Higher Education Centralizes Campus-wide Secure File Transfers

While some may not think institutions of higher learning are a hive of business transactions, the truth is that they need to move data files as much as any enterprise.

The big difference between corporations and higher education is that companies typically use a top-down approach when it comes to selecting and implementing IT solutions. Conversely, in a university system, the different business offices and departments are frequently selecting technology independent of one another.  This creates a unique challenge for post-secondary schools.

Compliance Gatekeeper

From admissions and financial aid to alumni relations and human resources, universities must meet data security and reporting compliance with HIPAA, PCI DSS, GLBA, FISMA and FERPA, to name a few. This positions a school’s IT department as the central hub in maintaining secure connections between these independent systems and encrypting every file transfer sent to outside vendors and agencies.

Higher Education - Northwestern University logoTo help streamline this process, Northwestern University replaced their traditional FTP and file transfer scripts with an MFT (Managed File Transfer) solution that supports modern encryption standards and transmission protocols.

Scot Milford, Northwestern’s distributed application platform service manager, was among those tasked with finding a new solution. “We decided we needed to look for an application with good but easy reporting and something that provided a framework for standardization and more structure,” he remembers.

“I would say it’s extremely flexible,” states Ron Blitz, senior systems administrator in Northwestern’s IT Administrative Systems Enabling Technologies department. “It’s easy to construct a script-like process without writing any code. Customizing transfers specific to each trading partner takes minutes and is often just a simple ‘drag-n-drop’ or right-click away from being ready for Production.”

Continue Reading

To learn more about how Northwestern University is utilizing MFT to connect campus-wide systems and secure data exchanges with external trading partners, we invite you to read the “Higher Education Funnels Secure File Transfers Through GoAnywhere” case study.

What is AS2?

Applicability Statement 2 (AS2) is a popular file transfer protocol that allows businesses to exchange data with their trading partners.

AS2 combines the use of several secure and widely used technologies including HTTPS, SSL Certificates, S/MIME, and file hashing. By utilizing the strengths of each of them, AS2 has become the preferred protocol in many organizations for exchanging sensitive EDI files.

AS2 messages can be compressed, signed, encrypted and sent over an SSL tunnel making the file transfers very secure. And receipts can be sent back to the sender ensuring the messages were delivered successfully. The receipts can be digitally signed and will contain a checksum value that the sender will use to verify the message received is identical to what was sent.

Key Features of AS2

  • Message Encryption – By using the recipient’s public certificate, the AS2 message contents can be encrypted to keep the data secure. Only the recipient will be able to decrypt the contents using their private certificate.
  • Digital Signatures – The message can be signed using the sender’s private certificate which allows the recipient to verify the authenticity of the sender. The receipt that is sent back to the sender can also be signed to ensure the identity of the recipient’s system. These digital signatures are used for message integrity and non-repudiation of origin. They are typically used in addition to authentication using a user name, password, and/or certificate.
  • Compression – In order to improve transmission time, compression can be added to decrease the size of the message.
  • Receipt – The Message Disposition Notification (MDN, which is commonly referred to as a receipt) plays an important role in AS2 as it acknowledges that the recipient received the message. It can also be used to verify the identity of the recipient when the receipt is signed. Receipts that are sent back immediately over the same connection are referred to as a synchronous MDN. Receipts can also be sent back at a later time in asynchronous mode. This allows the recipient to process and verify the data before sending back a status to indicate if the transaction was successful.
  • Message Integrity Check – The recipient will calculate a checksum of the message using MD5, SHA1, or a SHA2 hashing algorithm. This value is referred to as the MIC and is shared with the sender by placing it in the receipt. The sender will calculate a checksum as well using the same algorithm. These two values are then compared to guarantee that the message sent is identical to the message that was received.
  • Non-repudiation of Receipt –The use of signatures on the message and receipt creates a Non-Repudiation of Receipt (NRR) event, which is considered legal proof of delivery.

Challenges with AS2

Both organizations will need an AS2 solution in order to exchange data. Due to the complex nature of the AS2 protocol with encryption, signatures, and receipts; it is possible that there can be compatibility issues between two separate products. Fortunately, Drummond Group has a rigorous program that validates an AS2 product follows the RFC 4130 standard and is interoperable with other certified products. Using a Drummond Certified solution, and requiring your trading partners do as well, alleviates the challenges of AS2 and allows you to focus on the business aspects of data transfers.

