IT DRILLDOWN
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

 

 


Tue, Jan 22, 2008 12:46 EST

Data Leakage: How to Avoid Security Risks When Sending Large Files

Topic: Infrastructure

Current Rating: 5 Comments: 4

With 2007 now behind us, the issue of data leakage continues to top headlines. Of course, we’ve all seen the stories summarizing and ranking the worst breaches of 2007. Now, in 2008, articles are still popping up everywhere with advice on how to avoid becoming the next victim. Web security, identify management, secure application coding and virus protection software are being added to a growing list of technology solutions designed to protect enterprises from this ever-changing and complex problem. Yet the fundamental process for securing the terabytes of data passing in and out of companies through large file transfer remains predominantly overlooked.
I find it troublesome that though the problem is ubiquitous, very few companies are doing anything about it. This means that the average corporation keeps risking the safety and security of its own as well as its customers’ digital assets.

The impact of data going digital is affecting nearly every industry including healthcare, legal, engineering, marketing and advertising. In response to increasing file sizes and to the effects of large file attachments on networks, many organizations are tightening email policies. However, these policies put in place to protect an organization often do more harm then good as they push employees to look for alternatives ways of sending large files; typically non-compliant and un-secure workarounds. Let’s face it, at the end of the day the number one priority for employees is to get the job done. Addressing the issue head-on with a secure solution that end users will actually embrace is critical.

To help companies avoid many of the issues related to the transfer of large data files, I feel compelled to draw upon my company’s experience in solving these types of issues and share the following tips to enterprise folks concerned about preventing data leakage at the file transfer source.
1. Pick a business level solution. There is a difference between corporate and consumer file transfer offerings. If you are an enterprise customer, look for an enterprise file transfer solution. There are distinct differences in the level of security needed for enterprise vs. consumer file transfer and the different offerings reflect12 this.
2. Avoid IT overload. Pick a solution that easily integrates into your existing IT environment and requires minimal IT administration. Knowing IT workload today, I would recommend an “install and forget it” application solution—one that has no file size limitations and doesn’t require constant account creation administration and support headaches such as decryption software at every recipient; (why FTP is not the answer!).
3. Make it easy. It is best if large file transfer is integrated directly into email applications or standard web interfaces, but without suffering from size limitations. If a solution is not easy to use, users will find alternative means ~ often with glaring security loopholes ~ for sending large files.
4. Be compliant. Pick a solution that allows for complete auditing and tracking of information entering or leaving the organization.
5. Secure your data. Accept no less than business-level security. Automatic encryption and authentication check points that validate recipients provide an added level of security to show that confidential information has not been shared and exposed.
I hope this helps. I appreciate your thoughts and comments.
Yorgen Edholm, President and CEO, Accellion (www.accellion.com)

You do not have flash or javascript support.
Average (1 vote)
5
 
 
Tue, Jan 22, 2008 15:20 EST
Anonymous user
Posted by: Anonymous
Rating:

We use a product called DirectXchange for Outlook. It allows users to send large files directly point to point by compressing and splitting files into multiple attachments. You can encrypt the archive for security.

http://www.pergenex.com/

 
Tue, Jan 22, 2008 16:43 EST
Anonymous user
Posted by: Anonymous
Rating:

Isn’t this entire posting about avoiding security risks? How do you propose to do that with DirectXchange… it doesn’t offer security features? Another issue is the non user-friendliness of file zipping and splitting. If you wish to send a 100MB CAD file via DirectXchange it will zip the file (60MB) then split up the file into 10 - 6 MB pieces, attaching each piece to an email message. On the recipient end, they will receive 10 email messages each with a 6 MB attachment. Nobody is going to thank you for that.

 
Tue, Jan 29, 2008 18:11 EST
Anonymous user
Posted by: Anonymous
Rating:

As discussed above, data leakage is a concern on every Executive management’s minds these days and it sit relatively high on the list of what keeps them up at night. What keeps them up at night, is that as we see more and more organizations try to stay ahead of their competition and curve by moving to doing business digitally and in real time with more and more regulations and compliance laws. The results of this is that more and more employees are now sending emails or large file where 10 years ago we sent our communications via, snail mail, messenger or overnight. It is fact this is the way we do business today in the real world.

