Archive for category Managed File Transfer

The State of Data Security Technology: 4 Essential Safeguards

Posted by on Wednesday, 20 April, 2016

Enterprises today are capturing more data than ever. And while collecting an increasing amount of data yields valuable insights and the ability to connect more effectively with customers, it also creates more concerns — mostly around security.

Sixty-nine percent of North American and European security decision-makers report they are responsible for protecting customers’ personal information. As a result, the pressure is rising — and so are the budgets. According to a recent Forrester report, 36 percent expect to increase spending in this area. But with increased media coverage highlighting devastating cyber attacks and security breaches, companies are asking, “How can we best ensure that this doesn’t happen to our company?”

Data Security and Privacy

Many technologies claim to be the “cure all” to growing security concerns, yet with so much available, how can you be sure that you’re selecting the right tools? Forrester recently explored the state of security through examining past research and surveying 53 field experts. The company highlighted important solutions that will play a critical role. Here are four to watch.

Cloud data protection solutions. GAMFT Cloud Protection Solutions Data SecurityEnterprises are seeking solutions that allow them to encrypt their own data and hold the keys, in contrast to older models that rely on a cloud or third-party provider’s native encryption solution.

This type of solution works by encrypting sensitive data before it leaves the enterprise network, rendering it unreadable or useless to cyber criminals. The cost to implement is moderate, and the solution can be deployed as an on-premise or virtual application or as hardware. It’s typically priced per user and often based on the per-user pricing of an SaaS agreement.

Email encryption.
GAMFT Email Encryption Data SecurityRegardless of the industry, email often contains confidential information that requires safeguarding. This is especially true for industries that are under strict regulatory scrutiny, such as the health care industry. Forrester predicts that email encryption adoption will remain steady over the next decade as compliance concerns rise.

This solution works by encrypting emails between recipients so that only the correct email recipient is able to read the content and download attachments. This is typically offered as a feature of a security solution or service, and can have the added advantage or removing file size restrictions. Pricing is moderate and enterprises can typically select from a hosted or on-premise solution.

GAMFT Managed File Transfer Data SecurityManaged File Transfer.
Managed file transfer is an important technology to help organizations protect and audit their data transmissions. It’s at the core of many B2B interactions and serves as an effective replacement for unsecure methods such as FTP and email. MFT is proving especially important in financial services, healthcare, public sector and manufacturing, where security concerns are very high.

The technology works by allowing for the secure movement of files between business applications internally and externally. It’s typically offered as an on-premise solution or hosted service, and pricing can vary greatly. Because it’s typically a replacement for a legacy FTP system, migration to a Secure Managed File Transfer solution is the ideal opportunity to review additional enterprise requirements for batch or ad-hoc file transfers.

Secure file sharing and collaboration.
GAMFT File Sharing Data SecurityWorkers today are increasingly interacting remotely using consumer-grade cloud sharing tools, also called EFSS (Enterprise File Sync and Sharing). This remote workforce benefits greatly from using a professional platform to synchronize files across multiple devices. As a result, Forrester expects the demand for secure methods of file sharing and collaboration to continue growing.

These EFSS tools allow for the safeguarding of information while sharing data and documents with internal and external partners. File sync and file distribution capabilities can also be included. The cost is typically low to implement, with services delivered on-premise or from the cloud and are priced per user.

Moving Forward

Data security is entering the golden age. S&R professionals will continue to feel increased pressure to analyze all available security options, stay nimble, and adjust quickly to ensure data privacy and security moving forward.

Selecting options that offer a progressive amount of security and internal control over data, however, will ensure that enterprises are safeguarding critical data while navigating an increasingly complex regulatory environment.

How to Implement RSA SecurID via RADIUS with GoAnywhere Managed File Transfer™

Posted by on Tuesday, 5 April, 2016

Linoma Software recently announced their certification as an RSA® Ready certified partner and the integration of RADIUS and RSA SecurID© within GoAnywhere MFT™. Organizations already using RSA Authentication protocols can now easily implement RSA SecurID as a login method to be used by Admin Users, Web Users or as a second login step for Web Users in GoAnywhere MFT.

Here is a quick walkthrough of the RADIUS configuration in GoAnywhere MFT as shown in the RSA Ready implementation guide. Before you attempt to configure your software, always backup your files and be sure to consult the official implementation guide for further details and recommendations.RSA Radius SecurID GoAnywhere MFT Screens

By default, Admin User and Web User passwords are authenticated against the passwords stored in the GoAnywhere database. Optionally, you can configure GoAnywhere Login Methods for basic authentication of Admin User and Web User passwords against a RADIUS (RSA SecurID) server located within your organization. Web User accounts can also be authenticated to the HTTPS Web Client using RSA SecurID tokens.

