your data is not co-mingled with others? Cloud-based solutions can offer significant cost savings in hardware, OS licenses, staffing and disaster recovery costs. The solution will be up-and-running much faster and you can also switch solutions more easily if needed.
• Does it give IT centralized control? A solid solution should allow IT to easily provision/de-provision users, track and monitor all data transfers including file names, sender and recipient IDs, timestamps, completion status of the transfer and other important metadata.
• Does it integrate with mobile devices? Is the web interface optimized for mobile browsers? Can it be used natively (without launching an application)?
• Is this a dedicated standalone utility or is it a multi-function service that easily ties in with your other corporate production applications?
As organizations face an ever-increasing need to comply with regulations, sending sensitive information quickly becomes the norm. This forces companies to re-evaluate their methods of data delivery. Gone are the times of simple FTP and email, which have proved to be too risky. Companies need to find new approaches that meet customer demands, deadlines and industry regulations. But as they do so, they must consider IT management implications. This means seeking out updated file transfer solutions which have evolved into “secure data delivery services.” These will allow their employees to handle encrypted email messages, inbound customer portal feeds, and electronic forms data safely and securely.
Pete Cafarchio is vice president of DataMotion. DataMotion provides cloud-based data delivery services. http://www.datamotion.com pcafarchio@datamotion.com


Tags: , , ,

Categories: TechNews

Author:NJ Tech Council

The New Jersey Tech Council helps companies grow and supports the tech, innovation and entrepreneurial ecosystems in the state and region.

NJTC TechWire

Daily updates about the region's most tech savvy companies


  1. Dealing with employee rogue file transfers? | DataMotion Blog - July 9, 2012

    […] (2)Uncategorized (3)© DataMotion Blog 2012 Are you dealing with rogue file transfers?In this article, Pete Cafarchio writes about a new method for dealing with rogue file transfers.“When […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: