[PPT] - Secure, Managed File Transfer and Automation _ Moving PowerPoint Presentation

SLIDE 1

Secure, Managed File Transfer and Automation

豪勉科技股份有限公司 _ 楊南岳

SLIDE 2

2

Moving Files is Business-critical

Patient Records Account Statements Insurance Claims Legal Documents Loan Information X-Rays Test Results Purchase Orders XML Data Files Large Video Files Credit Card Payments Customer Information

SLIDE 3

3

MFT in Action - Banking

SLIDE 4

4

Many Methods & Many Reasons

Email Attachments Home Grown Scripts Cloud File Share FTP Servers

SLIDE 5

5

How do we share files?

企業內外檔案交換

MFT

Managed File Transfer

使用者間檔案分享

Inside Enterprise Cloud Email Attachment Dropbox, Box.net Central NAS File Sharing (Copy&Paste) iCloud Drive, Google Drive Microsoft Lync, Sharepoint Line, WhatsApp, Skype SMB,NFS,HTTP,FTP Web 2.0 Modern UI

SLIDE 6

6

IT needs to deploy systems which

meets users’ needs & provides governance required by IT IT requirements

Control Visibility Security Compliance

Employee needs

Convenient Straightforward Easy to use Fast

The Balance: Usability & Security

SLIDE 7

7

Goals PCI DSS Requirements Build and Maintain a Secure Network and Systems Install and maintain a firewall conguration to protect cardholder data Prohibit direct public access between the Internet and any system component in the cardholder data environment. Protect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Do not store sensitive authentication data after authorization Limit cardholder data storage and retention time Maintain a Vulnerability Management Program Protect all systems against malware and regularly update antivirus software or programs Implement Strong Access Control Measures Restrict access to cardholder data by business need to know Restrict physical access to cardholder data Identify and authenticate access to system components Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Implement audit trails to link all access to system components to each individual user. Maintain an Information Security Policy Maintain a policy that addresses information security for all personnel

PCI DSS Requirements

SLIDE 8

8

What are businesses doing today?

Internet Trusted Network

FIREWALL FIREWALL

Corporate tools being used incorrectly
Exchange email
SharePoint
Public sharing websites
Personal sync services
Personal Email
Self built ftp solutions
Scripted home grown solutions
USB memory sticks
CD/DVD

SLIDE 9

9

How a MOVEit System can help

Internet Trusted Network

FIREWALL FIREWALL

FIPS 140-2 certified security

modules

AES Encrypted data at rest
Encrypted data during transit
SAML/LDAP/AD/Radius/ODBC
ICAP AV Integration
ICAP DLP Integration
Corporate branding
Tamper proof audit log
Built in reporting
Failover / HA support
Virtualisation Support

SLIDE 10

10

How a MOVEit System can help

Internet Trusted Network

FIREWALL FIREWALL

Multi Protocol Support
Task Automation
End to End Encryption
PGP payload encryption
FIPS 140-2 Validated
Tamper evident logging
Complex workflows with conditional logic
Synchronisation of files on different systems
Remote and delegated management
Automatic restart and Failover

SLIDE 11

11

Advanced Tasks with

Conditional Logic

Alternate Host Failover
Easily Clone existing settings
Advanced API Management
Networked UNC Paths
PGP, ZIP, External Processing
Tamper evident audit
Alerting

Workflow and Automation - System to System

SLIDE 12

12

Introduction to MOVEit Automation

SLIDE 13

13

Web Admin Screenshots

SLIDE 14

14

People to People on the same MOVEit System

Internet Trusted Network

FIREWALL FIREWALL

Person-to-Person

SLIDE 15

15

Person to Person Transfers Made Easy !

SLIDE 16

16

Person to Person Transfers Made Easy !

Upload attachment and/or message

SLIDE 17

17

Person to Person Transfers Made Easy !

Send email notification with link to message and attachment Upload attachment and/or message

SLIDE 18

18

Person to Person Transfers Made Easy !

Send email notification with link to message and attachment Upload attachment and/or message Receive Message Two Options

Everything Secured
File attachment only Secured

SLIDE 19

19

Person to Person Transfers Made Easy !

