It’s a given that users with access to your MFT solution have permission to use it and know exactly what they are allowed to do with it. But maybe it shouldn’t be.
Security policies change regularly due to internal organizational evolution as well as new external regulations like GDPR. By definition your approved users are cleared to manage the transfer of sensitive information, but it’s unrealistic to expect all of them to stay up-to-date with constantly-evolving security requirements. Yet at the same time you need some way to not only update these users but also get them to agree to comply with new security policies. The last thing anyone wants is an unintentional security exposure caused by a user saying “I didn’t know I wasn’t supposed to do that!”
An Auditable Sign On Disclaimer for Managed File Transfer
One effective way to ensure user acknowledgement with security policies is to enforce compliance at sign on. Before a user gains access, they’re required to check a box indicating they’ve read and agree to a specified security policy. The latest version of MOVEit 2018 includes this feature: Ipswitch customers can now prompt their end users and administrators to agree to security (or any other) policies, as well as maintain proof of their acceptance.
Logging in With a New Security Notice
Note that anyone who doesn’t check the box is denied access; users MUST read the policy before they can sign in. They only have to do this once, so it’s not making the system more burdensome. Note also that this doesn’t just apply to security policies – administrators can write anything they want in this section.
Customizing the Security Notice
No matter what your organization’s specific needs are, you can develop a specific policy and require your users to agree to it. This is not only a way to enforce your own data security standards (DSS) but also a way to ensure compliance with regulations like GDPR and HIPAA. This also allows you to keep up with changing requirements as every time you change the security policy the user will be required to agree with it next time they log in. Most importantly, this gives administrators an auditable record of exactly which policy each user has agreed to and when.
Sign On Notice Acceptance Report
No matter what your particular policy is, no longer will you have users claim “I didn’t know!” You’ll have proof that they did know and they agreed to comply.
For more details about MOVEit 2018 check out the product page here.