Wednesday, 10 February 2010 06:07
By John Lee, Regional Sales, Pacific, Axway Inc
IT teams responsible for Australia’s business data transmissions services are likely to be operating in survival mode, cautions Axway, the Business Interaction Networks company. Costs are rising and security risks escalating.
Organisations are sending ever-increasing volumes of business critical information across systems and exchanging high volumes of data with customers, partners, suppliers, distributors, service providers and government agencies. All these data transfer types are coming under increased scrutiny.
The cost of providing file transfer services to internal and external customers is increasing, and the risk of security or service failure has never been higher. As file transfer challenges become exponentially greater and more complex, the question of how data flows are managed and viewed becomes critical.
Many organisations allow individuals or departments to choose their own file transfer methods. While some may wonder ‘how hard is it to move a file?’ the truth is that file transfer is often difficult to classify, let alone execute. Some transfers are purely system-to-system, while others involve manual steps executed by individuals. Some transfers are part of structured processes, others are ad hoc. Some require inspection of the file or adherence to a specific security policy, while others are simply emails between co-workers.
However, files are the core paradigm of collaboration. When defined IT infrastructures don’t understand and provide for the way that people actually work, users will resort to unsecured ‘back doors,’ such as private email accounts or file transfer protocol (FTP) scripts embedded in applications. This piecemeal approach typically offers no visibility into what data is being transferred or who is responsible for it, and places no security controls on data exiting the enterprise.
Globally it is estimated that 80 per cent of enterprise data exchange is carried out through the ‘simple’ process of transferring files. Methods for exchanging information vary: email is commonly used for ad hoc messages, while a managed file transfer (MFT) solution may be deployed for the exchange of highly sensitive structured and scheduled data, such as personal health information, confidential financial information or electronic data exchange (EDI) files.
The more sensitive the content of a message or file, the greater the need for governance and policy. The need to set policy, govern actions and ensure security related to data transfer and manipulation makes a complete MFT solution essential.
Not so long ago, a file transfer was enabled by a simple connection between two servers. But today the process may involve many diverse systems, platforms and servers that must be integrated to exchange information effectively.
Whether sending purchase orders, invoices, advanced shipping notices (ASN), CAD/CAM files, employee/HR records, or logistical data, transactional data flows are often disrupted. Throw in mergers and acquisitions that create even more heterogeneous IT environments and the challenges escalate, transactions fail, documents are corrupted and data doesn’t match up, messages get lost. This disruption leads to lost revenue and escalating costs in manpower and resources.
When a file is lost or delayed, usually senior IT staff are called in to help. They are an expensive resource, likely already engaged in mission-critical projects. Are they serving the business best by innovating new solutions, or by tediously searching logs for a lost or problem file?
Meeting audit requirements, responding to service level agreements (SLAs) imposed by customers and partners, and establishing operational efficiency require technology that speaks the language of your business.
It’s relatively easy to send a multi-megabyte file over the Internet, just as it’s easy to expect an acknowledgement to nearly every file or message sent. However, the growth in supporting infrastructure hasn’t caught up with advances in bandwidth and storage. Large files now choke email servers, and dedicated gateways slow to a crawl as a result of peak time volumes. Increasing file sizes and file volumes are escalating the costs associated with unmanaged file movement.
These costs are leading companies to impose policy changes, such as limiting automated file transfers to select or key customers, or setting email mailbox size and attachment limits. Unfortunately, without a reasonable alternative to share files, employees will revert to old habits, or at least to more convenient ones. Witness the rise of Gmail and Yahoo Mail accounts in corporate settings.
When employees need to send a special-needs file — a large file or one that contains sensitive data — that isn’t a structured and scheduled data transfer, how do they do it? Are such transfers regulated by written or automated policy? Can you produce an audit trail if necessary?
Where person-to-person interaction is involved, file movement is influenced by the changing nature of human interaction on the Internet — reflected in employees’ interaction with unstructured networks. But even smart people sometimes do careless things, like emailing company-confidential information to a partner because it’s easier than scheduling a file transfer through the company’s (audited and secure) MFT solution.
Phased approach the ideal strategy
For a variety of business critical reasons, enterprises need an MFT solution that provides a scalable and phased approach to a broad spectrum of issues, including internal and external file transfer, system-to-system, system-to-person, structured and ad hoc, and person-to-person file transfers.
The solution must encompass policy-driven governance, the ability to ‘bridge’ files and messages, and offer global visibility into business activity. All file transfer activity should be centrally managed, and there should be intra- and extra-enterprise monitoring capabilities (business activity monitoring, or BAM).