Read message and download attachment Send email notification with link to message and attachment Upload attachment and/or message Receive Message Two Options

Everything Secured
File attachment only Secured

SLIDE 20

20

Goals PCI DSS Requirements Build and Maintain a Secure Network and Systems Install and maintain a firewall configuration to protect cardholder data Prohibit direct public access between the Internet and any system component in the cardholder data environment. Protect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Do not store sensitive authentication data after authorization Limit cardholder data storage and retention time Maintain a Vulnerability Management Program Protect all systems against malware and regularly update antivirus software or programs Implement Strong Access Control Measures Restrict access to cardholder data by business need to know Restrict physical access to cardholder data Identify and authenticate access to system components Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Implement audit trails to link all access to system components to each individual user. Maintain an Information Security Policy Maintain a policy that addresses information security for all personnel

PCI DSS Requirements

SLIDE 21

21

HTTPS

FTPS, SFTP, HTTPS

Mobile Users Any FTPS Client Any SFTP Client Other Ipswitch Clients Microsoft Outlook Web Browser Email Server Any FTPS Server Any SFTP Server Mainframe / Unix Server Network Share

FTPS, SFTP, HTTPS FTPS, SFTP, HTTPS, AS1/AS2/AS3 FTPS, SFTP, HTTPS, AS1/AS2/AS3

Any FTPS Server Email Server Any SFTP Server Any HTTPS Server Any ASx Server SMIME Server Web Browser Any FTPS Client Any SFTP Client Any AS2 or AS3 Client Other Ipswitch Clients Mobile Users

FIREWALL FIREWALL

Standard Architecture

SLIDE 22

22

SECURE TUNNEL LOAD BALANCER (OPTIONAL) HTTPS

FTPS, SFTP, HTTPS

Mobile Users Any FTPS Client Any SFTP Client Other Ipswitch Clients Microsoft Outlook Web Browser Email Server Any FTPS Server Any SFTP Server Mainframe / Unix Server Network Share

FTPS, SFTP, HTTPS FTPS, SFTP, HTTPS, AS1/AS2/AS3 FTPS, SFTP, HTTPS, AS1/AS2/AS3

Any FTPS Server Email Server Any SFTP Server Any HTTPS Server Any ASx Server SMIME Server Web Browser Any FTPS Client Any SFTP Client Any AS2 or AS3 Client Other Ipswitch Clients Mobile Users

FIREWALL FIREWALL

Gateway-No Data in DMZ

SLIDE 23

23

Goals PCI DSS Requirements Build and Maintain a Secure Network and Systems Install and maintain a firewall conguration to protect cardholder data Prohibit direct public access between the Internet and any system component in the cardholder data environment. Protect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Do not store sensitive authentication data after authorization Limit cardholder data storage and retention time Maintain a Vulnerability Management Program Protect all systems against malware and regularly update antivirus software or programs Implement Strong Access Control Measures Restrict access to cardholder data by business need to know Restrict physical access to cardholder data Identify and authenticate access to system components Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Implement audit trails to link all access to system components to each individual user. Maintain an Information Security Policy Maintain a policy that addresses information security for all personnel

PCI DSS Requirements

SLIDE 24

24

SECURE TUNNEL LOAD BALANCER (OPTIONAL) HTTPS

FTPS, SFTP, HTTPS

Mobile Users Any FTPS Client Any SFTP Client Other Ipswitch Clients Microsoft Outlook Web Browser Email Server Any FTPS Server Any SFTP Server Mainframe / Unix Server Network Share

FTPS, SFTP, HTTPS FTPS, SFTP, HTTPS, AS1/AS2/AS3 FTPS, SFTP, HTTPS, AS1/AS2/AS3

Any FTPS Server Email Server Any SFTP Server Any HTTPS Server Any ASx Server SMIME Server Web Browser Any FTPS Client Any SFTP Client Any AS2 or AS3 Client Other Ipswitch Clients Mobile Users

FIREWALL FIREWALL

FIPS 140-2

AES256

SLIDE 25

25

Goals PCI DSS Requirements Build and Maintain a Secure Network and Systems Install and maintain a firewall conguration to protect cardholder data Prohibit direct public access between the Internet and any system component in the cardholder data environment. Protect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Do not store sensitive authentication data after authorization Limit cardholder data storage and retention time Maintain a Vulnerability Management Program Protect all systems against malware and regularly update antivirus software or programs Implement Strong Access Control Measures Restrict access to cardholder data by business need to know Restrict physical access to cardholder data Identify and authenticate access to system components Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Implement audit trails to link all access to system components to each individual user. Maintain an Information Security Policy Maintain a policy that addresses information security for all personnel

PCI DSS Requirements

SLIDE 26

26

Anti-Virus (ICAP)

SECURE TUNNEL LOAD BALANCER (OPTIONAL) HTTPS

FTPS, SFTP, HTTPS, AS1/AS2/AS3 FTPS, SFTP, HTTPS, AS1/AS2/AS3

Any FTPS Server Email Server Any SFTP Server Any HTTPS Server Any ASx Server SMIME Server Web Browser Any FTPS Client Any SFTP Client Any AS2 or AS3 Client Other Ipswitch Clients Mobile Users