How to set up RADIUS (RSA SecurID) in GoAnywhere MFT

  1. To add a RADIUS Login Method, log in to the GoAnywhere MFT Admin Server as an Admin User with the Security Officer role. Complete the required information.
  2. From the main menu bar, select Users, and then click the Login Methods Link.
  3. In the Login Methods page, click the Add Login Method link in the page toolbar.
  4. Select Basic Authentication from the Select Login Method Type page and then click Continue.
  5. Complete the required information
    • Name – A unique name for the Login Method.
    • Description – The description field is optional text to describe the login method. Limited to 512 characters.
    • Type – The authentication type used by the Login Method. Choose RADIUS
    • Shared Secret – The shared secret provided by the RADIUS server. GoAnywhere automatically encrypts the shared secret with AES-256 bit encryption.
    • Host – The host name or IP address of the RADIUS server.
    • Port – The port number to use for connecting to the RADIUS server. If left blank, the default port number is 1645.
    • Timeout – The maximum amount of time, in seconds, to wait for a response from the RADIUS server. A value of 0 (zero) is interpreted as infinite timeout. The default timeout is 300 seconds
    • Retry Attempts – The number of times to retry the RADIUS connection if it cannot be established. This setting is used for both the initial connection and any reconnect attempts due to lost connections. If left blank, then no retries will be attempted.
  6. Click the Save button to save the settings.

RSA Radius RSA SecurID GoAnywhere Managed File Transfer

If you need assistance with configuration of GoAnywhere MFT with RADIUS and RSA SecurID, our support team is ready to help. Visit our support page to get the help you need when you need it via email, phone, live online chat, forums or our customer portal.

RSA Conference 2015 Recap

Posted by on Friday, 8 May, 2015

RSA Conference 2015 Moscone Center South HallAfter an influx of high-profile data breaches, it was no surprise that the RSA Conference saw a record crowd this year of 33,000 attendees. The Moscone Center in San Francisco is a great venue and packed with attendees, over 500 vendors, 290 sessions and 700 speakers, there was no disputing the fact that if you were interested in anything related to information security, this was the place to be.

Walking amidst the sea of vendors in the North and South Halls it was easy to be simply overwhelmed by the sheer volume of displays, gimmicks and swag tactics. As this was my first RSA Conference, I was very excited to see and experience the myriad of phenomenon that comes standard with any conference of this size. Some of the booth displays are seriously impressive, huge LED screens, Oculus Rift interactive displays, flashy lights and celebrity look-alikes were everywhere. The great thing about it is that every single person or vendor at the conference was working toward the same goal in some form or fashion…securing information. If you were on a mission to find a product or person to help you achieve a higher level of security for your company’s specific needs, chances are you would find it here once you took the time to look. With so much going on, after a while everything starts to look the same, so you really have to pay attention or engage in conversations to figure out what most of the vendors at RSA Conference are representing.

RSA Conference 2015Sharing Files, Sharing Conversations

The GoAnywhere Booth at RSA 2015In the slightly quieter South Hall, our booth saw significant and steady traffic throughout the conference. It was great talking to people and getting firsthand feedback on the challenges they face and the concerns they had about security for their organizations. One thing I found to be a recurring theme in these conversations was the desire for file sharing solutions that were not cloud-based. I thought that was interesting as it seemed there were 10 cloud vendors for every non-cloud vendor with a display at RSA 2015.

With the sheer volume of cloud products represented, it was nice seeing the looks on people’s faces when they learned that GoAnywhere is an on-premise Managed File Transfer (MFT) product. I wish I had a dollar for every time someone said, “Not in the cloud? Oh good, better security.” I think as more people come to realize that they are responsible for the security of their data no matter where it is stored, being able to encrypt, control and monitor that data in your own local environment becomes paramount for many.

RSA Conference 2015I like analogies and when it comes to cloud vs on-premise, I personally tend to think of it in terms of storage. I can store my belongings in my home or I can pay for a space at a public storage facility. If my belongings were in a public storage facility, all it takes is someone with a lock cutter to gain access and chances are with all the traffic going in and out, it wouldn’t be noticed until it’s too late. RSA Conference 2015Personally, I prefer storing things in my basement or attic simply because I am diligent (perhaps overly so) about my home security. Sure, there are risks in any situation, but I prefer having my belongings and risk in an environment I can completely control. If I want to add Fort Knox level security measures to make it difficult for an intruder to get in, there’s nothing stopping me from doing that, it’s my home after all. Given the many conversations had and overheard at this year’s RSA Conference, I’m not alone in my thinking. It’s astonishing how many people seemed more comfortable with the idea of their digital data staying on premise, not in the cloud. When they learn that GoAnywhere can give them the ability to send, collaborate, secure and automate data transfers on premise, it’s like watching kids at a candy store. Those conversations are what makes attending these conferences so worthwhile, there is so much you can learn.

