Nothing is Permanent but Change, Especially in the World of Data Security

Don Miller

bTrade will be exhibiting at the 2015 RSA Conference. For those not familiar with this conference, I would say it is all about data security. RSA markets its annual conference as the place where “the world” talks about data security, and the theme for the upcoming conference revolves around “change” and “challenging” current thinking about data security. We can think of no better topic for discussion, so below are some of our thoughts about change as it relates to data security in the context of secure/managed file transfer.

Nothing is permanent but change. Heraclitus, 535BC.

In 1964, amidst massive cultural change occurring in America, Bob Dylan released a song titled The Times They Are a-Changin’. Dylan said it “was definitely a song with a purpose,” and he hoped it would complement the civil rights movement and change the mindset of 1960s America.

Dylan’s message about “change” was appropriate for its time. But I want to emphasize that the concept of “change” is neither synonymous with, nor unique to a particular time/location, such as 1960s America. Change is inevitable and constant; as ancient Greek philosopher, Heraclitus, put it:  “Nothing is permanent but change.”

In today’s digital, hyper-connected world, IT professionals/executives must embrace the concept that change is constant. In fact, this factor should be considered in all issues associated with data security.

The interval between the decay of the old and the formation and the establishment of the new, constitutes a period of transition, which must always necessarily be one of uncertainty, confusion, error, and wild and fierce fanaticism. John C. Calhoun (1850).

Calhoun correctly points out that uncertainty, confusion, and error naturally follow change. This period of transition is almost as certain as the sun rising in the east and setting in the west.

For individuals, an increasingly digital world can create much confusion, uncertainty and error. Individuals must be cautious about protecting their “PII” (personally identifiable information) while surfing the Internet, making online purchases, or using a public Wi-Fi. When downloading an app, you may be agreeing to allow the app owner to gather/use your personal information, either for its own purposes or for a third party to whom the app owner might sell that information.

The same applies for businesses. Some of today’s best-of-breed data security precautions will be out-of-date in a relatively short period of time. As digital information grows, so do the challenges associated with managing this “big data,” which often times is referred to as “information governance.” The natural evolution of information governance will change the way that organizations send/maintain their data to ensure compliance with both internal and external mandates.

But you IT professionals/executives need not waste time worrying about this period of transition. Instead, you should accept that uncertainty, confusion, and error (yes, even error) will occur. Deal with data security as you would with any other aspect of your business. Find secure/managed file transfer experts and put a plan in place that provides a solution for your organization’s data security needs.

The absurd man is he who never changes. Auguste Barthelemy (1830-31).

Given all the news about data breaches, one would think that people/organizations would change their data security processes. At least one survey suggests that we still are not very “cyber-security conscious.”  Consider this survey finding:

We found that 44 percent of smart phone owners felt that apps are mishandling or misusing their private information, but still, 56 percent of them have downloaded an app without reading the permissions, and one in three said they would provide an app with more data about themselves if it means they could use the apps to make their lives easier.

The same can be said for corporate America. An online article from Fortune questions whether corporate America deals with cybersecurity merely as an “afterthought.” As evidence, it offers the following point:

Maybe investors aren’t yet interested in knowing the preventive costs of cyber security. After all, Sony’s infamous November 2014 hack was so crippling that they have been unable to produce their December 2014 quarter-end financial statements, and don’t expect to do so until the end of this month. Investors don’t seem troubled by a lack of current financial information: the stock is up about 26% since the hack.

But even the entertainment industry, where change occurs at a glacial pace, seems to be coming around. Our entertainment industry customers/prospects are showing a heightened interest in securing their data, whether it is being transmitted within the organization or outside the organization to their many business partners. Gradually, the industry has come to grips with the fact that existing processes and procedures governing the flow of data have to change. It seems that Hollywood is open to developing modern strategies for securing and managing digital information. They want (and need) a secure/managed file transfer solution that protects files with encryption and passwords, and gives an organization the power to monitor its systems and track who is doing what with sensitive files.

The more things change, the more they remain the same. Alphonse Karr (1849).

Thus far I’ve talked about some potentially troubling things–that change is inevitable and constant especially in today’s digital, hyper-connected world; that a period of confusion, uncertainty and error necessarily follows change; and that only a fool refuses to keep pace with change. Pretty daunting stuff, I must admit. But before concluding this discussion, I want to offer some suggestions I think will help your organization’s file transfer strategy keep pace.

bTrade has been in the secure/managed file transfer space for more than 25 years, so we’ve have seen a lot of change and have helped are many customers keep pace with change. To secure your organization’s data flows involves more than just flipping a switch.  As we often say, cybersecurity is journey, not a destination. To help you along the way of your journey, consider the items presented below for what we consider to be some essential aspects of a comprehensive file transfer solution.

    1. Security at the file level using FIPS 140-2 certified encryption standards

    2. Proprietary compression algorithm provides an additional layer of security at the file level

    3. Added security at the transmission level using the latest secure protocols

    4. Reliable and searchable file transmissions that run securely through one point

    5. Lightning-fast, secure data movement with a reliable HA infrastructure

    6. Real-time data movement to ensure your logistics are streamlined

    7. Every transfer can be compressed, encrypted and signed, whether in-flight or at-rest inside your network

    8. Speedy deployment that allows end users to download the software and install quickly

    9. A modern web-based user interface which makes it easy for members of your organization to manage

    10. A set of dashboards that enable real-time, end-to-end monitoring of key data (messages, transactions, participants, mailboxes, certificates, services, connections, etc.)

    11. An alert processor that automatically sends email alerts when important events occur, such as when there is an error occurring with a file transfer

    12. Supported on multiple operating systems (e.g., Windows, Linux, UNIX, Solaris, HP-UX and AIX, iSeries/zSeries)

    13. Supported in multi-tiered networks: DMZ and internal network components

     14.Self-service web portal that empowers users to manage their trading partner community

     15. Provision for “ad hoc” file transfers–allow participants/trading partners to exchange messages securely, quickly and easily without be registered or listed in the file transfer gateway

With these components in place, the solution can grow with your organization’s needs while keeping the same user experience and giving you the same flexibility and level of security. In short, you will have a solution that allows your organization to adapt to change as your organization changes, a as well as when internal and external mandates change.

bTrade Can Help

To learn more about bTrade, or if you have questions or need assistance on ways to protect your enterprise network, please visit or contact our data security experts at Also, if you will be attending the RSA conference in April, please visit us at Booth 540.