Secure file transfers

Hi. My name is John Thielens; I'm the Vice President of Technology at Tumbleweed Communications. I want to talk to you today about secure file transfers. Now, the reason this is important is because in reality, we're all exchanging files everyday, whether it's contracts, customer lists, plans, designs, videos, we're all moving files around to get our jobs done.

Yet, at the same time, when we read the newspapers, we see constant reports of files getting lost. So, how is this happening? Why is this happening? Let me see if I can give you a little bit of insight.

The reality is that when we move files around, by and large, we're talking about email, plain old email. And IT knows this. So over the years, say, from about 2000 to now, we've seen the average email limits in a system increase from maybe 10 megabytes for an email and its attachments up to about 20 megabytes.

And while they've been doing that, they've been wrapping this in a nice, security blanket, providing all kinds of compliance controls and security features and filtering to keep this a nice, safe and secure channel. But, what else has been happening? In the meantime, the size of the content that we're exchanging, particularly multimedia, PowerPoint files, drawings and whatnot have been growing in a rate that far exceeds the capacity of the email channel.

We've also seen that about 42% of companies have left the choice of what employees should do in this gap up to the employees themselves. Now, one of the things they might choose is to send it by physical media. So, there's been another problem, which is that the level of security for physical transports, say, in an armored truck, the perception of this has been decreasing. So, we see CDs going lost, for example, at the VA Hospital with tens of millions of soldiers' names being disclosed.

Employees may also be choosing to post content to an FTP site and we also see some vulnerabilities here, like the Army Corps of Engineers leaving drawings for Iraqi defenses publicly accessible to the Associated Press. So, that's kind of a problem. Why is this happening?

Well, it turns out that users, when they make their choices, tend to pick from a set of technologies for exchanging content that are familiar and easy to use. In the meantime, IT has been setting up a set of technologies that are managed and secure, but are completely unusable or unfamiliar to the employees. So, there's a huge disconnect between what employees are trying to do and what IT has set up and provisioned them to do.

The real issues are we need to find something that's secure, that gives us the privacy we need, is also auditable so we can find out where the files went and can provide compliance reports, but most of all, is easy to use. So the users, when they make these choices, pick something that meets the security requirements.

So, broadly speaking, there's a category of solutions that we now know as "managed file transfer," which is sort of an evolutionary term from "secure file transfer" that puts the focus not so much on the security but on the aspects of manageability, auditability, and ease of use.

So, the next time you're exchanging a drawing or some sensitive content that you know shouldn't be sent through the email or needs to be sent in a way that's secured, challenge your IT group to provide you with a set of technologies that meet your needs in terms of usability and those of your counterparty and don't just meet their needs in terms of security and auditability. Thank you very much.