Enforcing Security Policy Agreement at Sign On with MOVEit

Enforcing Security Policy Agreement at Sign On with MOVEit

Posted on August 20, 2019 0 Comments

Security policies are prone to change, and you need to keep your users up-to-date on those changes so that they won't violate the terms of the policy, but doing so is often easier said than done.  


Policy changes can come from internal organizational evolution as well as new external regulations like GDPR. Your approved users are cleared to manage the transfer of sensitive information, but it’s unrealistic to expect all of them to stay up-to-date with constantly-evolving security requirements. Yet at the same time you need some way to not only update these users but also get them to agree to comply with new security policies. The last thing anyone wants is an unintentional security exposure caused by a user saying “I didn’t know I wasn’t supposed to do that!”

An Auditable Sign On Disclaimer for Managed File Transfer

One effective way to ensure user acknowledgement with security policies is to enforce compliance at sign on. Before a user gains access, they’re required to check a box indicating they’ve read and agree to a specified security policy. Since version 2018, MOVEit has included this feature: Ipswitch customers can prompt their end users and administrators to agree to security (or any other) policies, as well as maintain proof of their acceptance.


Logging in With a New Security Notice

Note that anyone who doesn’t check the box is denied access; users MUST read the policy before they can sign in. They only have to do this once, so it’s not making the system more burdensome. Note also that this doesn’t just apply to security policies – administrators can write anything they want in this section.


Customizing the Security Notice

No matter what your organization’s specific needs are, you can develop a specific policy and require your users to agree to it. This is not only a way to enforce your own data security standards (DSS) but also a way to ensure compliance with regulations like GDPR and HIPAA. This also allows you to keep up with changing requirements as every time you change the security policy the user will be required to agree with it next time they log in. Most importantly, this gives administrators an auditable record of exactly which policy each user has agreed to and when.


Sign On Notice Acceptance Report

No matter what your particular policy is, no longer will you have users claim “I didn’t know!” You’ll have proof that they did know and they agreed to comply.

For more details about MOVEit check out the product page here.

Mark Towler

View all posts from Mark Towler on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.


Comments are disabled in preview mode.

Sitefinity Training and Certification Now Available.

Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.

Learn More
Latest Stories
in Your Inbox

Subscribe to get all the news, info and tutorials you need to build better business apps and sites

Loading animation