GoAnywhere MFT™ is Drummond Certified™ for AS2 and supports SHA2 algorithms for stronger security, chunked transfer encoding to handle large files, multiple attachments per message, and filename preservation.

Decision Time for Organizations Facing IBM Sterling Connect:Enterprise End-of-Life

Users of IBM Sterling Connect:Enterprise were notified in January of this year that an end-of-life date had been set for the product.  A 16-month window was set to allow customers time to migrate to a replacement Managed File Transfer product.

IBM Sterling Connect:Enterprise -End of Road DetourThe April 30, 2016 support deadline is fast approaching and failure to act has the potential for severe consequences. Operating mission-critical file transfer processes on an unsupported product can put operational continuity at risk, and an outright failure could irreparably damage relationships with trading partners.  It is critical for organizations to find an alternative to Connect:Enterprise and develop a migration strategy soon.

Options for Migration

IBM recommends that customers migrate over to another Sterling replacement, however this is not your only Managed File Transfer option.  Consider the following:

  • Be sure to evaluate the true cost of the alternative when factoring in staff and consultant time for migration, maintenance, and training.
  • What is the realistic timeline for this migration, and how do you mitigate risk if support for Connect:Enterprise expires before the project is complete?

To serve your organization’s best interests, it’s important to perform your due diligence when finding an alternative for Connect:Enterprise. Besides replacing Connect:Enterprise current functions, this is also the ideal opportunity to determine if there are additional enterprise requirements for batch or ad-hoc file transfers.

Linoma is offering GoAnywhere MFT™ as an enterprise-level managed file transfer alternative to Sterling Connect:Enterprise. GoAnywhere has an affordable price point with no limits on the number of trading partners.  With an intuitive interface and fast learning curve, Connect:Enterprise customers can convert to GoAnywhere in a relatively short period of time.

GoAnywhere offers centralized control over all transfers, including automation of internal and external file movement, and detailed audit logs with extensive reporting capabilities.  Key points of GoAnywhere are:

  • Affordable purchase price and low cost of ownership
  • Simple installation and operation
  • Responsive customer service and frequent updates
  • Industry standard encryption and protocols including SFTP, FTPS, HTTPS, SCP, Open PGP, ZIP with AES and AS2
  • Multi-platform support

GoAnywhere MFT’s intuitive browser-based interface and comprehensive workflow features will help eliminate the need for custom programs/scripts, single-function tools and manual processes that were traditionally needed. This innovative solution improves the reliability of your file transfers and helps your organization comply with data security policies and regulations.

With integrated support for clustering, GoAnywhere MFT can process high volumes of file transfers for enterprises by load balancing processes across multiple systems. The clustering technology in GoAnywhere MFT also provides active-active automatic failover for disaster recovery.

In addition to addressing core data transfer requirements, GoAnywhere also simplifies and secures file sharing and collaboration with its GoDrive module.  Unlike consumer-grade cloud sharing tools, GoDrive provides an on-premise alternative with centralized control and end-to-end encryption.  For ad-hoc transfers, the Secure Mail module makes it easy for employees to send sensitive information and attachments without file size or file type restrictions.  Both provide the security and audit logs needed to achieve compliance company-wide.

Connect with the GoAnywhere team and let us help you explore your migration options and file transfer requirements.

Linoma Software Releases GoAnywhere MFT 5.1

Release Highlights

AS2 Updates for Drummond Certification:

Last spring, Linoma began AS2 Drummond certification to improve GoAnyhwere MFT’s AS2 cross platform compatibility. While Linoma anticipates GoAnywhere MFT will be fully certified by November, GoAnywhere MFT 5.1 includes several back-end updates to ensure compatibility with other AS2 vendors. GoAnywhere customers who rely on AS2 for file transfers can be assured GoAnywhere meets compliance with optional profiles for:

  • FN (Filename Preservation)GoAnywhere MFT 5.1
  • MA (Multiple Attachments)
  • FN-MA (Filename Preservation with Multiple Attachments)
  • CTE (Chunked Transfer Encoding)
  • SHA2 hash algorithms supporting SHA256, SHA384 and SHA512

AS2 security features have become more secure and flexible with two new important updates to Web User Profiles. AS2 now supports dual factor authentication using certificates and passwords, and administration becomes simpler by using the same Certificate SHA1 fingerprint across multiple web users.