I think however the real question is how do we ensure employees aren’t circumventing the system and sending things out via third party (gMail, Hotmail, etc). We don't, unless the company locks down access to third party sites. However if you lock these sites down you will have to give the employees another means to still send their files and communications. This is a drivers for technologies like (secure) file transfer solutions. As file sizes continue to grow so does the need to have technology in place to support those larger file transactions. This is where products like Accellion come into play, as well as others out there in the market place (Globalscape, Biscom and others).

My opinion is that organizations are still faced with the potential threat of data leakage regardless of the technologies you implement to steer your employees away from third party technologies. As much as we want to trust our employees are following the corporate rules and protocols, this is real life and today. You can give your employees the tools to help transfer those files but the question is what content resides within those files being sent? So how do you know that corporate information of a sensitive nature isn't leaving your networks? The fact is that with a solution like Accellion you are giving your employees keys to the moving van with out the ability to really have insight to what the moving van is taking or in this case sending.

Accellion yes is good to send large file but at the same time these files could be as large as whole hard drives. Who's to say that a so called trusted employee isn’t sending out back up copies of their hard drives or other information? You don't.
The only way to ensure you are protected from both accidental and intentional data leakage is to have DLP technology build into your current offering or the ability to integrate third party DLP technologies into existing technologies, both of which Accellion doesn’t presently provide within their offerings.

So as we continue to evolve into the digital future large files or other digital communications are only going to continue to grow. The nature and content of these communications and the need to secure the content of those files in transit will also grow. This will mean more content moving in and out of a network which will result in organization needing to make sure what content intending to leave your network satisfies corporate policies.

To do this you will need to look at more closely at your file transfer solutions to ensure DLP solutions are integrated or can be integrated from a 3rd party. This way the organization can prevent data leakage before it occurs. By placing DLP technology ahead of the horse you can ensure your companies, name, reputation and corporate assets. Then you can give the employees the technology and freedom to send those large files and digital communications without any worries of keeping the executive up at night.

Data leakage will not end by giving your employees a tool to send large file but by having the technology in place to prevent this from happening in the first place.

 
Thu, Jul 3, 2008 21:41 EDT
Anonymous user
Posted by: Larry
Rating:

My company was experiencing heavy overloads with our email server due to large attachments, and we didn't want to set up an FTP server because of the many headaches that are involved with managing it.

We decided to go with a vendor called LeapFile because their solution solves our need for a large file transfer system that has the security and business/enterprise features mentioned in this article.

We evaluated several other companies/sites, but all of them are either to "consumer" focused or are hardware based, which I do not want to manage. I went with Leapfile because of these reasons, and also because they seem to have a successful track record of serving businesses. I highly recommend them.

Start a Conversation
Click to post

Got something to say? We want to hear it! Click the Post button to get started. GO»

EXPERT ADVICE
See our roster of experts.

Advice & Opinion from more than 94 of IT's most insightful thinkers.

advertisement

TOP USERS
UserPoints
1. laith al jazi12550
2. reCareered8625
3. Akshay Upadhye7650
4. Chris Moore6750
5. abdhiraj6175
UserPoints
6. Al Sacco5875
7. remi5625
8. Mark Cummuta5425
9. Brian Flora5125
10. asengupta3750
  PARTNERS       PODCASTS       WEBCASTS    
 

From Laggard to Leader: Transforming the Data Center

This webcast offers an understanding of how customers are transforming their data centers, the successes and challenges of each approach, and how IT can become the driver to provide real business value and competitive advantage.

Sponsored by HP  Register for this Webcast »

 

Ensuring Business Services Delivery

Join Forrester Research and Fluke Networks for this unique round-table webcast, moderated by Gary Beach, Publisher Emeritus of CIO, that will touch on:

  • * How Application Performance can effect overall delivery of Business Services
  • * Best practices for managing Application Performance in a converged and distributed environment
  • * How to utilize forensics to optimize use of your internal resources


Sponsored by Fluke Networks
  Watch this webcast. »

 

The Universal Wireless Client

Learn how replacing multiple wireless clients with one Universal Wireless Client can cut support and help desk costs, increase end user satisfaction, improve security, and help implement Network Access Control.

