IT Security Threat Reaches Executive Level

Friday, April 18, 2014 Posted by

The success of a company now relies on its ability to secure critical data.  When escalated to this level of importance, it’s time for the CEO and board to become directly engaged in the process.

The traditional role of IT has changed significantly in recent years.  IT professionals, previously tasked with configuring office computers and network servers, are now entrusted with securing trade secrets and highly sensitive customer records.  Add to this a surge of cloud-based applications and storage that make an organization’s data vulnerable and the IT department suddenly has a very full plate.

Organizations are being targeted primarily for the purpose of financial gain.  Customer records often include sensitive data that can be easily monetized, providing ample motivation for both hackers and internal threats.  As companies increase their digital assets — through the harvesting of more customer personal, financial and transaction information – they become a higher profile target for thieves.

Failure to Recognize a Breach

single sign-on breachFirewallThe challenge often seems to be detecting and resolving intrusions.  Sometimes the first notification of a breach comes from federal investigators who’ve discovered the organization’s data on the open market.  Even when signs of suspicious activity present themselves, too frequently the threat is not given proper escalation.

Of greatest concern is the timely reporting of incidents through the levels of company leadership, regulatory authorities and, ultimately, the effected parties. The IT department might feel compelled to research and resolve the breach before notifying senior management.  This can turn a potentially damaging situation into a public relations nightmare.

Common Language is Key

The solution begins with establishing a communication channel and common language between business and IT leaders.  Together they must understand and agree upon the level of risk the organization is willing to tolerate.

These marching orders allow the IT department to make a plan that meets these strategic needs.  Once completed, the gaps, priorities, and strategy needs to be communicated back to the CEO and board in a language that top leadership can understand.

Lastly, don’t deny the limitations of your IT department.  The complexities and rapidly changing nature of security breaches may require the assistance of outside expertise to keep systems and procedures current.

This post is based on a TechRepublic article by Michael Kassner titled, “C-level execs need to rethink IT security”.

 

SFTP Server in the DMZ or Private Network

Wednesday, March 19, 2014 Posted by

Many organizations have an SFTP server installed where their trading partners can connect to securely upload and download sensitive files.

SFTP Server in the DMZ

Traditionally SFTP Servers have been installed in the DMZ (or public facing) segment of the network since organizations were fearful of opening inbound ports into the Private (internal) network.

sftp server - DMZ

Keeping the SFTP Server in the DMZ, however, has posed several problems.  The primary issue is that files have to be stored in the DMZ when they are dropped off by partners, or otherwise staged temporarily for pickup. Those staged files have a higher risk of being accessed by hackers since the DMZ is more exposed to the Internet.  You could require those staged files to be encrypted with something like Open PGP, but many auditors don’t like to see any sensitive files in the DMZ, encrypted or not.

Another issue is that you often have to write scripts to copy the files back and forth between the DMZ and private network, which takes programmer effort and can lead to errors.

SFTP Server in the Private Network

To keep sensitive files out of the DMZ, some organizations have moved their SFTP server into the private network.

sftp server - private network

This approach eliminates the need to write scripts for moving files back and forth.  The big downfall of this approach is that ports were traditionally opened into the private network for trading partners to gain access to the SFTP server.  These open ports could create a potential risk for attackers to gain access to the private network.  In today’s security-conscious environment, most IT auditors do not like to see any inbound ports opened into the private network… especially if you are storing sensitive PCI or HIPAA data on those servers.

Gateway in the DMZ while keeping the SFTP Server in the Private Network

An approach that is quickly gaining in popularity is to implement a gateway component in the DMZ.  The gateway will serve as an enhanced reverse proxy which does not require inbound ports into the private network. 

sftp server - gateway

At startup time, the SFTP server will establish a special control channel with the gateway, which is kept alive continuously.  When partners connect to the gateway, it will make requests over the existing control channel to the SFTP server.  The SFTP server will then open any data channels needed back through the gateway to service the trading partners.  The whole process is transparent to the trading partners.  No data is ever stored in the DMZ since it is simply streamed through the gateway.

A gateway in the DMZ therefore solves two major security issues:

  1. No files need to be stored in the DMZ, including user credentials
  2. No inbound ports need to be opened into the Private network

Since a proprietary control channel is used to communicate between the gateway and the SFTP server, you will need to purchase both components from a single vendor.  When looking for the right gateway for your organization, make sure it is easy to set up and manage.  It is critical that it does not require inbound ports into the private network or require any data to be stored in the DMZ.

Contact a Linoma Software representative today to learn more about an enhanced reverse proxy solution on your network.

New Secure File Sharing App for iOS and Android

Friday, March 14, 2014 Posted by

Secure file management is now possible in the Bring Your Own Device (BYOD) workplace with the introduction of Linoma Software’s GoAnywhereTM File Transfer app for the iOS and Android operating systems.

file sharing appThis new app enables users of Apple and Android phones and tablets to easily and securely connect with their corporate network to transfer files. The intuitive menus in the app allow users to upload or download without special training or technical skills.

“File management is a critical function in any workplace and, without a secure BYOD solution, users will find a workaround to maintain productivity,” said Bob Luebbe, chief architect for GoAnywhere. “Delivering mobility tools that make it easier for workers to connect with corporate servers reduces reliance on policy enforcement to control data security.”

As an enterprise solution for secure mobile file sharing, GoAnywhere File Transfer allows data to remain on company servers so no information is uploaded to the cloud. Employee access and permissions are controlled by the administrator, including LDAP and AD authentication for Android and iOS devices.

Because the mobile app connects with GoAnywhere Services – a secure FTP server for enterprise – all file transfer events are logged to meet compliance with SOX, PCI DSS, HIPAA and state privacy laws.

