01:12 PM
Connect Directly

Rockland Trust Boosts Collaboration While Reducing File Transfer Risks

When Rockland Trust re-architected its existing Biscom secure file transfer solution to answer new demands, the bank gained collaborative work spaces, as well.

As more employees began clamoring to use commercial services such as Dropbox and SendThisFile to transmit ever-larger files to clients and partners, Rockland Trust needed a secure and compliant method to meet the demand. "Because we block such commercial sites to meet security, risk and compliance requirements, people were increasingly frustrated," recalls Dave Brown, AVP for information risk and security architecture at the Rockland, Mass., bank.

[BYOD policies are creating new risks as employees use insecure and unapproved consumer storage and file-sharing solutions: Securing Mobile Content: Addressing The DropBox Problem]

By early in 2012 Brown determined he could leverage an existing tool, Biscom (Chelmsford, Mass.) Secure File Transfer as a solution. Rockland ($5.8 billion in total assets) had adopted Biscom in 2008 as a user-friendly solution for select business and IT users to send and receive large encrypted files and, later, received kudos from the FDIC for using Biscom to improve merger tasks. "It's not every day you get props from the FDIC," says Brown.

However, Rockland's original Biscom configuration limited the tool's use. "Our single Biscom server, which also housed the associated Oracle MySQL database, was connected to our firewall," explains Brown. "In addition to residing at the edge of our security perimeter, the system wasn't load balanced and it accessed the Internet via a single connection. With so many single points of failure, we needed to re-architect the system."

Due to other enterprise initiatives, re-engineering the Biscom environment was pushed to early this year, when Rockland began working with Biscom to assemble requirements. "Among other things, we wanted to use Microsoft Active Directory in Window Server 2008 for credentialing," explains Brown. "The original deployment required a separate user name and password."

During the spring of 2013 a new environment for Biscom was engineered, piggybacking on a larger Rockland continuity initiative. "We setup Biscom on an internal application server virtualized with VMware," Brown says. "We also upgraded Biscom to use our new [Microsoft] SQL Server 2008 R2, instead of MySQL. "Plus, we utilized load-balanced front-end application servers to proxy into our internal Biscom server."

Throughout the deployment Rockland tapped Biscom for technical assistance. "We worked with one engineer," says Brown. "His experience demonstrated he had clearly done this type of migration before."

By August 2013 Rockland was ready to cut over. "We carved out a couple of hours during a business day," Brown says. "The migration took place smoothly with only about an hour of disruption to Biscom users."

Besides the desired continuity gains, rewards from the new system include collaboration capabilities. "Biscom has a secure workspace feature," Brown reports. "We've created a workspace for our Board documents, which can be accessed via an iPad app. And, at the end of November, we'll create a segregated space for our FDIC auditors, eliminating the need for auditors to log into our systems."

Moving forward, Brown foresees adopting a Biscom add-in for Microsoft Outlook, enabling users to launch a secure file transfer from within the familiar interface. "We're testing this functionality right now," acknowledges Brown. "We need to address various internal issues before we roll it out."

One issue is licensing. "We currently have 150 sender licenses," says Brown. "A license isn't required to receive files. We have 1,400 registered receivers and that number is growing all the time."

Regardless, Brown anticipates demand will skyrocket as more Rockland teams discover the benefits of Biscom's workspace for ongoing and ad-hoc needs. "We expect receiver accounts to shoot up and are budgeting for double the number of senders in 2014."

Today, what began as a tool for a select few is now a critical point-and-click utility accessed around the clock. "Whenever someone begins using the system I send them instructions," notes Brown. "But they always tell me then never even read them. Senders type who they're sending to, which documents, add any notes and hit go. It's as simple as that."


Institution: Rockland Trust (Rockland, Mass.).

Assets: $5.8 billion.

Business Challenge: Provide end users with a secure tool for sharing and transferring large files.

Solution: Biscom (Chelmsford, Mass.) Secure File Transfer solution.

Anne Rawland Gabriel is a technology writer and marketing communications consultant based in the Minneapolis/St. Paul metro area. Among other projects, she's a regular contributor to UBM Tech's Bank Systems & Technology, Insurance & Technology and Wall Street & Technology ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
11/11/2013 | 4:13:45 PM
re: Rockland Trust Boosts Collaboration While Reducing File Transfer Risks
That will have to be the strategy more and more firms have in place going forward, if they don't already.
User Rank: Author
11/11/2013 | 4:11:49 PM
re: Rockland Trust Boosts Collaboration While Reducing File Transfer Risks
It was kind of "consumerization" in action with a good outcome. Rather than a rigid policy of "no, you cannot do that" [or looking the other way and hoping nothing bad would happen], Rockland identified and implemented a solution that enables employees to work the ways they want to, while also having the necessary controls and security in place.
User Rank: Author
11/8/2013 | 7:45:46 PM
re: Rockland Trust Boosts Collaboration While Reducing File Transfer Risks
I imagine the collaboration aspect and secured workspace are well received, in this current world of remote working we live in.
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.