Why Companies Should Fear Consumer File Transfer
“Elliott Greenleaf & Siedzikowski has sued a former partner and his new firm, Stevens & Lee, for allegedly installing software on Elliott Greenleaf’s computers that allows the partner to have continued access to the firm’s files in the “cloud.”
The article describes how users took advantage of DropBox’s ability to be installed on any computer and consequently under the radar of IT, whereby a link was created to steal data from a former employer. This was achieved by using DropBox to synchronize files from the internal network and making these accessible outside the firewall. In this particular case it meant, “secured” files were made accessible to employees after leaving the firm. According to the article, this was not done by mistake, but with intent. The problem described here is not whether DropBox is secure or not, it’s how “consumer” file transfer solutions can potentially be misused or mismanaged within corporate walls. Unauthorized file transfer solutions are counter-productive to any compliance and governance efforts. How does IT counteract this trend, whether installed with or without intent?
To prevent cases like the one mentioned above, organizations concerned with data security and compliance need to monitor all file transfers in and out of the organization, have a full audit trail of all files communicated, and incorporate governance of file transfers as an ongoing program.
Unfortunately, “consumer” file transfers solutions are everywhere. When working for Gartner, clients told me they typically had as many as three to four “consumer” file transfer solutions installed across the business. The explanation was often the same, file transfer had flown under the radar and more often than not IT had not been proactive with business user’s demands for alternatives to existing FTP and Scripts.
IT is now playing catch-up to get a grip with the consumer based file transfer solutions, which is why IT increasingly sees file transfer as an essential part of center of excellence (COE) for integration, Integration Competency Center (ICC), Service-oriented architecture (SOA) or Business process management (BPM) initiatives. This is done to bring governance back to file sharing and under the control of IT.
Why is Thru different from other file transfer solutions? Thru only sells to enterprises and does not offer any consumer services, free or paid. We don’t fly under the radar of IT; we work with IT and have done so for over 10 years, integrating into existing monitoring tools and policies. Thru’s Managed File Transfer solution enables enterprises with the security and governance needed, furthermore providing business users with an easy to use, alternative solution, with no changes in workflow.