SFTP vs FTPS – Best Solution for Secure FTP (Infographic)

Thursday, August 14, 2014 Posted by

With large data breaches recently taking center stage in the media, many businesses have begun paying close attention to internal practices and taking action to improve internal systems and processes. As a result, an increasing number of businesses (people) who rely on data transfers are looking to move away from standard FTP in favor of a more secure method.

We are often asked about the key differences between SFTP and FTPS. There are potential pros and cons with each method, which is why businesses should weigh the differences carefully to determine what option would serve them best.

Over the years, we have tried explaining SFTP vs FTPS in a variety of ways. Between lists and charts and drawings, we found that most people were easily able to comprehend unique aspects of each transfer protocol when it was presented visually.

We created the following infographic to highlight the positives and negatives of using SFTP vs FTPS. You can also view the original blog post for a more detailed comparison.

sftp vs ftps infographic

 

Share this Image On Your Site

Managed File Transfer 101: What’s in it for Me?

Tuesday, July 8, 2014 Posted by

managed file transfer 101 - fileTransferGroupThe term MFT (Managed File Transfer) is not new but you may be hearing it more frequently.  Changes in data security and transmission regulations have brought this established technology to the forefront, but what exactly does it entail?

Linoma Software recently hosted “Managed File Transfer 101”, a webinar to present the essentials of MFT and what you should look for when researching an MFT solution for your organization.

Current State of File Transfer

In the presentation, Bob Luebbe, chief architect of Linoma Software, talked about the existing challenges of file transfer:

  • Old technology – such as Standard FTP – is still in use despite limitations and risks posed by data “sent in the clear”.
  • Time consuming manual processes that might include the use of PC tools.  Scripts are also a legacy of old processes that continue to saddle IT departments.  Programmers create and maintain these scripts – often hundreds or thousands – to automate transfers.
  • File access is often too decentralized, making it difficult to control and manage.  Compliance has become more stringent in data management.
  • Lack of notifications critical to insure successful data movement, rather than waiting for a partner to notice missing or incomplete transfers.  Traditional logs can be helpful but are also hard to find and filter for adequate audit trails.  The big issue is meeting data privacy regulations (e.g., PCI-DSS, HIPAA, GLBA and SOX) without centralized logs.
  • Employees are still sending files unchecked.  Without a simple and secure alternative, employees find their own solutions for file portability to maintain productivity.

This final point often involves employees storing sensitive files on their PCs and laptops, sending documents through email, and utilizing cloud storage providers – like Dropbox – without proper controls in place.  If a company doesn’t have internal policies in place to address file sharing and transfers, the liability risk can be severe.

In a 2013 study by Stroz Friedberg on Information Security in American Business, it was found that 3 out of 4 office workers upload work files to their personal email or cloud account.  Of this group, 37% said it was because they prefer using their personal computer while 14% said it’s because taking their work laptop home was simply too much effort.

managed file transfer 101 - 58percent_send_to_wrong_personThe same survey highlighted the role of senior managers in an organization’s data risk.  Often the worst offenders, 58% admitted to accidently sending sensitive information to the wrong person. Just over half also admitted to taking files with them after leaving a job.

While MFT won’t put a stop to this practice, a workflow built on the secure storage of sensitive business documents will add transparency to file access activity.

What is Managed File Transfer?

File Transfers, in their basic form, involve the sharing of files with others through FTP, email or a cloud solution.  In contrast, Managed File Transfer takes a centralized enterprise-level approach to automating and securing file transfers.  This produces a secured, scheduled and trackable file transfer. By creating transparency within your organization, files are tracked and logged as they enter and leave your network.  MFT is a smart solution for companies who understand the liability and risk involved in transmitting sensitive data.

  • Keep files safe and secure
  • Make sure files go where they are needed, when they are needed
  • Track files from start to finish for compliance purposes

To see what MFT looks like in a real world example, the team at Linoma would be happy to schedule a live demo of the GoAnywhere Suite.  You can also click here to view the entire webinar for free. Discover how simple and affordable it can be to utilize an MFT solution in your organization.

Do More in Less Time with GoAnywhere Director Release 4.6

Tuesday, June 3, 2014 Posted by

Linoma Software has a long history of bringing innovation to encryption and file transfer software.  With release 4.6 of GoAnywhere Director, the development team focused on existing tools in an effort to reduce set up and maintenance of file transfer Jobs.  The result was an extensive list of amazing time-saving improvements to benefit every user.

Streamline Administration

Batch jobs can now be organized and prioritized within their own custom job queues. Customers can assign a higher priority to certain jobs in order to meet their service level agreements with select trading partners. Jobs can also be executed sequentially using single-threaded job queues to ensure that file transfers occur in the order they were submitted.

release 4.6 - queues

 

Manipulating groups of data is even easier in release 4.6. For instance, the values from a database table can be modified to meet a vendor’s requirements when written to an XML, CSV, fixed-width, or Microsoft Excel file.  In turn, before being imported into a database system, the values in a document can be read and altered to meet the application’s requirements.

