Our business environment today is really all about relationships.  Not just relationships with people but also our relationship with information: private, sensitive, timely, accurate, priceless data that is literally the lifeblood of the business that we obtain daily from our trusting customers and vendors and exchange with our trusted business partners.

Of concern is how information is being exchanged. Too often, business owners/managers are stuck in the mindset of sending business information by email and if it is too big, perhaps by FTP.  Neither of these methods are, by any means, safe and secure. As businesses grow and its information relationships become more complex, how do we know who within the office is sending what data to which partners? And who is actually receiving it? As the demand for data exchange increases, so do the complexity and risk of managing all of these processes.

This increased complexity exponentially increases the chance of some information getting sent to the wrong place at the wrong time or accessed by the wrong people. If this happens, we are required by state laws to disclose this data breach to our customers, which undermines the trust and the relationships that we have so carefully worked to build with clients and partners.

As business processes continue to become more regulated and complex, it is critical that these data exchanges are improved. Controlling and automating data exchanges can be greatly simplified and secured by implementing a managed file transfer (MFT) system. The good news is that it isn’t too difficult with the right tools.  MFT solutions are available to provide powerful, yet simple ways to address these challenges.

Those companies that can earn and maintain the trust of their customers and trading partners not only through their business interactions, but also by the way they respect and protect their data exchanges, will be the leaders in today’s global business environment.

Daniel Cheney

Daniel has been the IT Director at a healthcare company for the last 12 years and a longtime beneficiary of GoAnywhere Director and the IBM i platform. He is also a technical analyst and writer for various technical and social media projects with Humanized Communications.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

Moving files from one computer to another has been essential since the start of computing. Once we were able to connect computers via network protocols and cables, we worked to find ways to send data and files back and forth across the network connections. Thus, FTP was developed specifically for this.  FTP also allowed programmers and system administrators to begin writing scripts to automate transfers based on some event that occurred in software applications.

Of course, once the Internet came along, businesses found more reasons to exchange files with their business partners and an FTP solution became an everyday necessity.

The Problem

Early users of the Internet were universities sharing information that was freely available to the public.  But as businesses began using the Internet, the culture of data security changed.

Sending files to trading partners including confidential transactions and detailed customer information were becoming daily events.  In response, hackers expanded from hacking into computers connected to the Internet to plucking confidential data from the streams now traveling across the public network.

Network firewalls were developed to block hackers from access to individual networks, but the FTP protocol and its problems remained essentially the same.

The Solution

The flaws with standard FTP soon became obvious. To better secure file transfers, more secure protocols such as SFTP, FTPS, HTTPS, and PGP were developed for Internet file transfers. While these protocols allow greater protection for confidential data, many businesses and organizations still lack the understanding and the expertise to properly manage all of the processes that each of these methods involve. Some have turned to free PC-based tools like as Filezilla and CoreFTP, but most organizations that do regular file transfers need a much more robust way to manage these critical processes.

This need trigged the development of what are called “managed file transfer (MFT)” solutions that help IT staffs confidently manage and secure the file transfer process.  In particular, these MFT products make it easy to set up and manage FTP workflows that can be scheduled, automated, and logged with alerts for successful and/or failed connections and transmissions. A flexible MFT solution, like GoAnywhere, will work on most databases and run on multiple platforms.

So from the early days of sending files through rudimentary network connections to the fast-paced Internet driven business processes of today, finding the right FTP solution for your organization is more critical than ever.  Your customers, trading partners and compliance auditors are depending on you.

Bob Luebbe

Bob Luebbe has worked in the IT field since 1985. During his career, he has worked in a wide variety of roles including software development, project management, consulting and architecting large-scale applications. Bob has been with Linoma Software since 1994 and is currently serving its Chief Architect. His main focus for the last several years has been developing technologies to help organizations to automate and secure their file transfers, as well as to protect data at rest through encryption and key management.

More Posts - Website

Rounding out our series of GoAnywhere product videos, we’ve recently added an overview of GoAnywhere Gateway.  It explains how incorporating a reverse proxy and a forward proxy into your managed file transfer processes adds an extra layer of protection for your private network.

When GoAnywhere Gateway is implemented, trading partners can exchange files with your organization without gaining access to your private network because no inbound ports will need to be opened to complete the exchange.  This feature is especially important to auditors evaluating compliance with regulations such as PCI DSS, HIPAA, and SOX.

Our Gateway video premier coincides with the release of our latest white paper entitled DMZ Gateways: Secret Weapons for Data Security.  Please let us know if you’d like to learn more about how our reverse proxy DMZ gateway can improve your secure file transfer system.

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

An increasing number of our customers are looking to move away from standard FTP for transferring data, so we are often asked which secure FTP protocol we recommend. In the next few paragraphs, I will explain what options are available and their main differences.

The two mainstream protocols available for Secure FTP transfers are named SFTP (FTP over SSH) and FTPS (FTP over SSL). Both SFTP and FTPS offer a high level of protection since they implement strong algorithms such as AES and Triple DES to encrypt any data transferred. Both options also support a wide variety of functionality with a broad command set for transferring and working with files. So the most notable differences between SFTP and FTPS is how connections are authenticated and managed.

With SFTP (FTP over SSH), a connection can be authenticated using a couple different techniques.  For basic authentication, you (or your trading partner) may just require a user id and password to connect to the SFTP server. Its important to note that any user ids and passwords supplied over the SFTP connection will be encrypted, which is a big advantage over standard FTP.

SSH keys can also be used to authenticate SFTP connections in addition to, or instead of, passwords. With key-based authentication, you will first need to generate a SSH private key and public key beforehand. If you need to connect to a trading partner’s SFTP server, you would send your SSH public key to them, which they will load onto their server and associate with your account. When you connect to their SFTP server, your client software will transmit your public key to the server for authentication. If the keys match, along with any user/password supplied, then the authentication will succeed.

