You are probably reading this article for one of two reasons, you are in the market for a managed file transfer solution and have come across either/both Ipswitch MOVEit or GoAnyWhere MFT; or you have worked with them before and are curious about the differences.
Have you ever met an IT manager, administrator, CISO or compliance officer who had a lot of time on their hands? No, me neither. If they exist, then they are certainly a rare breed!
Storing sensitive files and personal data in the cloud can be a touchy topic for some, keeping even the most seasoned information security leader or data protection officer awake at night. Although, despite what the humble salmon teaches us about swimming against the tide, it is hard to fight against the unstoppable trend towards cloud adoption.
It may be obvious to some that FTP (File Transfer Protocol) is an insecure protocol; and that its continued use for transferring sensitive or personal is inappropriate. Yet, its use for that very purpose still continues according to Rapid7, creating an unnecessary risk.
As of May 2018, payment merchants and other credit card handling organisations will need to have familiarised themselves and have implemented the latest iteration of the PCI-DSS (Payment Card Industry - Data Security Standard). Version 3.2.1 expands on what is already a comprehensive and well-known standard by adapting to the rapidly changing climate of data protection, privacy and vulnerability management.
FIM or File Integrity Monitoring, is without a doubt a highly important layer of defence in any network worth protecting. Required by data security standards such as PCI-DSS and recommended by auditors and security practitioners globally. FIM monitors critical system files, operating system components and even network devices for unauthorised changes.
As of the 30th of June 2018, the use of SSL/early TLS in PCI-DSS (Payment Card Industry Data Security Standard) card environments will no longer be accepted as a compliant protocols by the PCI security standards council and thus could render your accreditation as invalid. What does this mean for you and your managed file transfer solution?
Has there ever been a more confusing data security standard than the PCI-DSS? Even now, thirteen years on from its initial release, a clear understanding of what you need to achieve to be compliant may still be a challenge.
For some, a FIM (File Integrity Monitoring) solution is a compliance necessity, for others it features as a core component of their change management process. In either case, file integrity monitoring provides a mechanism for alerting when applications, system files or configurations change unexpectedly.