Sponsored by Fiberlink  Read this White Paper »

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

NAC launch from HP Procurve Podcast with Lippis Report, Part 1

ProCurve Networking by HP joins the Lippis Report to announce major product and organizational additions to their ProActive Defense strategy.  Read More »

 

Accenture's View on Web 2.0 and its impact on business

Publisher at CIO magazine, Bob Melk, talks to Accenture's Blair Jones about the emergence of Web 2.0...  Read More »

 

A Best-Practice Framework for Virtualization

This podcast offers insights and perspective on the various issues that relate to virtualization...  Read More »

Resource Alerts

Get instant email notification when white papers, webcasts, and case studies are added to our library. Don't just be up-to-date—be up to the minute with our new Resource Alerts.

Forrester builds a case for the next generation information workplace.

As businesses seek new ways to enhance collaboration and improve productivity, the information workplace continues to evolve...  Read More »

 

Find out what Forrester says about mobile endpoint security and its management.

Mobility raises productivity. But IT departments are hard-pressed to protect mobile data and to manage security software, wireless clients and regulatory compliance for mobile workers...   Read More »

 

Get Forrester's take on simplifying mobility with the universal wireless client.

Mobile workers want to use all types of wireless networks: WiFi, 3G cellular networks, corporate WLANs and home wireless networks. But how can IT support...  Read More »

Resource Alerts

Get instant email notification when white papers, webcasts, and case studies are added to our library. Don't just be up-to-date—be up to the minute with our new Resource Alerts.

 
NEWSLETTER

Sign-up for the Advice & Opinion Newsletter

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Build up or Tear down? See how UC makes sense with Nortel. Calculate your UC ROI

Motorola AirDefense can identify and exterminate your rogue APs. Learn more

CA delivers deeper insight into your assets, resources, projects & services so you can make more informed IT decisions

Manage your IT more effectively

Is there a secret to Sharepoint® Security? www.SharePointSecured.com

Request a Novell/Microsoft deployment workshop

Keep your valued customers through tight business integration - it's a lot easier than you think

Simplified business collaboration, we make the connections so you don't have to

Compuware.com - See how we make IT rock around the world

Discover PMI's credentials and career path tools

SOA Educational Library at the TIBCO SOA Resource Center

Secure your virtual and physical environments with the same software

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Information Security: Data Drains and How to Prevent Loss

Prudential Financial Protects its Brand with Symantec

A Guide to Understanding Hosted and Managed Messaging

Google Apps Premier Edition Helps Indoff Manage E-mail More Effectively

CapGemini Cut Call Center Costs with Google Apps Premier Edition

Comprehensive Review of Security and Vulnerability Protections for Google Apps

Web 2.0 The New Face of the Web

Universal Search in Healthcare Organizations

Google Case Study: Agile Software

Universal Search in High Tech Organizations

Providing Universal Search for Business

Google Case Study: Kimberly-Clark

Industry Analyst Report: Top Hosted Exchange Vendors in 2008

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

Efficient - Flexible - Compliant

Log onto Hitachi True Stories, films inspired by the next great achievement

Request a Novell/Microsoft deployment workshop and kit

Request a Novell/Microsoft deployment kit

Let Hubspan's managed service tackle your business integration challenge so you can focus on your core business

Strong Authentication. Secure USB data storage. One Device

Global Crossing is the most viable alternative for voice, video and data

Dell Latitude: Battery life up to 19 hours. Learn more

TDWI Report shows strong validation for investing in predictive analytics

Security and Trust: The Backbone of Doing Business over the Internet

7 Requirements of Data Loss Prevention

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Best Practices in Choosing and Consuming Managed Security Services

A Guide to Messaging Archiving

2008 Google Communications Intelligence Report

The Impact of Messaging and Web Threats

Comparing Google and Other Leading Messaging Security Solutions

Deploying a Google Search Appliance is Not your Typical IT Implementation

Google Case Study: Pioneer Investments

The Case for Universal Search

Universal Search in Financial Services Organizations

Google Case Study: Sunnybrook Health Sciences

Learn About the Features of the Google Universal Search Solution.