Managed File Transfer 101: What’s in it for Me?

Tuesday, July 8, 2014 Posted by

managed file transfer 101 - fileTransferGroupThe term MFT (Managed File Transfer) is not new but you may be hearing it more frequently.  Changes in data security and transmission regulations have brought this established technology to the forefront, but what exactly does it entail?

Linoma Software recently hosted “Managed File Transfer 101”, a webinar to present the essentials of MFT and what you should look for when researching an MFT solution for your organization.

Current State of File Transfer

In the presentation, Bob Luebbe, chief architect of Linoma Software, talked about the existing challenges of file transfer:

  • Old technology – such as Standard FTP – is still in use despite limitations and risks posed by data “sent in the clear”.
  • Time consuming manual processes that might include the use of PC tools.  Scripts are also a legacy of old processes that continue to saddle IT departments.  Programmers create and maintain these scripts – often hundreds or thousands – to automate transfers.
  • File access is often too decentralized, making it difficult to control and manage.  Compliance has become more stringent in data management.
  • Lack of notifications critical to insure successful data movement, rather than waiting for a partner to notice missing or incomplete transfers.  Traditional logs can be helpful but are also hard to find and filter for adequate audit trails.  The big issue is meeting data privacy regulations (e.g., PCI-DSS, HIPAA, GLBA and SOX) without centralized logs.
  • Employees are still sending files unchecked.  Without a simple and secure alternative, employees find their own solutions for file portability to maintain productivity.

This final point often involves employees storing sensitive files on their PCs and laptops, sending documents through email, and utilizing cloud storage providers – like Dropbox – without proper controls in place.  If a company doesn’t have internal policies in place to address file sharing and transfers, the liability risk can be severe.

In a 2013 study by Stroz Friedberg on Information Security in American Business, it was found that 3 out of 4 office workers upload work files to their personal email or cloud account.  Of this group, 37% said it was because they prefer using their personal computer while 14% said it’s because taking their work laptop home was simply too much effort.

managed file transfer 101 - 58percent_send_to_wrong_personThe same survey highlighted the role of senior managers in an organization’s data risk.  Often the worst offenders, 58% admitted to accidently sending sensitive information to the wrong person. Just over half also admitted to taking files with them after leaving a job.

While MFT won’t put a stop to this practice, a workflow built on the secure storage of sensitive business documents will add transparency to file access activity.

What is Managed File Transfer?

File Transfers, in their basic form, involve the sharing of files with others through FTP, email or a cloud solution.  In contrast, Managed File Transfer takes a centralized enterprise-level approach to automating and securing file transfers.  This produces a secured, scheduled and trackable file transfer. By creating transparency within your organization, files are tracked and logged as they enter and leave your network.  MFT is a smart solution for companies who understand the liability and risk involved in transmitting sensitive data.

  • Keep files safe and secure
  • Make sure files go where they are needed, when they are needed
  • Track files from start to finish for compliance purposes

To see what MFT looks like in a real world example, the team at Linoma would be happy to schedule a live demo of the GoAnywhere Suite.  You can also click here to view the entire webinar for free. Discover how simple and affordable it can be to utilize an MFT solution in your organization.

Do More in Less Time with GoAnywhere Director Release 4.6

Tuesday, June 3, 2014 Posted by

Linoma Software has a long history of bringing innovation to encryption and file transfer software.  With release 4.6 of GoAnywhere Director, the development team focused on existing tools in an effort to reduce set up and maintenance of file transfer Jobs.  The result was an extensive list of amazing time-saving improvements to benefit every user.

Streamline Administration

Batch jobs can now be organized and prioritized within their own custom job queues. Customers can assign a higher priority to certain jobs in order to meet their service level agreements with select trading partners. Jobs can also be executed sequentially using single-threaded job queues to ensure that file transfers occur in the order they were submitted.

release 4.6 - queues

 

Manipulating groups of data is even easier in release 4.6. For instance, the values from a database table can be modified to meet a vendor’s requirements when written to an XML, CSV, fixed-width, or Microsoft Excel file.  In turn, before being imported into a database system, the values in a document can be read and altered to meet the application’s requirements.