File transfer activities and processes must be automated, and include encryption/decryption, end-to-end security, full auditability and guaranteed delivery (non-repudiation). Finally MFT should incorporate performance metrics/monitoring.
The phased approach is an innovative, incremental and highly structured method of implementing MFT. It uses repeatable processes that capture and preserve knowledge, and established best practices while implementing process and data integration solutions.
Such an approach provides a range of benefits. Its rational allocation of time, money, and resources to project activities will evolve over the life the project, and must be constantly monitored and updated.
The phased approach also encompasses creation of a services proposal, as well as a framework for communicating project issues, and a process for pushing these issues to resolution. The project manager is the driving force behind the project issues list, and constantly pushes these issues to resolution.
There is also the assurance that each project deliverable meets quality and level-of-detail standards. The project manager should review and approve each deliverable produced by the project team, in order to ensure activities are completed at the appropriate level of detail.
Organisations should consider whether their MFT strategy includes certain key capabilities, such as the ability to track file movement and usage data from file exchanges between partners and remote employees, as well as application-to-application file movement.
A secure, reliable and compliant means of ad hoc or person-to-person file transfer (i.e. email) is essential, while robust data loss prevention measures must span all methods, modes and types of file transfer. Enterprises must be able to track policy violations when files containing sensitive data are sent internally or externally. Management, scaling, consolidation and integration of all file transfer processes must be combined in a single, secure file transfer solution.
A true MFT solution includes five key strategies:
1. A modular approach to implementation. This allows organisations to leverage and support legacy infrastructures. Holistic replacement of infrastructure to support operational improvement or risk/compliance measures is unrealistic. A ‘rip-and-replace’ approach is cost-prohibitive, adds unnecessary complexity and lengthens the time to return on investment (ROI).
2. Commitment to open standards. Investment in proprietary protocols benefits only the owner of the protocol, while customers who invest in open standards leverage the vendor’s commitment without locking themselves into a single method or vendor.
3. Comprehensive visibility into all file-movement usage patterns, including files transferred over email. System-to-system file flows are generally well understood, as are most business-to-business flows. Yet few vendors include the most common method of internal and external file movement – email – as standard in their architecture.
4. Governance and compliance through policy management. Those who don’t understand and manage the content, destination and sensitivity level of data being transferred, risk losing confidential information to the outside world. An integrated policy management solution provides a simple interface to manage content and apply a series of actions to best protect the company, while minimising disruption to business flow.
5. Agnostic visibility. While it is unrealistic to standardise on a single platform initially, it is critical to have a consolidated view into fractured legacy infrastructure through an event-based, file-optimised visibility tool that is vendor and application agnostic.
An MFT solution must be agile enough to handle the diversity of new trading partners, including the protocols and data types they require and security requirements they impose. It must be able to bring new customers online quickly, and provide a clear, easy way to manage business processes and handle the inevitable exceptions.
MFT must also be able to simplify file-based application integration challenges while maintaining a flexible architecture, and provide guaranteed delivery of large files – locally or over great distances – to ensure processing within defined timelines. It must limit or eliminate hard-coded “scripts” for process automation, while enabling visibility into how and when transactions are taking place.
In the final analysis, corporate efforts to control costs and mitigate risk will depend very much on due diligence in selecting a vendor whose solution supports the phased approach to implementing the enterprise’s critical managed file transfer infrastructure.
About Axway
Axway This e-mail address is being protected from spambots. You need JavaScript enabled to view it is the Business Interaction Networks company – the only provider in the market today to manage, run, secure, and monitor all of your business interactions, including email, files, messaging, services, events, and processes. Serving over 11,000 organisations in more than 100 countries, Axway facilitates the multi-enterprise transactions, processes and integration that accelerate business by eliminating the barriers between vendors, customers, departments, partners and suppliers.
Axway's comprehensive offerings include business-to-business integration, managed file transfer, secure email, business activity monitoring, enterprise application integration, service-oriented architecture, business process management, track & trace and identity validation solutions. Axway provides professional and managed services, as well as cloud computing and Software-as-a-Service (SaaS) offerings. Headquartered in Phoenix, Arizona, Axway's global presence spans 20 countries.
For media queries
Marketing, Axway Australia
Tel: +61. 02 9956 4555
Web: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
David Frost
PR Deadlines, for Axway
Tel: +61.2.4341 5021
Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
For more information:
