Back in October, I wrote about Shadow IT
and how some users are turning to popular file sharing applications like Dropbox, OneDrive, and Google Drive to get their work done without the friction. One point I made in that post was that “if an organization has reviewed the product, agrees to the EULA, and it is approved internally,” then users should use it to their heart's content. But that doesn't always happen and users tend to seek out their own solutions when IT doesn't provide one for them. There were a lot of good comments on that post and some felt that the biggest problem was the users.
Then in early November,
I wrote about data exfiltration and how Shadow IT is lending it’s hand here. I talked a bit about when I was an instructor and I created my own email domain to circumvent our organizational rules. Nothing bad happened at the time, but things could have gone very bad in that case. Still, I tried to emphasize that when IT doesn’t provide a solution that eliminates the friction, users will look elsewhere.
After that, I highlighted the fact that when users download their own solutions, you never know where the package is coming from
and not only can data be lost through the solution they choose, but malware can be introduced.
Finally, I got into how non-IT file sharing applications can break HIPPA compliance
and can cost an organization money in fines.
In this article, I want to focus on an offering that SolarWinds has, called Serv-U MFT Server
. I think this is an interesting product because it’s not quite the solution that one would expect with something like Dropbox or OneDrive, but I think the features and security it adds may be exactly what an organization needs to circumvent an end-user from seeking their own solution for sharing information. How so?
Serv-U Features That Answer the Call
First off, I think it’s important to understand that Serv-U
is a software package that you would download and install. This may deviate from the cloud offerings that everyone is looking at these days, but if you install it on an AWS instance or something to that effect, you may just have what you’re looking for: a cloud solution that you control.
Second, I think the fact that it provides secure file sharing
to end-users as sort of an “ad-hoc” solution is the right way to go. I can't think of how many times I’ve had a file I needed to share, didn't care how it happened, but I didn't want to jump through hoops to share it. With Serv-U, it's as easy as sending an email. In fact, this marketing video shows just how easy it is to send or even request files in a secure manner:
Secure File Sharing with SolarWinds Serv-U MFT Server - YouTube
But let’s get beyond the SolarWinds plug here. Why is an application like this so important? Here are four reasons that I see gleaming out there in the clear day light.
- You own it and you configure and control the policy. This includes file retention policies.
- It integrates with AD so you don’t have to create user accounts.
- It tracks transactions.
- It’s easy to use from an end-user perspective.
With that said, there are other solutions available, of course. But have you looked at them, or have you followed along with this series and thought, "not a big deal for my org"? I really think you have to at least have a plan. What are the drawbacks to not having a plan to handle secure file transfer? Well, it’s pretty apparent in my eyes. If you don’t have a plan to provide secure file transfer in a controlled manner, you run the risk of users providing their own, sharing data they shouldn’t be sharing, introducing malware into the network, breaking compliance and incurring fines, and so on.