File monitors can now be set up to easily scan SFTP, FTP and FTPS servers to execute a project workflow when a new, updated or deleted file is detected. With a step-by-step wizard, you can indicate the folders to scan, the file pattern and the frequency.  If no files are found on the targeted server for the time period, GoAnywhere can alert personnel quickly with email notifications.

Take Control

release 4.6 - debuggerWhile GoAnywhere Director makes it easy to build complex file transfer projects, there are occasions when a user needs a deeper level of control and visibility into the steps being performed.  This newest release introduces a debugging tool for project workflows.  The new debugger allows an administrator to step through tasks and view or modify the value of variables after each task has executed.

One of the more significant enhancements in release 4.6 is the ability to run remote commands on SSH enabled servers. The new “Execute SSH Commands” task allows administrators to pass command parameters using variables, and the output from the command can be directed to the job log or an output file. As an example, this new task can be used to automate software installations, perform upgrades and other admin functions on Linux and UNIX servers.

Improve Security

Security continues to be a top priority for Linoma Software.  The release of GoAnywhere Director 4.6 brings with it the ability to set up folders that secure data at rest using automatic AES-256 encryption. This helps to provide compliance with PCI, HIPAA and other strict data security regulations.

release 4.6 - manager

 

A complete list of enhancements can be found in the release notes on the GoAnywhere Director website.

Single Sign-On Adds Simplicity and Integration to GoAnywhere Services 3.5

Tuesday, May 13, 2014 Posted by

The release of GoAnywhere Services version 3.5 introduces SSO (Single Sign-On) support to our secure FTP software.  Those familiar with the technology understand the significance of this enhancement in improving security and simplicity in our HTTPS Web Client.

Single Sign-On GoAnywhere Services

Today’s workplace requires a growing number of usernames and passwords to access the company’s network portal, webmail, benefits system, cloud-based applications, and much more.  This can lead to “weak” passwords or the overuse of a single password which, if stolen, can create vulnerability across multiple accounts.

SAML (Security Assertion Mark-Up Language) is an XML based open standard for authorization and authentication between an Identity Provider and a Service Provider.

Implementing SSO affords your organization a number of opportunities.  The addition of SAML v2.0 support, using the OpenSAML API, allows GoAnywhere Services to improve productivity, increase adoption, centralize user access control and add a uniform security layer.

In addition, SSO support now allows integration of GoAnywhere Services with both internal applications and compatible external applications.  For example, you can now regain control of documents storage in Salesforce.com while providing a simple and seamless experience for users.

Additional enhancements include two new languages, custom disclaimers for all languages and new Virtual Folder commands.

Expanded Language Support

Version 3.5 adds support for two new languages: Portuguese and Bahasa.  Linoma Software continues to evaluate requests for additional languages as part of our commitment to building a product that serves an international marketplace.

This release also improves language support by accommodating custom disclaimers for each language.

Virtual Folder Commands

GACMD (GoAnywhere Command) received an update that improves the ability to create, update, and delete virtual files and folders across a range of web user and group profiles in GoAnywhere Services.  GACMD provides a way to programmatically send commands to GoAnywhere Services and our file automation solution; GoAnywhere Director.

A result of user feedback, this enhancement further improves the efficiency of GoAnywhere Services.

 

 

 

IT Security Threat Reaches Executive Level

Friday, April 18, 2014 Posted by

The success of a company now relies on its ability to secure critical data.  When escalated to this level of importance, it’s time for the CEO and board to become directly engaged in the process.

The traditional role of IT has changed significantly in recent years.  IT professionals, previously tasked with configuring office computers and network servers, are now entrusted with securing trade secrets and highly sensitive customer records.  Add to this a surge of cloud-based applications and storage that make an organization’s data vulnerable and the IT department suddenly has a very full plate.

