You may have noticed that this is our second blog post on the different configurable modes of FTP, in recent days - after our previous blog on the differences between active and passive FTP. We often write about our experiences at the time and the past 30-days have been no exception, having spoken with and assisted a number of customers through the intricacies of FTP.
Today we heard some news which had passed relatively quietly through the usual media outlets, despite it being highly embarrassing for the cloud-based managed file transfer vendor WeTransfer.
How do you deploy your Windows Server images? If you are anything like the majority of IT teams out there, you download the latest ISO from the Microsoft website, maybe even use one you have downloaded in the past. Then post install you spend a couple of hours applying all the patches which have been released since.
That's right, not GDPR or PCI DSS, like most other blogs and articles you might be reading online...but ITAR. The International Traffic in Arms Regulation, which governs the trade and export of defense materials and services in the US.
After eight years of working with managed file transfer solutions (MFT), there is one use case which pops up time and time again.
The GDPR (General Data Protection Regulation) is a difficult beast, with some estimates as low as 15% for the number of organisations who considered themselves GDPR ready by May 25th 2018. Not a surprise then considering the debacle that was re-consent email deluge and the "we have changed our privacy policy" communications that flooded everyone's inbox.
It may be obvious to some that FTP (File Transfer Protocol) is an insecure protocol; and that its continued use for transferring sensitive or personal is inappropriate. Yet, its use for that very purpose still continues according to Rapid7, creating an unnecessary risk.
Do you send sensitive documents and files using regular email? Could you do more to protect those documents and files to ensure their confidentiality? These are just two of the more obvious questions which many an IT administrator and security officer are now asking their organisations, as the world and it's regulators become more focussed and stringent on data protection.
Now that the General Data Protection Regulation (GDPR) is live and enforced, the focus has shifted from how to comply with how to maintain the controls and processes which have been implemented. While this may just seem like a continuation of what has been achieved already, it is in actual fact a moment to improve. Those processes and changes which were rushed or not properly embedded into day-to-day operations will now need to be cultivated amongst staff for the long haul.
Is the board listening? We all know that GDPR will be enforced from 25th May 2018, but is your board aware of their new privacy obligations? While there is substantial GDPR coverage in the technical press, has the message got through to senior management? Are their preparations adequate?