How do you share data with your business partners? Email attachments? Microsoft SharePoint sites? FTP? Purchased solution over leased lines? Many methods are available, but it's increasingly important to ensure that the method you use is a secure one. Regulations such as the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act (HIPAA) stipulate proper handling of customer data, and your company might have other types of sensitive data that it wants to protect when sending the information to a partner organization or a branch location.
The following articles present some options for secure file transfer:
Access Denied: Exchanging Files Securely, October 2005, describes how you can safely exchange files by using the encryption features in Microsoft Office Word 2003, Microsoft Office Excel 2003 or WinZip Computing's WinZip.
Secure File Exchange Over the Internet, February 2006, provides an overview of solutions for securing files for transport and then focuses on three encryption methods that work with email attachments: file compression utilities that also offer encryption, Pretty Good Privacy (PGP), and Public Key Infrastructure (PKI).
Copying Files Securely Between Systems, October 12, 2005, introduces three common methods for securing file transfer: employing the RRAS component that comes with Windows Server 2003 and Windows 2000 Server to establish a VPN that uses PPTP, using Microsoft IIS and Secure Sockets Layer (SSL) connections along with a custom Web interface, or using Secure Shell (SSH). The article also points to resources for more information about implementing the three methods.
Access Denied: Safeguarding FTP Files, June 2004, explains how to set permissions on an FTP account such that if the account's username and password are intercepted, the account will have only limited access to files on the FTP server.
As an alternative to implementing your own file-transfer solution, you can purchase a file-transfer product. Sterling Commerce's Connect family of managed file transfer solutions has until recently been strictly for exchanging files with a business partner over a leased line. But a few weeks ago, the company released Sterling Secure Proxy, which extends managed file transfer to the Internet. Many of Sterling's customers are financial institutions with strict requirements for transferring data in an encrypted, uninterrupted, and auditable fashion. That was tough to do over the Internet. But now Secure Proxy gives these customers a way to expand the number of partners with which they can exchange data without adding a lot of costly leased connections. Secure Proxy sits in the demilitarized zone (DMZ) to protect the Sterling managed file transfer server that's behind the firewall on the corporate network.
Sterling is just one of many "secure file transfer products," which you'll discover if you type in that phrase at Google.com.
This is the last Perspective column I'll be writing for Security Pro VIP. Next month, you'll have a fresh perspective from Lavon Peters, the new Security Pro VIP editor.