Page 20 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 20

Plan for End-of-Life

            In August of 2020, Qlik announced that its RepliWeb file transfer software product would reach its end-
            of-life on January 31, 2021, and support for the product would cease at that time. Qlik was open with its
            customers about the implications of the decision, giving them ample time to prepare for that date and find
            a replacement for the file transfer function many organizations rely on.

            Mozilla is another example of a company that discontinued support for a popular technology when it
            announced last year that it would no longer support file transfer protocol (FTP) in version 90 of the popular
            Firefox browser. That move followed the same decision by Google in December 2020 when it ended FTP
            support for Chrome version 88. For organizations not paying attention, the lack of support for FTP in
            those browsers could have serious security consequences. According to a  ZDNet article, while FTP
            remains  a  popular  option  for  moving  files  between  computers,  the  protocol  is  “burdened  by  enough
            security issues that browser makers are dropping support for the protocol.”

            Among the issues, files transferred via FTP are sent unencrypted, and FTP has also been used as an
            attack vector in malware campaigns according to a statement by Mozilla’s security team, which read,
            “The biggest security risk is that FTP transfers data in cleartext, allowing attackers to steal, spoof and
            even modify the data transmitted. To date, many malware distribution campaigns launch their attacks by
            compromising FTP servers and downloading malware on an end user’s device using the FTP protocol.”



            Don’t Risk DIY

            These issues highlight the importance of managing technology’s use and lifecycle. It also means making
            sure the right tool is being used for important business processes, rather than trying to make do with
            “close  enough”  products,  or  engineering  do-it-yourself solutions.  After  all,  FTP  is  still  used  for many
            legitimate  business  transactions,  and  for  someone  with  the  right  skills  FTP  can  be  secured  and
            automated.  But  even  if  can  write  the  scripts  necessary  to  tackle  those  functions,  knowledge  of  the
            nuances that need to be addressed for compliance is vital.

            The shortcomings of the DIY approach may not be evident until there’s a breakdown in the process, such
            as a transfer that fails, an alert that is missed, a security issue occurs, or there is call for a feature that
            wasn’t considered when the custom scripts were written. That’s when risks increase—along with costs.

            When it comes to file transfers, the approach an organization chooses can have implications on data
            lifecycle management. Through process automation, a secure, managed file transfer (MFT) platform can
            be used to ensure files are encrypted before being moved, and also upon receipt. And the ability to
            automatically document all the steps in the send, receive, store, and retrieve process goes a long way
            toward affirming compliance with regulations like Sarbanes-Oxley (SOX), Gramm-Leach-Bliley (GLBA),
            the  Health  Insurance  Portability  and  Accountability  Act  (HIPAA),  Europe’s  General  Data  Privacy
            Regulation (GDPR), and other state, federal, and international laws.











                                                                                                              20
   15   16   17   18   19   20   21   22   23   24   25