With data breaches becoming more common every year, cybersecurity professionals, organizations and regulators have taken significant steps to protect the integrity of the world’s data. Compliance with these industry standards and regulatory requirements is a critical component to protecting your organization’s information. To help, we’ve prepared this file transfer data security compliance guide.
What data must be protected?
The answer will vary somewhat by geography and industry, but the below can serve as a useful guide:
- Any personally identifiable information
- Any information received from, processed for or transferred to the United States federal government
- Any sensitive data, “Controlled Unclassified Information” or defense-related information
- Any financial, health, children’s, banking payment or corporate financial data
What regulations affect file transfer data compliance
The above list is by no means exhaustive. However, we have prepared several other guides that go into more detail about specific regulations:
- File server data security compliance guide: Part 1
- File server data security compliance guide: Part 2
You can browse our other file transfer compliance resources at this link.
What file transfer security must be enacted for regulatory compliance?
Part 2 of the guide above discusses commonalities across regulatory requirements. At a high level, these include:
- Security by design: Which simply means you are building and configuring your systems to be as secure as possible.
- Auditing and logging: You should maintain and be able to provide logs of all system activity. You should also be regularly auditing these logs to ensure no security events are missed.
- Access controls: These requirements ask that you grant data access to the fewest people possible and use secure methods to authenticate these individuals.
- Encryption: Encryption standards will vary by specific regulation, but all will require you to safely encrypt your data.
- Data management: These practices vary widely by geography, but generally require your organization to have plans in place for handling record retention, deletion requests, privacy settings and other aspects of your data.
- System analysis: The final area of regulatory compliance covers the internal or external vetting of your systems to ensure they comply with a required standard.
What compliance settings exist in Cerberus FTP Server by Redwood?
- Security by design: Includes a number of built-in security settings that are accessible through the administration console.
- Auditing and logging: A full list of auditing and logging features appears at this link.
- Access controls: Includes 2FA, IP allow/deny lists, certificate verification and more
- Encryption: Supports TLS 1.3, SSL cipher specification; RSA, DSA and Elliptical Curve public and private keys; and Ephemeral Diffie-Hellman key exchange. These settings can be accessed from the Server Manager.
- Data management: Offers configurable file retention policies.
- System analysis: Undergoes regular external penetration testing and holds FIPS 140-2 certification.
What else should you know about file transfer data compliance?
Our sister product, JSCAPE by Redwood, has prepared a thorough guide that includes more detail about ensuring file transfer security compliance. You can download the free guide at this link: “How to secure file transfers in the breach era.”