Page 56 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 56

oneself completely to a specific pursuit until it becomes second nature. By that measure, and after twenty
            years devoted to providing only the best possible managed file transfer solutions in the industry, Coviant
            Software has earned its stripes and the right to be considered experts in the field. And we’ve learned our
            share of lessons along the way.


            One of earliest (and possibly most important) lessons we learned is that convenience should never be
            prioritized over security. Seems obvious, but it remains a challenge for software designers to this day.
            The digital age promises immediate access and instant gratification; people want what they want when
            they want it, and so any extra steps that delay communication or getting to an asset or service are deemed
            inconvenient. Security experts have been developing tools to keep networks and data safe for many
            years and we’ve been hearing talk of concepts like cyber defense-in-depth, secure-by-design, privacy
            and security compliance, and more since long before 2004, yet the issue persists.




            No Excuses for Inaction

            No one who was involved in software development by 2004 could claim ignorance of the importance of
            cybersecurity. The late Kevin Mitnick began breaking into computer networks in 1979 and was convicted
            in 1999 on multiple computer security charges dating back to the 1980s. The Acxiom breach, in which
            1.6 billion records containing personal consumer data were compromised by cybercriminals, had already
            happened by 2004. That incident had dire implications for managed file transfer since the individuals who
            hacked into that organization were able to steal the information from unsecure file transfer protocol (FTP)
            servers.

            That was the context when Coviant Software came onto the scene, and from the start it influenced our
            approach to secure managed file transfer (MFT). The first iteration of our Diplomat MFT solution was
            developed for a large hospital to manage the transfer of financial data, and so we knew security had to
            be baked into the product, including the use of file encryption (OpenPGP) and support for secure transport
            protocols (SFTP) to keep data—and information about that data—safe both in transit and at rest.



            Make it Easy to Be Secure

            One  challenge  we  recognized  early  on  is  that  the  encrypt/decrypt  process  is  complicated,  and  it  is
            especially complicated for individuals who are not used to working with software at the command line
            level. A busy administrative employee—or any employee for that matter—expected to take extra time to
            manually encrypt a batch of files before sending them off to a bank, payment processor, or insurance
            clearinghouse is likely to skip that part to expedite the transaction. And for those that do try to complete
            the task, there’s a risk that they might make a mistake and send files in the clear anyway. Furthermore,
            it is unrealistic to expect employees in a busy organization to manually encrypt and decrypt thousands of
            individual file transfers each day.

            The convenient thing to do would be to make encryption an option (thus supporting a claim to be secure)
            but put the onus on the user to activate the secure feature and so incentivize the user to skip that essential
            step. However, that would be the opposite of secure. That is why we designed our MFT solution with





                                                                                                              56
   51   52   53   54   55   56   57   58   59   60   61