Cyber Defense Magazine’s publisher Gary Miliefsky talks with Greg Hoffer, CEO of Coviant Software, about a wide range of topics surrounding innovated secure, managed file transfer.
Gary Miliefsky: Welcome, you’re in the hot seat, so tell me what are you doing different and innovative in the area of managed file transfer? And are you doing in securely?
Greg Hoffer: Definitely securely! We focus on automation and security. We allow customers to automate their managed file transfers from anywhere to anywhere, whether it’s FTP or SFTP servers, to cloud storage vendors. The managed file transfer space is long in the tooth, it’s been around awhile—since the venerable FTP protocol. There’s been a lot of evolution since then but, fundamentally, the ability to transfer files between yourself, your clients, your customers, your bank, healthcare providers and clinicians, and insurance agencies is going to exist for everyone. Someone is going to need to move files. We help you automate managed file transfer for operational efficiency, and we put a lot of emphasis on security, whether it’s SFTP protocol, SSL, TLS, and open PGP-based encryption, which provides data at rest for file-based encryption.
Supporting Regulatory Compliance
Do you have a cloud-based dashboard? And do you help with understanding the logging of files for regulatory compliance purposes?
Yeah, absolutely. That’s a big part of what our customers need: a single pane of glass to see what’s going on in their operational environment, and audit trails for regulatory compliance. That can range from PCI-DSS for payment card data or HIPAA-HITECH for health care data, to more modern things such GDPR or CCPA, which are aimed at protecting consumer privacy. Any data that includes private information needs to be secure, and these regulations can actually provide financial penalties. That’s why companies also need to make sure it’s secure, to avoid those financial penalties. That’s where we can help.
Securing Data at Rest, and Data in Motion
Are you also encrypting files at rest or only in motion? And what kind of protocols is it, open source like PGP? How does that all work?
We can encrypt files at rest, if that’s what the customer chooses. We can deal with those encrypted files through the open PGP standard. It’s a really robust way to protect those data files, so only the intended recipient can read the data. You can also ensure that the sender is who they say they are, so it protects both sides. We also support data at rest encryption through the cloud providers. They offer some pretty robust ways to store data, and encrypt it with your key or their managed key.
Cloud and Third-Party Integrations
Do you mean like Amazon, Google, and Microsoft Azure?
Does that include the Dropbox, Google drive, OneDrive, or all those other online storage services?
Many of our customers that use services like Citrix ShareFile or Dropbox. They are often considered consumer applications—my mom shares pictures with the family through Dropbox—but Dropbox and Citrix ShareFile include a lot of enterprise-class features in the file sharing arena. Our managed file transfer software will integrate with vendors like Box, Dropbox, & Citrix ShareFile, in addition to the cloud storage vendors like AWS, Oracle Cloud, Azure, and Google Cloud. We find that some customers like the ability to have that more casual, ad hoc, style. That’s all well and good, but at some point, you want to take the human element out reduce human error. Managed file transfer also reduces the effort and overhead of manually transferring files, and we can step in to automate that.
Are you deploying options such as an agent, browser plug-in, or a connector through those third-party service providers? Or all of the above?
Most of the time we just leverage their standard protocols. However, many organizations are distributed across multiple locations or they have a hybrid strategy; part cloud, part on-premises. Those are arenas where it is advantageous to have an agent. And we do support that, so you have the Diplomat MFT mothership, if you will, that handles all of the workflows, dashboard, and auditing. Then you can employ lightweight agents to various machines in the cloud or on-premise, so that you can easily transfer back and forth between the agents and the mothership.
Protection Against Data Breaches
Let’s take a breach that everybody knows about—the Sony Pictures breach. Four terabytes of movies were stolen, leaked online. What were they doing wrong, and what would they have done if they had Coviant Software?
I can’t attest to what they did right or wrong since I wasn’t there. But, generally speaking, data breaches occur for a number of reasons. One of which is going to be nefarious actors, or adversaries. In this case, I believe, it was the North Koreans. They didn’t like a movie [The Interview] that Sony was putting out, so they had state actors actively attacking servers and capabilities of those servers that housed those movies. You really have to build up defense in depth at that point to ensure that there are many layers of security, ranging from the firewall to the internal storage server. Now, how could they be protecting themselves? Maybe they needed stronger encryption at rest. It could have been strictly network based and it was a firewall problem. Coviant Software can’t help with your firewall problems, but if you wish to protect your data transfers, data at rest, or data being transferred to third-parties, then that’s where Coviant Software can help. When it comes down to it, you need to make sure that all steps of that data’s journey are as protected as they can be. And Coviant Software can help in those data transfers to employ both on-the-wire encryption (SSL or SFTP), and at rest (Open PGP).
