The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/7599
www.iltanet.org 56 Peer to Peer For obvious reasons, law firms are searching for ways to send sensitive information with the assurance that it will not be intercepted and misused. E-mail, FTP and other existing tools and methods are not up to the task, and new solutions must be deployed by organizations to handle sensitive information. Companies looking for solutions to help them comply with current and future requirements should consider the following criteria when evaluating SFT products: ease of use, cost, reporting and support. Usability Perhaps the most critical aspect of an SFT solution is usability, primarily because overly complex and confusing tools are often not used, thus defeating the solutions' purpose. Even worse, those users who refuse to apply the available security measures to share data may revert to traditional file transfer mechanisms, or even post information to an external, unsecure file-sharing site. When determining ease of use, it is important to keep in mind that minimizing changes to user behavior can help increase adoption of a new application. When sending files, does it need to get involved, or is the • solution self-service? how difficult is the system to use for people on the • receiving end of secure file transfers? What kind of training is required to get an end user up and • running? can someone start using the system with minimal instruction? how flexible is the system, and can it be tailored to the • firm's particular environment and requirements? Cost With tighter corporate budgets the norm these days, buyers are looking for more value from their solutions. Often vendors hide costs by selling a base system that requires additional modules or features that are offered a la carte. This can drive the purchase price well beyond initial quotes. Buyers should pay close attention to add-on costs, hidden fees, a la carte pricing, as well as licensing terms. Are user licenses annual or perpetual? A useful exercise is to compare products over a three- to five-year period to capture recurring costs when calculating total cost of ownership. In addition, since most companies already have investments in storage, computing resources and databases, leveraging these resources can keep overall costs low and increase utilization of existing assets. For example, it is a good idea to see if the infrastructure can be used in conjunction with the SFT system to utilize the firm's storage area network (SAN) or network-attached storage (NAS) for file storage. Reporting Many federal, state and industry regulations require regular audits. Detailed logging, coupled with a robust reporting system, can facilitate third-party audits. Being able to verify the successful receipt of a message or file gives senders important feedback that they've closed the loop. Evaluating the reporting feature of a secure file transfer solution should include ensuring the level of logging detail is granular enough for the firm's needs. Support and Service Unfortunately support, or lack of it, is often only discovered post-purchase. But established companies with a long history of recognizable customers can be an indicator of a trusted vendor. Buyers should see how willing the vendor is to listen not only to support issues, but also to feature requests. Conclusion Navigating the data privacy waters can be daunting, but understanding an organization's needs and applying the criteria listed above can help ensure that a secure file transfer solution is well suited to the organization's file transfer needs and also meets regulatory requirements. ILTA bill ho is the vice President of internet Products for biscom where he is responsible for product management of biscom Delivery server, a secure file transfer solution. Previously, bill was cEo and founder of vvault. bill received a bs from stanford university and an Ms from harvard university, both in the field of computer science. bill can be reached at bho@biscom.com. Data breach costs top $200 per customer record The cost of a data breach increased last year to $204 per compromised customer record, according to the Ponemon Institute's annual study. The average total cost of a data breach rose from $6.65 million in 2008 to $6.75 million in 2009. Breach costs increased just $2 per compromised customer record, as compared to 2008 costs. However in the five years that Ponemon Institute has conducted its study, costs have increased from $138 per compromised customer record. Source: Network World