Advanced Reporting Updates:

GoAnywhere MFT 5.0 introduced a new advanced reporting engine to provide administrators with file transfer, workflow, and system information in PDF reports. MFT 5.1 expands the reporting features by including four new reports:

  • Secure Mail Disk Usage – Displays the Secure Mail disk usage for each Web User sorted by size.
  • Service Activity by Module – Displays all activity for the selected inbound services within the specified date range.
  • Service Errors – Displays all errors for the selected inbound services within the specified date range.
  • Global Activity Details – Displays all activity for the selected features based on the search term provided.

Service Activity Report Example:

Service Activity Report

System Alerts Updates:

GoAnywhere MFT can alert administrators when critical events occur on the system. MFT 5.1 expands the alerting feature to monitor for when Web Users become deactivated, when the connection between GoAnywhere Gateway and MFT has been interrupted, and when a change occurs in a GoAnywhere Cluster.

Command Line Updates:

GoAnywhere Command APIs allows external applications to run file transfers and workflows in GoAnywhere MFT. In GoAnywhere MFT 5.1, new commands have been created to aid users with the migration of features from one installation to another. These commands include:

  • Export Project
  • Delete Project
  • Export Resource
  • Export Schedule
  • Export Monitor
  • Export Trigger
  • Export Web User
  • Export Web User Group

Managing File Transfer Bandwidth:

Bandwidth monitoring and throttling has been added for all Web User and workflows transfers between select FTP, FTPS, and SFTP Resources. This allows administrators to control how much bandwidth is being used by a specific process. A new Active Transfers page displays the current file transfers.

Upgrade Considerations:

  • More information for new features and bug fixes can be found on the Release Notes.
  • GoAnywhere Director and GoAnywhere Services customers that are covered under a Maintenance agreement can upgrade to GoAnywhere MFT at no additional charge.
  • You will be able to enjoy the same licensed features as what you paid for originally.
  • Upgrade scripts are available to download from the Customer Portal at https://my.goanywhere.com.
  • Both GoAnywhere Director and GoAnywhere Servers can be upgraded independently to GoAnywhere MFT.
  • If you own GoAnywhere Gateway, no upgrade is required to that product.

 

5 Signs Your Organization is Ready for MFT

Managed File Transfer Levels the Playing Field for SMB

Low-cost file transfer tools allow mid-market businesses to make simple data exchanges both internally and externally.  As your company grows, however, trading partners demand enterprise-level systems to improve reliability and data security.

cityscape - mft readyManaged File Transfer (MFT) emerged to reduce the cost and programming skills required for you to meet customer requirements and stay competitive in the marketplace. According to an Info-Tech Research Group report on selecting and implementing an MFT solution, there are five signs that indicate your organization could benefit from this technology.

  1. A need for transparency and traceability in file exchange activities
  2. New business relationships mandate adherence to compliance laws and privacy regulations
  3. Traditional methods of sending data, such as FTP, aren’t secure
  4. Processes need to be more agile and adapt to changing network conditions
  5. The inability to comply with government reporting requirements

MFT provides comprehensive audit trails and monitoring to document all file transfer activity. Reports generated from this data show every interaction with the files on your server in great detail and allow you to better serve customers by responding quickly when problems do arise.

When security and reporting tools are needed to meet strict regulatory compliance standards of even highly-regulated industries, MFT delivers.  These include the data protection and integrity requirements found in PCI DSS, GLBA, SOX, Dodd-Frank and state privacy laws.

In light of recent high profile data breaches, many organizations have chosen to reduce their risk by seeking alternatives to unsecure FTP.  MFT gives you the flexibility to connect with trading partners using secure protocols and popular encryption methods like SFTP, FTPS, HTTPS, AS2, Open PGP and ZIP with AES.

In addition, automation and simplified workflows offered in many MFT solutions streamline the process of adding and onboarding trading partners. Companies can reduce or eliminate time spent on manual file exchanges and interrupted file transfers, thus reducing administrative costs and assuring the timely delivery of mission-critical data.

To explore MFT further, download this useful checklist to help in your evaluation of vendors and find the best solution for your organization.