Having wrote about data breach prevention back in March 2009, (Top 10 Security Breaches Related to File Transfer in Recent Months) it has now been almost 5 years since I last looked into the connection between file transfers and data leaks. Despite the time lapse it is still a relevant topic for today’s enterprise in 2014.
|I recently found this great website containing a online database of data breach incidents. The database goes as far back as 2004 and contains over 7000 incidents, capturing the tendencies over a long period of time with a large data sample. This time I’m not looking into specific incidents but rather focusing on the overall statistics. See below for a pie chart of the incidents by type.||
From file transfer perspective, let’s focus on the incidents that were related to lack of a proper managed file transfer solution. These include the following breach types:
Percentage of total
Email communication exposed to unintended third party
Lost data drive, unspecified if IDE, SCSI, thumb drive, etc
Media (i.e. disks) reported to have been lost by a third party
Lost backup tapes
Missing drive, unknown or disputed whether lost or stolen
less than 1%
Missing media, unknown or disputed whether lost or stolen
less than 1%
Personal information in “snail mail” exposed to unintended
Stolen data drive, unspecified if IDE, SCSI, thumb drive, etc
Media (disks or other) generally reported or known to have been stolen by a third party
Stolen backup tapes
Data typically available to the general public via search engines, public pages, etc.
When we sum up all these breach types, activities related to file transfer are responsible for almost a quarter (25%) of all data leak incidents. The only other higher group is Hacking at 28%.
To prevent hacking, the solution is usually fairly simple and very well know to the IT staff and it’s to invest in an enterprise grade firewall. On the flip side, the solution to prevent data leaks related to file transfer activities is not always obvious. IT departments often overlook the file transfer needs in their organizations and don’t consider implementing MFT solution.
The following facts further illustrate this disconnect:
- Gartner estimated the total market size for Enterprise Firewall at $5.7 Billion in 2009 (page 2 third paragraph https://itstrap.net/pdf/Gartner-Magic-Quadrant2010.pdf)
- The MFT market was estimated by Gartner in 2009 to be standing only at $540 Million. (https://www.networkcomputing.com/wan-security/managed-file-transfer-asserts-data-gover/229501408)
Gartner’s market size valuations seems to suggest that IT departments are throwing 10 times more money into their firewalls then into an MFT solution. However, the data compiled from datalossdb.org seems to suggest that the threat on data leaks is comparable between Hacking and file transfer activities, suggesting a disconnect.
Question: Why is the Firewall market 10 times bigger than MFT market while the impact on data leaks is comparable?
In conclusion, I’m suggesting that in 2014 organizations should take the MFT challenge! Dedicate more resources and time to implement a proper enterprise wide MFT solution because file transfers are almost equal in data leak risks just as a broken firewall. FileCatalyst managed and accelerated file transfer solutions help IT departments to reduce or completely eliminate the risks of data leaks related to the file transfer activities.
Proper managed file transfer (MFT) solutions are essential for employees to transfer information effectively and safely while protecting their organization’s most valuable asset: its information. While evaluating your next MFT solution, look for the following features:
- Ease of use with a simple web interface
- Tracking and security
- Enforcement of corporate file transfer policies
- User email notifications
- Central management and reporting
- User management via LDAP or Active Directory
- Extreme file transfers with the ability to handle file sizes up-to 10GB or even greater and the ability to handle very large amount of files (million or more)
- Ability to improve file transfer performance on poor or long haul networks