Archive for May, 2012

FIPS 140-2 Validation Encryption Module Now Available for GoAnywhere

Posted by on Thursday, 24 May, 2012

Linoma Software has partnered with RSA Corporation to make it easier for organizations to do business with the government by adding the FIPS 140-2 Validation Encryption Module to its GoAnywhere™ suite of managed file transfer products.  Read the press release.

Most companies at one time or another find that they need to transfer or exchange sensitive data files with the government, whether it’s the IRS, the SEC, or other state or federal agencies.

Increasingly, more organizations are wanting to become vendors for the government, and for those companies, meeting the federal government’s strict data security compliance standards is required before any business relationship can ensue.

FIPS 140-2 Validation EncryptionThat’s where the Federal Information Processing Standard (FIPS) 140-2 comes in.  FIPS is a U.S. government computer security standard for the accreditation of cryptographic modules.

In order for a  module to receive FIPS 140-2 accreditation, it must undergo a time-consuming and rigorous testing process through a third-part laboratory that’s been certified by the National Institute of Standards and Technology (NIST) through its National Voluntary Laboratory Accreditation Program.

Because the FIPS 140-2 accreditation process is so daunting and expensive, only a few vendors have successfully earned the esteemed designation. RSA Corporation is one of these elite vendors.

RSA is a leader in information security and sponsors the popular annual RSA Conference that attracts security professionals from all over the world.  As a premier security organization, they have chosen to partner with Linoma Software to embed their FIPS 140-2 validation encryption module into GoAnywhere Director and GoAnywhere Services.

Once a GoAnywhere customer activates the FIPS 140-2 Compliance Mode, only FIPS 140-2 compliant ciphers (e.g. AES, Triple DES) will be permitted for encryption processes. The RSA security module will be utilized for any SSH and SSL communications in GoAnywhere including SFTP, SCP, FTPS and HTTPS protocols.

For companies exploring the myriad business opportunities available with government at all levels, being prepared by incorporating FIPS 140-2 validation encryption into your data transfer processes is a key step in winning those lucrative government contracts.

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

Category: Data Security, GoAnywhere Announcements Comments (0)

Are Insurance Companies Managing Their Risk of Data Breach?

Posted by on Wednesday, 9 May, 2012

An injury that doesn’t happen needs no treatment. An emergency that doesn’t occur requires no response. An illness that doesn’t develop demands no remedy. The best way to stay safe … is to avoid getting into trouble in the first place. That requires planning, training, leadership, good judgment, and accepting responsibility—in short, risk management.  

– Boy Scout Field Book

Insurance companies are the experts at analyzing and managing risk. They identify, quantify and set pricing based on the calculated costs of risk. Naturally, the higher the perceived risk, the higher the cost to mitigate the potential losses.

Yet here is the irony.  While those in the insurance industry excel at evaluating risk management for their clients, they often neglect risk mitigation within their own operation.

Exposed data is serious risk

The insurance industry collects and analyzes overwhelming amounts of data. This often sensitive and confidential information becomes the basis upon which many critical decisions are made, and which produces the competitive advantage to provide better policies, prices, and solutions to the market.

All of this data, both historical and cutting-edge, is truly the lifeblood of the insurance industry. Therefore, the astute management and protection of this data is the infrastructure of arteries and veins delivering this lifeblood to all of the appendages of the company that need the results of this data compilation.

In addition, this sensitive and private information is disseminated to various internal and external associates, customers, partners and collaborators usually via the Internet, which exposes this data to compromise.

And yet, despite their expertise in risk analysis, many in the insurance industry fail to ask these questions:

  • Given how much data we’re exchanging with clients, partners, financial institutions, healthcare organizations, etc., what is our risk of a data breach?
  • What is our liability if we suffer a data breach?
  • What can be done to mitigate potential losses?

When examined this way, any underwriter would agree that failure to adequately protect the sensitive data continually in transit in an insurance company’s daily workflow presents an extremely high risk.

Insurance industry, heal thyself

If data really is the lifeblood of the insurance business, and the data center is at the heart of the company, then the arteries and veins are the methods of moving that data to and from your departments, clients, business partners, and others.

While adding layers of physical security to the data center is a top priority for insurance IT professionals, securing the pathways in and out of that data center tends to be overlooked, despite media coverage of data breaches at companies worldwide.   This lack of action underestimates the extent of the public’s concern that their private data may be compromised, and state and federal efforts to more strictly regulate data storage and transfer policies.

Effectively managing FTP transactions is essential to mitigating the risks of data loss.  The costs of implementing managed file transfer solutions are minimal and provide tremendous flexibility when striving to meet the requirements of trading partners and compliance regulations.

As the insurance industry knows better than anyone, the best approach is to mitigate risk with a cost efficient solution.  In this case, taking direct action to protect data transfers is the obvious prescription for any organization — especially one based on risk management.

Daniel Cheney

Daniel has been the IT Director at a healthcare company for the last 12 years and a longtime beneficiary of GoAnywhere Director and the IBM i platform. He is also a technical analyst and writer for various technical and social media projects with Humanized Communications.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

Tags: , , , Category: Data Security Comments (1)