Organizations are being targeted primarily for the purpose of financial gain.  Customer records often include sensitive data that can be easily monetized, providing ample motivation for both hackers and internal threats.  As companies increase their digital assets — through the harvesting of more customer personal, financial and transaction information – they become a higher profile target for thieves.

Failure to Recognize a Breach

single sign-on breachFirewallThe challenge often seems to be detecting and resolving intrusions.  Sometimes the first notification of a breach comes from federal investigators who’ve discovered the organization’s data on the open market.  Even when signs of suspicious activity present themselves, too frequently the threat is not given proper escalation.

Of greatest concern is the timely reporting of incidents through the levels of company leadership, regulatory authorities and, ultimately, the effected parties. The IT department might feel compelled to research and resolve the breach before notifying senior management.  This can turn a potentially damaging situation into a public relations nightmare.

Common Language is Key

The solution begins with establishing a communication channel and common language between business and IT leaders.  Together they must understand and agree upon the level of risk the organization is willing to tolerate.

These marching orders allow the IT department to make a plan that meets these strategic needs.  Once completed, the gaps, priorities, and strategy needs to be communicated back to the CEO and board in a language that top leadership can understand.

Lastly, don’t deny the limitations of your IT department.  The complexities and rapidly changing nature of security breaches may require the assistance of outside expertise to keep systems and procedures current.

This post is based on a TechRepublic article by Michael Kassner titled, “C-level execs need to rethink IT security”.

 

SFTP Server in the DMZ or Private Network

Wednesday, March 19, 2014 Posted by

Many organizations have an SFTP server installed where their trading partners can connect to securely upload and download sensitive files.

SFTP Server in the DMZ

Traditionally SFTP Servers have been installed in the DMZ (or public facing) segment of the network since organizations were fearful of opening inbound ports into the Private (internal) network.

sftp server - DMZ

Keeping the SFTP Server in the DMZ, however, has posed several problems.  The primary issue is that files have to be stored in the DMZ when they are dropped off by partners, or otherwise staged temporarily for pickup. Those staged files have a higher risk of being accessed by hackers since the DMZ is more exposed to the Internet.  You could require those staged files to be encrypted with something like Open PGP, but many auditors don’t like to see any sensitive files in the DMZ, encrypted or not.

Another issue is that you often have to write scripts to copy the files back and forth between the DMZ and private network, which takes programmer effort and can lead to errors.

SFTP Server in the Private Network

To keep sensitive files out of the DMZ, some organizations have moved their SFTP server into the private network.

sftp server - private network

This approach eliminates the need to write scripts for moving files back and forth.  The big downfall of this approach is that ports were traditionally opened into the private network for trading partners to gain access to the SFTP server.  These open ports could create a potential risk for attackers to gain access to the private network.  In today’s security-conscious environment, most IT auditors do not like to see any inbound ports opened into the private network… especially if you are storing sensitive PCI or HIPAA data on those servers.

Gateway in the DMZ while keeping the SFTP Server in the Private Network

An approach that is quickly gaining in popularity is to implement a gateway component in the DMZ.  The gateway will serve as an enhanced reverse proxy which does not require inbound ports into the private network. 

sftp server - gateway

At startup time, the SFTP server will establish a special control channel with the gateway, which is kept alive continuously.  When partners connect to the gateway, it will make requests over the existing control channel to the SFTP server.  The SFTP server will then open any data channels needed back through the gateway to service the trading partners.  The whole process is transparent to the trading partners.  No data is ever stored in the DMZ since it is simply streamed through the gateway.

A gateway in the DMZ therefore solves two major security issues:

  1. No files need to be stored in the DMZ, including user credentials
  2. No inbound ports need to be opened into the Private network

Since a proprietary control channel is used to communicate between the gateway and the SFTP server, you will need to purchase both components from a single vendor.  When looking for the right gateway for your organization, make sure it is easy to set up and manage.  It is critical that it does not require inbound ports into the private network or require any data to be stored in the DMZ.

Contact a Linoma Software representative today to learn more about an enhanced reverse proxy solution on your network.