CyberArk Finds That Many Companies Using Traditional File Transfer Methods Have a False Sense of Security
NEWTON, Mass. – December 16, 2009 – With global organizations depending on the sharing of sensitive information to support everything from financial transactions to patient care records, many believe they are relying on secure methods to exchange data with trusted partners. But are they? Cyber-Ark® the leading global software provider for protecting critical applications, identities and information, conducted research to better understand how organizations transfer sensitive documents with external partners.
Based on the research, a vast majority of respondents1 (80 percent), believed they were using secure methods to exchange files internally and between third party vendors. However, when questioned in more detail, only 13 percent were actually using safe, auditable transfer processes. These findings indicate a significant and alarming gap between perceived security, and real vulnerability. Specifically, Cyber-Ark’s findings showed that respondents typically relied on FTP technology (43 percent), “secure email” (32 percent), regular email (20 percent), courier services (11 percent) and postal service (9 percent) to handle data transmission.
“As data breaches continue to be increasingly prevalent, costly and damaging, organizations must step up their efforts to ensure that their sensitive data is being exchanged and transferred in a secure manner that also meets audit and compliance requirements,” said Udi Mokady, CEO of Cyber-Ark Software. “However, the survey findings clearly demonstrate that the most common methods used for file transfer are often the least secure, and lack manageability and governance. In recent months we have received an increasing number of inquiries regarding Cyber-Ark’s Inter-Business Vault, which suggests an elevated awareness of the weaknesses of current solutions and the need to make improvements.”
Cyber-Ark recently announced enhancements to its Inter-Business Vault Inter-Business Vault®, part of its Governed File Transfer Suite, which delivers the combined benefits of governed and managed file transfer capabilities in one centralized, highly secure platform. The Inter-Business Vault enables organizations to handle the secure and governed exchange of business information and other sensitive data transferred between business partners, service providers and customers. With the Inter-Business Vault, organizations in highly-regulated industries such as financial services, energy and healthcare can guard against data breaches, ensure compliance with industry standards, and achieve greater manageability and governance over data transfers within business processes and communities.
“With Cyber-Ark’s Inter-Business Vault, we were able to quickly automate manual processes for exchanging highly sensitive data, including social security numbers from our benefits provider and lockbox transfer of our bank account information, ” said Michael Shrader, network security specialist, Glatfelter Insurance Group. “We look forward to expanding our relationship with Cyber-Ark as we continue to explore innovative ways to better secure our critical information when working with key partners. This will include the ability to pull encrypted broker information from a vendor’s FTP site and closely monitor actions of our admin accounts.”
One of Cyber-Ark’s leading financial services customers is also using the Inter-Business Vault to automate file transfer processes, which helps the organization to save time and money by avoiding costly courier services and shipping data on CDs, while ensuring the security of their overall file transfer processes. The organization currently processes 64 percent of its image cash letters containing potentially hundreds of thousands of payment instructions nightly. Cyber-Ark has proven its ability to support large file transfers, and the transfer of large amounts of files, including both in-bound (payroll) and out-bound (cleared checks) transactions, and can continue to scale.
The healthcare industry is a good example of a highly-regulated sector where secure, auditable file transfer processes are essential. Whether drug development data, clinical trial data, health records, billing information, X-rays, MRIs or social security numbers, these types of highly sensitive data are at risk of exposure simply because they are being exchanged frequently between multiple third parties.
Under the 2009 HITECH Act, which extends the Health Insurance Portability & Accountability rules for security and privacy safeguards for protected health information (PHI), healthcare organizations are now held responsible for a third party’s handling of their data and can be fined heavily for breaches. This means these organizations must be willing to invest in more reliable technology and processes to protect their patients, and their reputation. With the Inter-Business Vault, healthcare providers can ensure that sensitive data is protected both in transit and at rest. In addition, it enforces audit controls and enhances compliance over all business processes involved with data transfers.