Secure, Managed File Transfer and Automation 豪勉科技股份有限公司 _ 楊南岳
Moving Files is Business-critical Legal Documents Loan Information XML Data Files X-Rays Purchase Orders Patient Records Insurance Test Results Large Video Claims Files Account Statements Customer Information Credit Card Payments 2
MFT in Action - Banking 3
Many Methods & Many Reasons Home Grown Scripts Email Attachments Cloud File Share FTP Servers 4
How do we share files? Inside Enterprise Cloud Email Attachment Dropbox, Box.net Central NAS File Sharing (Copy&Paste) iCloud Drive, Google Drive Microsoft Lync, Sharepoint Line, WhatsApp, Skype SMB,NFS,HTTP,FTP Web 2.0 Modern UI 企業內外檔案 使用者間檔案 MFT 交換 分享 Managed File Transfer 5
The Balance: Usability & Security IT needs to deploy systems which meets users’ needs & provides governance required by IT Employee needs IT requirements Convenient Control Straightforward Visibility Easy to use Security Fast Compliance 6
PCI DSS Requirements Goals PCI DSS Requirements Install and maintain a firewall conguration to protect cardholder data Build and Maintain a Secure Network and Systems Prohibit direct public access between the Internet and any system component in the cardholder data environment. Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Protect Cardholder Data Do not store sensitive authentication data after authorization Limit cardholder data storage and retention time Protect all systems against malware and regularly update anti- virus Maintain a Vulnerability Management Program software or programs Restrict access to cardholder data by business need to know Implement Strong Access Control Measures Restrict physical access to cardholder data Identify and authenticate access to system components Track and monitor all access to network resources and cardholder data Regularly Monitor and Test Networks Implement audit trails to link all access to system components to each individual user. Maintain a policy that addresses information security for all Maintain an Information Security Policy personnel 7
What are businesses doing today? Trusted Network Internet • Corporate tools being used incorrectly • Exchange email • SharePoint • Public sharing websites • Personal sync services • Personal Email • Self built ftp solutions • Scripted home grown solutions • USB memory sticks • CD/DVD FIREWALL FIREWALL 8
How a MOVEit System can help Trusted Network Internet • FIPS 140-2 certified security modules • AES Encrypted data at rest • Encrypted data during transit • SAML/LDAP/AD/Radius/ODBC • ICAP AV Integration • ICAP DLP Integration • Corporate branding • Tamper proof audit log • Built in reporting • Failover / HA support • Virtualisation Support FIREWALL FIREWALL 9
How a MOVEit System can help Trusted Network Internet • Multi Protocol Support • Task Automation • End to End Encryption • PGP payload encryption • FIPS 140-2 Validated • Tamper evident logging • Complex workflows with conditional logic • Synchronisation of files on different systems • Remote and delegated management • Automatic restart and Failover FIREWALL FIREWALL 10
Workflow and Automation - System to System • Advanced Tasks with • Advanced API Management Conditional Logic • Networked UNC Paths • Alternate Host Failover • PGP, ZIP, External Processing • Easily Clone existing settings • Tamper evident audit • Alerting 11
Introduction to MOVEit Automation 12
Web Admin Screenshots 13
People to People on the same MOVEit System Trusted Network Internet Person-to-Person FIREWALL FIREWALL 14
Person to Person Transfers Made Easy ! 15
Person to Person Transfers Made Easy ! Upload attachment and/or message 16
Person to Person Transfers Made Easy ! Send email notification with link to message and attachment Upload attachment and/or message 17
Person to Person Transfers Made Easy ! Receive Message Send email notification with link Two Options to message and attachment • Everything Secured • File attachment only Secured Upload attachment and/or message 18