Pretty Good Privacy and Data Hygiene
I remember I spoke with Phil Zimmermann once about PGP. I think the U.S. government initially couldn’t break his encryption, and they arrested him using laws about making bombs. PGP is pretty good stuff, pretty good privacy.
Pretty good privacy, indeed. Phil Zimmermann had an excellent idea when he came up with PGP, and it is really good at protecting data by making sure only intended recipients can read it. Now what’s interesting, even in that scenario, is that even with the strongest PGP encryption and the best encryption policies in the world, sometimes the nefarious actors are on the inside. That’s why you have to make sure to protect the keys, and don’t let the passphrases of those keys sit on your desk. All those good security hygiene habits that an enterprise must have still must exist. You can’t rely solely upon technology.
Don’t give away your passwords to the encryptions!
Don’t leave them on the sticky note on your computer like we see in the movies, right? So don’t do that. But if you have those good security practices and you employ technologies, like Coviant Software managed file transfer, then you’re increasing the likelihood that your data will be secure.
Greg, can anybody deploy Coviant Software? Is it made for SMBs, mid-market, big public companies, fortune 1000, U.S. government? Who is the perfect client for this solution?
All of the above. We have customers ranging from a small legal office with a few employees, but their data is just as sensitive and important as our largest healthcare companies that transact 19,000 jobs every single day with hundreds of thousands of files transferred throughout different entities. It doesn’t really matter you do, the data you transact across your corporate boundaries needs to be secure. We offer our managed file transfer software at the best value on the market. We are not an expensive product, and we like to allow customers to deploy it in the manner that they wish. For instance, you can deploy it on-premises on any platform, in the cloud, your own VPC or just cloud hosted, or you can deploy it in a hybrid approach where Diplomat MFT might exist on-premises while you have services are in the cloud and vice versa.
Managed File Transfer Made Easy
We’ve talked about logs, integration with things, and a single pane of glass set up which is great. Do you have a workflow engine or a way to do some of this automation for people to offload the dealing with batches of file movement back and forth?
That’s our bread-and-butter: batch-oriented file movements. The unattended processing of transactions that must take place. We’ll take care of the effort involved in scheduling, executing, triaging exceptions, and more. That’s the burden that we take care of. Our approach is solely based on managed file transfers. We are not trying to be a vendor that does additional steps in integrations along the way. We are not Dell Boomi or some kind of iPaaS type solution. We are narrowly focused on facilitating your secure, managed file transfer from anywhere to anywhere. Now we do have integration points for broader solutions which is great. You can also purchase our software and deploy it, have it up and running in just a few hours, and automate all those managed file transfer needs. And with it you get all the auditing, security, etc. that you need.
Greg, this sounds great. Is there anything else that you’d like to share with our viewers and listener that we haven’t discussed?
I think the single most important thing, we touched on it briefly, is really just the barrage of compliance mandates that seems to be hitting us these days. They are the necessary result of the stuff going on in the world: the data breaches and espionage among companies or state actors. The data that we use in our daily transactions to operate businesses are so incredibly sensitive and important that government organizations are stepping in to try and provide regulations so that we do things safely and intelligently. Coviant Software pays attentions to all of these regulations, and we create our software so that you can comply with those regulations. Everything else, abstracted for a second, you just want to keep your data safe, secure, and do things the right way. And that’s what we can help you do.
Try it for Free
Every breach in the world, it may have started with a phishing attack, but it ends with the fact that they did not encrypt the data in transit or at rest. It’s always some critical piece of data getting stolen, whether it’s thousands of medical records (which I’ve seen on the dark web), to millions of credit card records. It’s the same story over and over because they didn’t choose to have a solution like Coviant Software. I think you are critical to the whole ecosphere of doing it right in cyber security, and I want to thank you for a wonderful Hot Seat interview. Are there any demos or free trials or places we can point our viewers to?
Go to our website and click the button for a free trial, or you can request a demo right away. We are very responsive, and we’d be happy to show you what we do.
So, folks, how can you say no to that? Open PGP, awesome, and all the other forms of encryption, along with workflow compliance. This is the heart of moving data and protecting data, Coviant Software.