Three Tips for Intrusion Prevention with Managed File Transfer

Phil Dunlop, VP at Progress, EMEA, writes about a tamper-evident audit trail, multi-factor authentication and rotating data encryption keys.

With some organisations furloughing their cybersecurity teams during the pandemic, it’s clear that each business places cybersecurity somewhere different on the scale of importance. Security is an intrinsic aspect of any managed file transfer (MFT) solution. And organisations which are new to this must be aware of the various security options in order to make an informed choice. At the other end of the scale, some MFT users are paranoid about security, so it’s important to know that MFT is not a one-size-fits-all feature.

Choice is the operative word when considering an MFT. While security and encryption are key, there are other features to consider, so here are the three best security features which can be implemented to prevent a breach.

Security for the Needs of the Business

Each organisation’s security requirements are specific to their organisation’s needs in their specific industry, factoring in user tolerance levels and the associated security budget. Security needs must also comply with company management best practice guidelines as well as external forces, such as industry regulations.

Sometimes the best possible security lies out of reach for financial reasons, convenience, or simply a lack of understanding of what constitutes a security risk. MFT security should never be a plug-and-play product; it needs to be built to fit clear needs. I hear clients asking, ‘Are we paranoid enough?’ That’s honestly a reassuring outlook in security – even with the best cybersecurity, there’s always something that can be improved upon.

Ensure Your MFT Solution Provides Security Options

All MFT solutions will encrypt files in transit, but some might not also encrypt those files at rest, with some offering this at additional cost. Some solutions allow you the option to encrypt, for instance if your stored data is automatically encrypted by Microsoft as part of using MS Azure Blob hosts. But if you prefer not to trust Microsoft’s innate encryption, your team may wish to encrypt. There may be an inconvenient performance hit when re-encrypting and re-decrypting data every time it’s accessed – especially if you have hundreds of daily transfers.

Other optional features like security-question-based password resets or multi-factor authentication (MFA) may be ideal for your organisation. But only investing in a MFT which can be tailored to your security requirements will allow these options.

The following are three of the most effective security features you can implement for intrusion prevention:

1. A Tamper-Evident Audit Trail

This is critical is you operate under regulations like HIPAA, GDPR, CCP, SOX, PCI-DSS or something similar. You must be able to prove at any time that any given data transfer was kept secure at all times and that only authorised individuals had access to it. This means keeping data encrypted in transit (in transfer between agents) and at rest (when stored). This creates a report which details anyone who accesses the data. Regardless of compliance requirements, these reports give invaluable insight if there is a data leak or network intruder.

2. Multi-Factor Authentication

If there was one choice alone to enhance your security profile, implement MFA. It can prevent intrusions better than the next ten security methods combined. Despite being the hardest to get through from a user convenience perspective, it is invaluable. MFA confirms that the individual logging in is actually who they claim to be. It requires something they know (login and password) with something they have (phone, token generator, etc.). Microsoft’s 300 million Azure systems are probed constantly by intruders, and implementing MFA can prevent access 99.9%.

3. Rotate Data Encryption Keys

Data encryption keys are the most precious IP you own for your MFT. If a hacker accesses them, it’s into your entire system, perhaps without you even knowing. These keys should be rotated regularly, according to PCI-DSS regulations. An oversight can easily prevent this, so ensure that your MFT solution has an interface which allows you to securely and easily rotate your encryption keys and can also track the status of key changes. Ideally, it should include a feature that rotates them automatically for built-in resilience.

Conclusion

Additional considerations include looking into cloud-based hosting of your MFT, for extra benefits in cost savings and convenience. Also consider if your users will tolerate an enforced policy acceptance prior to log in? Do your customers demand onboarding or access faster than your security procedures will allow?

Regular evaluation of security procedures and user compliance is critical to ensuring your MFT is secure while keeping it workable for your users. Maintaining a proactive and strategic approach to security is more effective than being paranoid, any day of the week.

By Phil Dunlop, VP, Progress, EMEA.

Guest Contributor
Guest Contributor
Follow on Twitter @eWeekUK

Popular Articles