<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">
Defrag This

| Read. Reflect. Reboot.

Enforcing Security Policy Agreement at Sign On with MOVEit

Mark Towler| October 30 2018

| security, MOVEit, Encryption

enforcing-security-policy-agreement-at-sign-on-with-moveit

It’s a given that users with access to your MFT solution have permission to use it and know exactly what they are allowed to do with it. But maybe it shouldn’t be.

Security policies change regularly due to internal organizational evolution as well as new external regulations like GDPR. By definition your approved users are cleared to manage the transfer of sensitive information, but it’s unrealistic to expect all of them to stay up-to-date with constantly-evolving security requirements. Yet at the same time you need some way to not only update these users but also get them to agree to comply with new security policies. The last thing anyone wants is an unintentional security exposure caused by a user saying “I didn’t know I wasn’t supposed to do that!”

An Auditable Sign On Disclaimer for Managed File Transfer

One effective way to ensure user acknowledgement with security policies is to enforce compliance at sign on. Before a user gains access, they’re required to check a box indicating they’ve read and agree to a specified security policy. The latest version of MOVEit 2018 includes this feature: Ipswitch customers can now prompt their end users and administrators to agree to security (or any other) policies, as well as maintain proof of their acceptance.

security-notice-moveit

Logging in With a New Security Notice

Note that anyone who doesn’t check the box is denied access; users MUST read the policy before they can sign in. They only have to do this once, so it’s not making the system more burdensome. Note also that this doesn’t just apply to security policies – administrators can write anything they want in this section.

 settings-appearance-moveit

Customizing the Security Notice

No matter what your organization’s specific needs are, you can develop a specific policy and require your users to agree to it. This is not only a way to enforce your own data security standards (DSS) but also a way to ensure compliance with regulations like GDPR and HIPAA. This also allows you to keep up with changing requirements as every time you change the security policy the user will be required to agree with it next time they log in. Most importantly, this gives administrators an auditable record of exactly which policy each user has agreed to and when.

sign-on-acceptance-report

Sign On Notice Acceptance Report

No matter what your particular policy is, no longer will you have users claim “I didn’t know!” You’ll have proof that they did know and they agreed to comply.

For more details about MOVEit 2018 check out the product page here.

Topics: security, MOVEit, Encryption

Leave a Reply

Your email address will not be published. Required fields are marked *

THIS POST WAS WRITTEN BY Mark Towler

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.