File monitors can now be set up to easily scan SFTP, FTP and FTPS servers to execute a project workflow when a new, updated or deleted file is detected. With a step-by-step wizard, you can indicate the folders to scan, the file pattern and the frequency.  If no files are found on the targeted server for the time period, GoAnywhere can alert personnel quickly with email notifications.

Take Control

release 4.6 - debuggerWhile GoAnywhere Director makes it easy to build complex file transfer projects, there are occasions when a user needs a deeper level of control and visibility into the steps being performed.  This newest release introduces a debugging tool for project workflows.  The new debugger allows an administrator to step through tasks and view or modify the value of variables after each task has executed.

One of the more significant enhancements in release 4.6 is the ability to run remote commands on SSH enabled servers. The new “Execute SSH Commands” task allows administrators to pass command parameters using variables, and the output from the command can be directed to the job log or an output file. As an example, this new task can be used to automate software installations, perform upgrades and other admin functions on Linux and UNIX servers.

Improve Security

Security continues to be a top priority for Linoma Software.  The release of GoAnywhere Director 4.6 brings with it the ability to set up folders that secure data at rest using automatic AES-256 encryption. This helps to provide compliance with PCI, HIPAA and other strict data security regulations.

release 4.6 - manager

 

A complete list of enhancements can be found in the release notes on the GoAnywhere Director website.

Single Sign-On Adds Simplicity and Integration to GoAnywhere Services 3.5

Tuesday, May 13, 2014 Posted by

The release of GoAnywhere Services version 3.5 introduces SSO (Single Sign-On) support to our secure FTP software.  Those familiar with the technology understand the significance of this enhancement in improving security and simplicity in our HTTPS Web Client.

Single Sign-On GoAnywhere Services

Today’s workplace requires a growing number of usernames and passwords to access the company’s network portal, webmail, benefits system, cloud-based applications, and much more.  This can lead to “weak” passwords or the overuse of a single password which, if stolen, can create vulnerability across multiple accounts.

SAML (Security Assertion Mark-Up Language) is an XML based open standard for authorization and authentication between an Identity Provider and a Service Provider.

Implementing SSO affords your organization a number of opportunities.  The addition of SAML v2.0 support, using the OpenSAML API, allows GoAnywhere Services to improve productivity, increase adoption, centralize user access control and add a uniform security layer.

In addition, SSO support now allows integration of GoAnywhere Services with both internal applications and compatible external applications.  For example, you can now regain control of documents storage in Salesforce.com while providing a simple and seamless experience for users.

Additional enhancements include two new languages, custom disclaimers for all languages and new Virtual Folder commands.

Expanded Language Support

Version 3.5 adds support for two new languages: Portuguese and Bahasa.  Linoma Software continues to evaluate requests for additional languages as part of our commitment to building a product that serves an international marketplace.

This release also improves language support by accommodating custom disclaimers for each language.

Virtual Folder Commands

GACMD (GoAnywhere Command) received an update that improves the ability to create, update, and delete virtual files and folders across a range of web user and group profiles in GoAnywhere Services.  GACMD provides a way to programmatically send commands to GoAnywhere Services and our file automation solution; GoAnywhere Director.

A result of user feedback, this enhancement further improves the efficiency of GoAnywhere Services.

 

 

 

IT Security Threat Reaches Executive Level

Friday, April 18, 2014 Posted by

The success of a company now relies on its ability to secure critical data.  When escalated to this level of importance, it’s time for the CEO and board to become directly engaged in the process.

The traditional role of IT has changed significantly in recent years.  IT professionals, previously tasked with configuring office computers and network servers, are now entrusted with securing trade secrets and highly sensitive customer records.  Add to this a surge of cloud-based applications and storage that make an organization’s data vulnerable and the IT department suddenly has a very full plate.

Organizations are being targeted primarily for the purpose of financial gain.  Customer records often include sensitive data that can be easily monetized, providing ample motivation for both hackers and internal threats.  As companies increase their digital assets — through the harvesting of more customer personal, financial and transaction information – they become a higher profile target for thieves.

Failure to Recognize a Breach

single sign-on breachFirewallThe challenge often seems to be detecting and resolving intrusions.  Sometimes the first notification of a breach comes from federal investigators who’ve discovered the organization’s data on the open market.  Even when signs of suspicious activity present themselves, too frequently the threat is not given proper escalation.

Of greatest concern is the timely reporting of incidents through the levels of company leadership, regulatory authorities and, ultimately, the effected parties. The IT department might feel compelled to research and resolve the breach before notifying senior management.  This can turn a potentially damaging situation into a public relations nightmare.

Common Language is Key

The solution begins with establishing a communication channel and common language between business and IT leaders.  Together they must understand and agree upon the level of risk the organization is willing to tolerate.

These marching orders allow the IT department to make a plan that meets these strategic needs.  Once completed, the gaps, priorities, and strategy needs to be communicated back to the CEO and board in a language that top leadership can understand.

Lastly, don’t deny the limitations of your IT department.  The complexities and rapidly changing nature of security breaches may require the assistance of outside expertise to keep systems and procedures current.

This post is based on a TechRepublic article by Michael Kassner titled, “C-level execs need to rethink IT security”.