With FTPS (FTP over SSL), a connection is authenticated using a user id, password and certificate(s).  Like SFTP, the users and passwords for FTPS connections will also be encrypted. When connecting to a trading partner’s FTPS server, your FTPS client will first check if the server’s certificate is trusted. The certificate is considered trusted if either the certificate was signed off by a known certificate authority (CA), like Verisign, or if the certificate was self-signed (by your partner) and you have a copy of their public certificate in your trusted key store.

Your partner may also require that you supply a certificate when you connect to them.  Your certificate may be signed off by a 3^rd party CA or your partner may allow you to just self-sign your certificate, as long as you send them the public portion of your certificate beforehand (which they will load in their trusted key store).

In regards to how easy each of the secure FTP protocols are to implement, SFTP is the clear winner since it is very firewall friendly. SFTP only needs a single port number (default of 22) to be opened through the firewall.  This port will be used for all SFTP communications, including the initial authentication, any commands issued, as well as any data transferred.

On the other hand, FTPS can be very difficult to patch through a tightly secured firewall since FTPS uses multiple port numbers. The initial port number (default of 21) is used for authentication and passing any commands.  However, every time a file transfer request (get, put) or directory listing request is made, another port number needs to be opened.  You and your trading partners will therefore have to open a range of ports in your firewalls to allow for FTPS connections, which can be a security risk for your network.

In summary, SFTP and FTPS are both very secure with strong authentication options.  However since SFTP is much easier to port through firewalls, and we are seeing an increasing percentage of trading partners adopting SFTP, I believe SFTP is the clear winner for your secure FTP needs.

Bob Luebbe

Bob Luebbe has worked in the IT field since 1985. During his career, he has worked in a wide variety of roles including software development, project management, consulting and architecting large-scale applications. Bob has been with Linoma Software since 1994 and is currently serving its Chief Architect. His main focus for the last several years has been developing technologies to help organizations to automate and secure their file transfers, as well as to protect data at rest through encryption and key management.

More Posts - Website

This week, bankers and banking security experts from the U.S. and Latin America will gather at the InterContinental Hotel in Miami for one of the largest annual bank security conferences for senior Latin American bankers. CELAES 2011, the 26th Annual Conference of Banking Safety takes place September 15-16.

Given that Latin America has one of the highest rates of users who access banking online through computers and mobile technology, bankers have plenty of reason to stay on top of the latest cyber threats and security measures.

The Florida International Bankers Association (FIBA) and the Federation of Latin American Banks (La Federación Latinoamericana de Bancos – FELABAN) are hosting this unique joint Spanish/English conference. Attendees can participate in a variety of educational sessions on best practices for banking security, as well as gain access to vendors offering the latest security hardware, software cloud computing strategies for the banking sector.

Cyber crime is not just Latin America’s concern

A large portion of this year’s conference is devoted to preventing data breaches through security management of data, cloud services, electronic fraud detection and risk mitigation.

What makes Latin America’s challenges relevant is that the tactics developed by the cyber criminals that thrive there can be used on any financial system in the world. Conferences like the  CELAES 2011 conference helps educate and present solutions to banking executives in Latin America and help close the doors on cyber criminals.

Cyber crime in Latin America’s financial industry remains a serious concern for a variety of reasons. The developing legal systems in many Latin American countries are adding laws to combat cyber crime, but enforcement is lacking. This is further compounded by the absence of the “personal privacy” notion within many of the governing entities in some Latin American countries. Another issue for the Latin American financial sector, according to Frost & Sullivan, is that 70% of people making online transactions believe that the bank or service provider is responsible for fraud and protecting their online security.

Phishing, fraud and malware are common

Crime organizations and cartels present in Latin America have contributed to or funded cybercrime networks, making Latin America a haven for illegal electronic activity. Not only are these organizations stealing money and account information through online phishing/fraud, Bloomberg reports that one Mexican cartel is openly selling their own pirated versions of Microsoft products. Sold for a fraction of the retail cost, who knows what Trojans and back doors are included as “features.”

The ESET Trends and monthly Threat Reports calculate that 1 in 20 computers in Latin America are infected and the spread of malware is gaining speed as USB devices and now gaming consoles account for 40% of malware propagation. The growing number of infected machines gives the attackers a strong network of resources for both direct and indirect attacks on the financial sector.

The same PCI Data Security Standards required for financial institutions in North America are making an impact in Latin America. Financial institutions are realizing that they are less susceptible to a breach during a cyber attack when they’ve spent the time and resources to implement even a few of the PCI requirements like network monitoring, complex passwords and data encryption of account and payment information (PCI DSS requirements now apply to International payment processing).

Linoma Software is part of the solution

During the conference Linoma Software’s partner Green Light Technology, a conference sponsor and a respected solutions provider for  the Latin American banking industry, will present Crypto Complete for database encryption and the GoAnywhere secure managed file transfer solutions. Both products protect and encrypt sensitive data, reduce access to primary systems, provide data workflow automation and detailed audit features.

Thanks to the efforts of FIBA, FELABAN and cooperation among international agencies, Latin American banking and finance representatives have the opportunity to fight back against cyber criminals, and the lessons learned will benefit all of us.

Dirk Zwart

Dirk Zwart writes Linoma Software’s User Guides for the GoAnywhere secure file transfer applications. Dirk’s writing topics have covered everything from hardware manuals, software guides, security policies for compliance projects and reviews of consumer electronics. Follow Dirk and Linoma Software on Linkedin or Facebook/Twitter.

More Posts - Website - Twitter - Facebook