• No results found

Case Study. File Transfer Issues Faced by an Engineering Company

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Case Study. File Transfer Issues Faced by an Engineering Company"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

File Transfer Issues Faced by

an Engineering Company

Abstract

This case study shows how an engineering company changed their long-running file transfer system because of security issues; and how the Qiata File Transfer Appliance was able to

meet their security requirements.

(2)

Background

The company is a one stop precision plastic engineering company with offices and factories in Singapore, Malaysia, China and Mexico. The company designs and manufactures plastic injection parts and casing for many industries all over the world.

The manufacturing plants are based in China and the design team in Singapore frequently transfer engineering documents to the manufacturing plants. Many innovative macros are embedded in each engineering document and these are the Intellectual Property that the company created over the years. Because of this, the engineering documents are to be kept confidential and transferred within the company only.

Sending the documents by email is not feasible because these documents are fairly large in size. So they set up a FTP server to allow the designers and plant engineers in China to exchange the engineering documents.

A number of FTP user accounts were set up for the designers and the

plant engineers in China to access the FTP servers. Engineering documents were put into the FTP server using these accounts for sharing with the other parties with valid FTP user accounts. For a long time, this had been the method for transferring engineering documents within the company.

There were a number of issues with this approach. The main issue was that there was no tracking of the user accounts. When employees left the company, the user account was not immediately deleted but left unattended. This

(3)

Solution

The Qiata File Transfer Appliance (FTA) was evaluated against the security issues that the company was facing with transferring sensitive engineering documents.

The problem with using a FTP server to transfer files is that the FTP process is essentially a file sharing service. Files are directly accessed and shared for as long as the file exists in the server. End-users have no idea on how the files are accessed, modified, deleted or downloaded because the logs are accessible only by the administrator.

The approach of the Qiata FTA towards file transfer is to focus on the transfer process. Each transfer is unique and track-able. The recipient can only access and download the file via the unique web link. The sender will be notified when each recipient accesses or downloads a file.

When the set parameters for the transfer, like number of downloads or expiry date is met, the transfer is disabled. The recipient can only download the files that the sender sends to him. He will not be able to browse the directory for other files that he is not supposed to see.

Each sender has full access to the transfer activities of his own transfers. He can find out which recipient has downloaded the file, even if it was an incomplete transfer. He can also put the transfer on hold without deleting the transfer. For transfers with multiple recipients, one or more recipients can be removed from the transfer without having to delete the entire transfer. Since all recipients can only access the file via the unique link sent to him, the sender has full control over the transfer process.

The files are transferred using HTTP over SSL. This protocol protects the transfer, even when it is transferred over the Internet.

(4)

Implementation

The decision was to place the Qiata FTA in the Singapore office as the main IT team was located there. The Qiata FTA was deployed in the DMZ behind the firewall. The company had a limited number of Static IP Addresses and could not allocate one for the Qiata FTA. So they configured the firewall to port forward TCP 443 (HTTPS) from one of the existing Static IP Address to the Qiata FTA. That was all that

is needed to host the Qiata FTA on the Internet.

For the user accounts, the self-registration mode was chosen so as to reduce the load on the system administrator. Any user with a valid email address within the company domain will be able to sign up for an account on the Qiata FTA by himself. Every new user who signs in using this method will be put into a group with preset parameters like maximum number of daily transfers, storage size etc.

If he forgets his password, he can request the Qiata FTA to send him a link to reset his password.

When the Qiata FTA was set up, the IT team sent out emails to all users with the details on how to sign up for an account on the Qiata FTA by themselves. The Qiata FTA is now self running while the system administrator is freed up to manage other IT tasks.

(5)

Conclusion

The company initially chose a low cost and commonly used FTP server for the transfer of files. However the files involved were sensitive engineering documents and the disadvantages of the use of FTP made it hard to continue with this model. The Qiata FTA was a quick to deploy and easy to use solution that took care of the concerns for transferring of sensitive engineering documents. The IT work load was also reduced because the Qiata FTA was designed for that purpose as well.

With the Qiata FTA running without much supervision, the users were also more satisfied because they were able to track each document by themselves. They are notified when the documents are downloaded by each recipient. If they limit the number of download for each document to one, they will be assured that the document will not be accessible anymore once it has been downloaded fully.

The company has benefited from using the Qiata FTA because their Intellectual Property is now better protected. All documents, including sensitive documents are tracked via the audit log. All recipients only have access to the files that were sent to them and nothing else.

References

Download now ( PDF - 5 Page - 504.23 KB )

Related documents

Preferences for redistribution : an empirical analysis

The present contribution to the existing literature is twofold: (i) it substantively assesses the importance of the variables identified in the literature, inferring a hierarchy in

The Typical Research on Accident Civil Responsibility of Drunk Designated Driving

Designated driving service is a new industry, still facing many problems even after recent years of development, such as the validity of the contract which signed by the owners in

Malenda v Great Atl. & Pac. Tea Co., Inc NY Slip Op 30820(U) March 26, 2007 Supreme Court, Suffolk County Docket Number: /2001 Judge:

Malenda testified to the effect that on the date of her ,iccillent she \\’as a ( the defendant’s store with her husband shopping for her mother-in-law. Mal1:nda dated

Managed File Transfer

File transfer methods include File Transfer Protocol (FTP), physical transfers, and personal emails which lack security, compliance, and efficiency3. Managed File Transfer

The Company. Nujay was established in 2001.

 We have strategic alliances with high quality suppliers located in North America and Asia!.  Nujay is an ISO9001:2008

CONNECTICUT Occupational Employment & WAGES

For establishments that reported or imputed occupational employment totals but did not report an employment distribution across the wage intervals, a variation of mean imputation

A Comparison of Information Systems Programs at AACSB and ACBSP Schools in Relation to IS 2002 Model Curricula

Senior Seminar, Systems Analysis & Design II, and Management of Technology/ Case Study courses. Percentage of schools requiring courses from the IS 2002 categories as defined