FIREWALL FIREWALL

FIREWALL

DATA ZONE

NAS or NAS Cluster Antivirus ICAP Servers SQL Server Standalone or Cluster

SLIDE 27

27

Goals PCI DSS Requirements Build and Maintain a Secure Network and Systems Install and maintain a firewall conguration to protect cardholder data Prohibit direct public access between the Internet and any system component in the cardholder data environment. Protect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Do not store sensitive authentication data after authorization Limit cardholder data storage and retention time Maintain a Vulnerability Management Program Protect all systems against malware and regularly update antivirus software or programs Implement Strong Access Control Measures Restrict access to cardholder data by business need to know Restrict physical access to cardholder data Identify and authenticate access to system components Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Implement audit trails to link all access to system components to each individual user. Maintain an Information Security Policy Maintain a policy that addresses information security for all personnel

PCI DSS Requirements

SLIDE 28

28

SECURE TUNNEL LOAD BALANCER (OPTIONAL) HTTPS

FTPS, SFTP, HTTPS, AS1/AS2/AS3 FTPS, SFTP, HTTPS, AS1/AS2/AS3

Any FTPS Server Email Server Any SFTP Server Any HTTPS Server Any ASx Server SMIME Server Web Browser Any FTPS Client Any SFTP Client Any AS2 or AS3 Client Other Ipswitch Clients Mobile Users

FIREWALL FIREWALL

FIREWALL

NAS or NAS Cluster DLP and Antivirus ICAP Servers SQL Server Standalone or Cluster

External DB (File and User Account)

User DB (AD/Radius/SSO)

SLIDE 29

29

Goals PCI DSS Requirements Build and Maintain a Secure Network and Systems Install and maintain a firewall conguration to protect cardholder data Prohibit direct public access between the Internet and any system component in the cardholder data environment. Protect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Do not store sensitive authentication data after authorization Limit cardholder data storage and retention time Maintain a Vulnerability Management Program Protect all systems against malware and regularly update antivirus software or programs Implement Strong Access Control Measures Restrict access to cardholder data by business need to know Restrict physical access to cardholder data Identify and authenticate access to system components Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Implement audit trails to link all access to system components to each individual user. Maintain an Information Security Policy Maintain a policy that addresses information security for all personnel

PCI DSS Requirements

SLIDE 30

30

Robust Log Files and Extensive Reporting

SLIDE 31

31

Monitor File Transfer Activity and Track Performance

Failed Transfers by End-Point Peak Transfer Analysis

SLIDE 32

32

Architecture & Components

HTTPS

Consolidated reporting

metadata

Secure webserver

Analytics Server Agent

Lightweight agent install
n same server as

MOVEit

Minimal impact on

MOVEit processing

Client

HTML5 Browser UI
Easy to use analytics

& reporting

Create, publish, and

share

SLIDE 33

33

Goals PCI DSS Requirements Build and Maintain a Secure Network and Systems Install and maintain a firewall conguration to protect cardholder data Prohibit direct public access between the Internet and any system component in the cardholder data environment. Protect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Do not store sensitive authentication data after authorization Limit cardholder data storage and retention time Maintain a Vulnerability Management Program Protect all systems against malware and regularly update antivirus software or programs Implement Strong Access Control Measures Restrict access to cardholder data by business need to know Restrict physical access to cardholder data Identify and authenticate access to system components Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Implement audit trails to link all access to system components to each individual user. Maintain an Information Security Policy Maintain a policy that addresses information security for all personnel

PCI DSS Requirements

SLIDE 34

34

SECURE TUNNEL LOAD BALANCER (OPTIONAL) HTTPS

FTPS, SFTP, HTTPS, AS1/AS2/AS3 FTPS, SFTP, HTTPS, AS1/AS2/AS3

Any FTPS Server Email Server Any SFTP Server Any HTTPS Server Any ASx Server SMIME Server Web Browser Any FTPS Client Any SFTP Client Any AS2 or AS3 Client Other Ipswitch Clients Mobile Users

FIREWALL FIREWALL

FIREWALL

NAS or NAS Cluster Antivirus ICAP Servers SQL Server Standalone or Cluster

External DB (File and User Account)

User DB (AD/Radius/SSO)

DLP

SLIDE 35

35

HA Architecture – Web Farm

SECURE TUNNEL LOAD BALANCER SQL SERVER SAN, NAS OR NAS CLUSTER NODE 1 NODE 2 Mobile Users Any FTPS Client Any SFTP Client Other Ipswitch Clients Microsoft Outlook Web Browser

FTPS, SFTP, HTTPS

SECURE TUNNEL

FIREWALL FIREWALL FIREWALL FIREWALL

Web Browser Any FTPS Client Any SFTP Client Any AS2 or AS3 Client Other Ipswitch Clients Mobile Users

SLIDE 36

36

File Transfer Affects the Bottom Line

Errors / Exceptions / Problems affected

4-5%

f all annual

file transfer volume

Average time

to correct errors / problems related to file transfer:

4-5 hours

PER INCIDENT Security and compliance incidents

increased

4%

year-over-year

REDUCING RISK

IMPROVING EFFICIENCY

LOW COSTS

SLIDE 37

37