Person to Person Transfers Made Easy ! Read message and download attachme n t Receive Message Send email notification with link Two Options to message and attachment • Everything Secured • File attachment only Secured Upload attachment and/or message 19
PCI DSS Requirements Goals PCI DSS Requirements Install and maintain a firewall configuration to protect cardholder data Build and Maintain a Secure Network and Systems Prohibit direct public access between the Internet and any system component in the cardholder data environment. Protect stored cardholder data Encrypt transmission of cardholder data across open, public Protect Cardholder Data networks Do not store sensitive authentication data after authorization Limit cardholder data storage and retention time Protect all systems against malware and regularly update anti- virus Maintain a Vulnerability Management Program software or programs Restrict access to cardholder data by business need to know Implement Strong Access Control Measures Restrict physical access to cardholder data Identify and authenticate access to system components Track and monitor all access to network resources and cardholder data Regularly Monitor and Test Networks Implement audit trails to link all access to system components to each individual user. Maintain a policy that addresses information security for all Maintain an Information Security Policy personnel 20
Standard Architecture Mainframe / Unix Server Any FTPS Server Any SFTP Server Network Share Any HTTPS Server FTPS, SFTP, HTTPS FTPS, SFTP, HTTPS, AS1/AS2/AS3 Any ASx Server Any FTPS Server Any SFTP Server Email Server SMIME Server Email Server HTTPS Web Browser Web Browser FTPS, SFTP, HTTPS, AS1/AS2/AS3 Microsoft Outlook Any FTPS Client Any SFTP Client FTPS, SFTP, HTTPS Any FTPS Client Any AS2 or AS3 Client Any SFTP Client Other Ipswitch Clients Other Ipswitch Clients Mobile Users FIREWALL FIREWALL Mobile Users 21
Gateway-No Data in DMZ Mainframe / Unix Server Any FTPS Server Any SFTP Server Network Share FTPS, SFTP, HTTPS Any HTTPS Server FTPS, SFTP, HTTPS, AS1/AS2/AS3 Any ASx Server Any FTPS Server Any SFTP Server Email Server SMIME Server Email Server HTTPS Web Browser Web Browser LOAD BALANCER (OPTIONAL) Microsoft Outlook Any FTPS Client FTPS, SFTP, HTTPS, SECURE TUNNEL AS1/AS2/AS3 FTPS, SFTP, HTTPS Any SFTP Client Any FTPS Client Any AS2 or AS3 Client Any SFTP Client Other Ipswitch Clients Other Ipswitch Clients Mobile Users FIREWALL FIREWALL Mobile Users 22
PCI DSS Requirements Goals PCI DSS Requirements Install and maintain a firewall conguration to protect cardholder data Build and Maintain a Secure Network and Systems Prohibit direct public access between the Internet and any system component in the cardholder data environment. Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Protect Cardholder Data Do not store sensitive authentication data after authorization Limit cardholder data storage and retention time Protect all systems against malware and regularly update anti- virus Maintain a Vulnerability Management Program software or programs Restrict access to cardholder data by business need to know Implement Strong Access Control Measures Restrict physical access to cardholder data Identify and authenticate access to system components Track and monitor all access to network resources and cardholder data Regularly Monitor and Test Networks Implement audit trails to link all access to system components to each individual user. Maintain a policy that addresses information security for all Maintain an Information Security Policy personnel 23
FIPS 140-2 Mainframe / Unix Server Any FTPS Server Any SFTP Server Network Share FTPS, SFTP, HTTPS Any HTTPS Server FTPS, SFTP, HTTPS, AS1/AS2/AS3 Any ASx Server Any FTPS Server Any SFTP Server Email Server SMIME Server Email Server HTTPS Web Browser Web Browser LOAD BALANCER (OPTIONAL) Microsoft Outlook Any FTPS Client FTPS, SFTP, HTTPS, SECURE TUNNEL AS1/AS2/AS3 FTPS, SFTP, HTTPS Any SFTP Client Any FTPS Client Any AS2 or AS3 Client Any SFTP Client Other Ipswitch Clients Other Ipswitch Clients Mobile Users FIREWALL FIREWALL Mobile Users AES256 24
Recommend
More recommend