Why We Created Delivered Secure and Why You Should Use It
by Jason Sherrill
InetSolution started life developing online banking systems and software for financial institutions over 13 years ago. Our work required that our clients send us highly sensitive data. It was not uncommon for us to receive files containing thousands of bank account numbers, customer names and social security numbers. One common method our clients used to send us data was to password protect a zip file and then send one email with the zip attachment and a second email with the password. Another equally scary method was to place a file on a standard FTP server and then send us two emails, one with the username and a second with the password. Both of these methods, while common, were horribly insecure and put us, our clients and their customers at risk. That made us uneasy so we created a better method.
We needed a low cost, easy to use solution that didn’t require special software, hardware or a steep learning curve, so we created Delivered Secure. Sharing sensitive electronic data requires protection during transit and storage. Both regular email and standard FTP fail to provide adequate data protection during both transmission and storage.
Delivered Secure file transfer works a lot like email, but it’s safer. Unlike standard email, Delivered Secure always encrypts your data when its transferring it from your computer to your recipient’s computer. Also unlike email, Delivered Secure never stores sensitive data inside an email inbox or sent items folder where it is easy prey for hackers, malware or notebook thieves.
Standard FTP and simple file sharing services share some of the same security issues as email, too. For the benefit of those who may be new to Internet security or who have recently become the victim of a data theft, let’s identify some common file sharing methods that you should never use to share sensitive data.
Email
Fact: nearly all email is insecure.
Emails in your inbox: bad
| |
While most major ISPs now support SSL, this is only useful in protecting email while it’s moving between your computer and the mail server, which is also the least likely time someone will steal the data. Email is most vulnerable inside your inbox it can live indefinitely. When your computer gets stolen or infected with malware, that data is easy prey. In addition, when a computer is decommissioned and sold, moved from one department to another or donated to a local charity, that email inbox and its precious cargo may still be recoverable. Even if you’re diligent about keeping your inbox clean and securely wiping your hard drive before passing your computer along to the next user, that still isn’t good enough because your mail server may still pose a risk.
|
Emails stored indefinitely on the mail server: bad
| |
Today most email providers give ample room for long-term mail storage with mailbox sizes into the gigabytes. Nearly all email also has web-based access from computers anywhere in the world. So even after you’ve deleted email from your local inbox, it could still reside on the mail server for years. If someone gains access to your email username & password (this is more common than most people realize, as Sarah Palin learned) then your sensitive data could end up for sale on the black market and your reputation along with it.
|
Emails in archiving servers: bad
| |
Finally, even if you religiously cleanse your inbox and also remember to delete the messages from your mail server, many companies employ email archiving devices to keep a permanent record of all messages sent and received. Archiving solutions aren’t necessarily designed to keep the data they hold safe, so archiving devices are yet another point of vulnerability for sensitive data transmitted through email.
|
Standard FTP
FTP was never designed for security
| |
The common File Transfer Protocol (FTP) does not provide adequate protection for sharing sensitive data. First, usernames and passwords for standard FTP are transmitted in plain text. This means that someone can easily steal your username and password using freely available tools and a few minutes of practice. The second problem is that normal FTP servers do not encrypt data while it’s at rest. This means that anyone who has access to your FTP server can view any of the data stored in your FTP account. FTP is a fantastic method to transfer files designed for public distribution, but a poor choice for sensitive data.
|
Secure File Exchange encrypts, protects and purges
| |
In contrast, Secure File Exchange not only encrypts your data during transmission, but it also encrypts it and stores it inside a secure database. Each user on Secure File Exchange has a private inbox that only he or she can access. Secure File Exchange also notifies the sender when recipients open their secure messages. Finally, Secure File Exchange automatically purges files when they’re no longer needed, eliminating the need for you to remember to delete them.
|
Standard File Sharing Services
Simple file sharing is good for public information only
| |
Since we originally created Secure File Exchange back in the late 90s, there has been an explosion in file sharing websites designed to allow people to easily move data to the cloud, share photos and videos with friends and to allow work place collaboration. Most of these services are designed for personal backup & synchronization or for providing semi-public distribution of files to large groups of people.
|
Single party storage and control is best
| |
Unlike Delivered Secure, most of them were not designed for secure file exchange. For example, any file sharing service that provides a public folder option has potential for risk. If someone accidentally shares a folder publicly or drops a file into a public folder, it’s just a matter of time before that sensitive data becomes public information. Many of these services also use third-party cloud storage, such as Amazon S3, to store your sensitive data, which now adds an additional third-party to the process of moving sensitive data from you to your intended recipient. The more providers who are involved in the transfer and storage of your data, the more potential risk to someone unintended stealing it. Delivered Secure does not use third-party storage, so your data always remains under InetSolution’s control. Furthermore, unlike some simple file sharing services, Delivered Secure also encrypts your data using the same strong encryption we use in our online banking systems.
|
Try it FREE
If you’ve ever sent a loan application, W-2, tax return, check copy, legal document or other sensitive information by email or FTP, there’s a very good chance that you’ve already put yourself and your data at risk. Why risk it? You can try Delivered Secure for free and the low monthly costs is miniscule compared to the legal and reputational costs that companies incur after a data theft. Do yourself and your customers a favor.
Sign up for your free trial right now.
Jason Sherrill
Jason works behind the scenes on security processes and architecture. Jason also works directly with customers to help guide product development road map and functionality of Delivered Secure.