Ad firm avoids extra password with system that ties into Active Directory
For a marketing and advertising agency with high-profile clients, transferring large files was becoming a nuisance – and a security risk.
DDB Canada relies on electronic file transfers to quickly send large amounts of data to clients, print houses and other suppliers for approvals and updates. Stephen Hunt, the company’s national director of information services, recognized a need to gain tighter control over these electronic documents.
The company was using two FTP servers, but it was having a few problems.
“First of all it wasn’t secure,” said Hunt. “While I don’t think there’s a huge chance of someone sniffing the line and watching our files go by, there have certainly been some notable exceptions in advertising before where things leaked early.”
A second problem was that end-users weren’t familiar with FTP, so they kept calling the IT department with questions. A third problem was that some of DDB’s clients, such as pharmaceutical companies, have been locking down their firewalls and blocking FTP, which has been the source of a lot of viruses. This meant DDB employees couldn’t send files to these clients.
Since DDB is a Lotus shop, Hunt’s initial response was to use Lotus QuickPlace, which allows users to create secure workspaces on the Web. But this turned out to be overkill, he said, since users had to be given IDs and passwords.
“This industry is full of people who will not take time for a technology that doesn’t easily solve a real problem for them,” he said. “These are creative folks – they don’t like technology particularly. If it stands in their way they’ll just avoid it.”
So last April, the company rolled out Accellion Courier Secure File Transfer, which Hunt discovered at a conference. “It ties into our Active Directory so there’s no extra user IDs and passwords for my internal people,” he said. “They’re taken directly to the file transfer page, which looks like an e-mail.” The client gets an e-mail message with a link instead of an attachment. The client then clicks on the link and goes through a verification process before downloading the file from a Web site.
“Our regular clients and suppliers don’t have to keep re-verifying all the time,” he said. “To them it looks like there’s no security when in fact it’s all based on their e-mail address – there’s actually quite a lot of security but it’s very transparent.”
For users, it requires minimal technical know-how, but Hunt has more control over security. The company had a call last month from a client, for example, that experienced a security breach over FTP. At some point, the client gave away its user ID and password, and somehow a number of other agencies got a hold of it. With Accellion this wouldn’t have happened, he said, because recipients can’t forward the link to another person.
The only issue, he said, is that users are restricted to sending individual files (up to 10 per message) but can’t send an entire folder. However, this capability should be available in the next version of the product, according to Accellion.
“FTP tends to be much more machine oriented, so it’s difficult for an end-user to use,” said Y.F. Juan, director of product marketing with Accellion. There are also more concerns from an enterprise perspective about security and compliance, as well as productivity.
“(Companies) could be looking for a way to send large files,” he said. “Instead of burning the data on a CD, you can send it in five minutes. That’s a huge productivity booster.” Other companies are looking for an alternative to FTP for security purposes, even if they aren’t sending large files.
Accellion also offloads a significant amount of traffic from a company’s e-mail servers, said Juan, since about 80 per cent of e-mail traffic is made up of attachments.