“We’re always listening to our customers and this new mobile app is a direct result of that feedback,” Luebbe said. “Our customers’ trading partners and vendors can also use this app to exchange files with our customers’ systems. It’s a win-win for everyone.”

The GoAnywhere File Transfer app is available for download now on iTunes and the Google Play store. It is free to customers licensed for the GoAnywhere Services HTTP/s module.

GoAnywhere Services — part of the GoAnywhere Managed File Transfer (MFT) software suite — makes it easy for trading partners, remote employees and other external parties to initiate encrypted file exchanges through standard protocols including SFTP, FTPS and HTTPS.

About Linoma Software

Founded in 1994, Linoma Software provides innovative solutions for managed file transfer and data encryption. With a diverse install base of more than 3,000 customers around the world, Linoma’s focus on research and development, as well as customer service and support, contributes to its leadership in the software industry.

About GoAnywhere™ Managed File Transfer Suite

GoAnywhere™ is a managed file transfer and secure FTP solution that will streamline and automate file transfers with trading partners, customers, employees and internal servers. Enterprise level controls and detailed audit logs are provided for meeting strict security policies and compliance requirements including PCI DSS, HIPAA, HITECH, SOX, GLBA and state privacy laws.

GoAnywhere can be installed on most platforms including Windows®, Linux®, IBM® i (iSeries®), UNIX®, AIX® , and Solaris®, and supports popular protocols including FTP, SFTP, HTTPS, and AS2. Optional modules include Secure Mail for ad-hoc file transfers and NIST® certified FIPS 140-2 validated encryption.

The GoAnywhere solution is comprised of three products:

  •     GoAnywhere Director™ – Managed File Transfer (scheduler, workflow automation, file encryption, etc.)
  •     GoAnywhere Services™ – Secure FTP Server and optional Web Server
  •     GoAnywhere Gateway™ – DMZ Gateway with Reverse and Forward Proxy

 

More information and a free trial of GoAnywhere Services can be found at http://www.GoAnywhere.com.

Managed File Transfer Mobile App Targets Cloud Storage

Friday, March 14, 2014 Posted by

The introduction of smart phones and tablets quickly spawned an industry of mobile apps and cloud storage.  With the rise of Bring Your Own Device (BYOD) in the workplace, the demand for simple and efficient file sharing skyrocketed.  IT departments lacked the tools to satisfy internal customer demands so, in the interest of maintaining productivity, employees found workarounds through unsecured apps and public storage.

GoAnywhere mobile apps

Best of Both Worlds

Today, Managed File Transfer (MFT) software is bringing document management full circle.  In addition to flexibility, automation and improved compliance reporting, MFT has dramatically simplified how trading partners and end users interact with documents.  Mobile apps and web-based clients are bridging the gap recently filled by cloud storage providers.

The real advantage lies in returning control to the network administrator.  Data remains on corporate servers so no information is uploaded to the cloud.  Authorized users are restricted to accessing designated folders and administrators control permission settings, such as read-only or upload rights.  Secure Mail functionality allows users to send email messages with a unique link to files that recipients can download securely through a HTTPS connection.

Reducing Risk of Data Loss

Reliance on policy enforcement to control data security was always an uneasy stop-gap solution.  Now, IT personnel can transition resources to focus on strategic initiatives rather than police information flow.

The GoAnywhere File Transfer app is available for download now on iTunes and the Google Play store. It is free to customers licensed for the GoAnywhere Services HTTP/s module.

If you’d like to learn more about Managed File Transfer and it’s ability to transform your IT operations, contact a GoAnywhere team member today.

File sharing needs to be easier for employees
and more secure for IT administrators

Thursday, January 23, 2014 Posted by

It’s the age-old file sharing dilemma: how do you make technology easy for end users without compromising the security protocols your company requires?

Workflows are moving at ever increasing speeds, and we’re all trying to get more done in less time.  Employees are often juggling multiple projects at once and view having to follow complicated security protocols as an annoying speed bump.  They don’t mean to be non-compliant.  They’re just in a hurry and under pressure, so any shortcut they can find is tempting.

File sharing shortcuts may be easy, but are they secure?

When it comes to file sharing, especially sending sensitive files to vendors, customers, trading partners, or even other internal teams, those outside of the IT department will look for the path of least resistance.  How can I get this file to that person easily and quickly?

The answer tends to be one of two choices.  Employees will either attach the file to an email, or if it’s too large, they’ll try one of those free cloud-based applications like Dropbox, Box.net, or Google Drive.  As far as they’re concerned, as long as the file gets to where it’s going, that’s what really matters. Most people in the office don’t realize that email attachments aren’t secure, and that the cloud tools may not meet the security compliance regulations that affect their organization.

GoAnywhere File Sharing WebinarUpcoming webinar provides a convenient and secure solution

Therefore, the challenge is finding a way to make it as easy for employees to share files securely as it is for them to use one of those shortcuts.  Fortunately, GoAnywhere has developed that alternative.

We’re presenting a live webinar on Thursday, January 30, to show you just how easy secure file sharing can be.

Find out how GoAnywhere Services, the secure FTP server product within the GoAnywhere Managed File Transfer Suite, gives your employees a convenient way to share files as easily as with any other shortcut they’ve found.  The advantage is that those files are sent through a unique, encrypted HTTPS link that the recipient clicks to download the file.  In addition, the file transfer is tracked so that detailed audit reporting can be maintained in compliance with organizational and industry data security regulations.

Finding the right balance between convenience and security is the key to maintaining a great relationship between employees and the IT team.