My RSA 2015 #SecSelfieOverall, the conference was a great experience, especially for a first timer. I chatted with several people who had wonderful things to say about the sessions, networking and things that they learned and the various speakers who presented. While it might be information overload to some extent with such a big crowd and so many sessions, speakers and vendors, I thought it was a friendly,energetic and informative atmosphere. I met a ton of great people, got to chat with some customers and really learned a lot about how people can/do use our software and which features truly make their work easier. One thing is for sure, we are definitely looking forward to returning next year to the RSA Conference.

SFTP vs FTPS – Best Solution for Secure FTP (Infographic)

Posted by on Thursday, 14 August, 2014

With large data breaches recently taking center stage in the media, many businesses have begun paying close attention to internal practices and taking action to improve internal systems and processes. As a result, an increasing number of businesses (people) who rely on data transfers are looking to move away from standard FTP in favor of a more secure method.

We are often asked about the key differences between SFTP and FTPS. There are potential pros and cons with each method, which is why businesses should weigh the differences carefully to determine what option would serve them best.

Over the years, we have tried explaining SFTP vs FTPS in a variety of ways. Between lists and charts and drawings, we found that most people were easily able to comprehend unique aspects of each transfer protocol when it was presented visually.

We created the following infographic to highlight the positives and negatives of using SFTP vs FTPS. You can also view the original blog post for a more detailed comparison.

sftp vs ftps infographic

 

Share this Image On Your Site

Managed File Transfer 101: What’s in it for Me?

Posted by on Tuesday, 8 July, 2014

managed file transfer 101 - fileTransferGroupThe term MFT (Managed File Transfer) is not new but you may be hearing it more frequently.  Changes in data security and transmission regulations have brought this established technology to the forefront, but what exactly does it entail?

Linoma Software recently hosted “Managed File Transfer 101”, a webinar to present the essentials of MFT and what you should look for when researching an MFT solution for your organization.

Current State of File Transfer

In the presentation, Bob Luebbe, chief architect of Linoma Software, talked about the existing challenges of file transfer:

  • Old technology – such as Standard FTP – is still in use despite limitations and risks posed by data “sent in the clear”.
  • Time consuming manual processes that might include the use of PC tools.  Scripts are also a legacy of old processes that continue to saddle IT departments.  Programmers create and maintain these scripts – often hundreds or thousands – to automate transfers.
  • File access is often too decentralized, making it difficult to control and manage.  Compliance has become more stringent in data management.
  • Lack of notifications critical to insure successful data movement, rather than waiting for a partner to notice missing or incomplete transfers.  Traditional logs can be helpful but are also hard to find and filter for adequate audit trails.  The big issue is meeting data privacy regulations (e.g., PCI-DSS, HIPAA, GLBA and SOX) without centralized logs.
  • Employees are still sending files unchecked.  Without a simple and secure alternative, employees find their own solutions for file portability to maintain productivity.

This final point often involves employees storing sensitive files on their PCs and laptops, sending documents through email, and utilizing cloud storage providers – like Dropbox – without proper controls in place.  If a company doesn’t have internal policies in place to address file sharing and transfers, the liability risk can be severe.

In a 2013 study by Stroz Friedberg on Information Security in American Business, it was found that 3 out of 4 office workers upload work files to their personal email or cloud account.  Of this group, 37% said it was because they prefer using their personal computer while 14% said it’s because taking their work laptop home was simply too much effort.

managed file transfer 101 - 58percent_send_to_wrong_personThe same survey highlighted the role of senior managers in an organization’s data risk.  Often the worst offenders, 58% admitted to accidently sending sensitive information to the wrong person. Just over half also admitted to taking files with them after leaving a job.

While MFT won’t put a stop to this practice, a workflow built on the secure storage of sensitive business documents will add transparency to file access activity.

What is Managed File Transfer?

File Transfers, in their basic form, involve the sharing of files with others through FTP, email or a cloud solution.  In contrast, Managed File Transfer takes a centralized enterprise-level approach to automating and securing file transfers.  This produces a secured, scheduled and trackable file transfer. By creating transparency within your organization, files are tracked and logged as they enter and leave your network.  MFT is a smart solution for companies who understand the liability and risk involved in transmitting sensitive data.

  • Keep files safe and secure
  • Make sure files go where they are needed, when they are needed
  • Track files from start to finish for compliance purposes

To see what MFT looks like in a real world example, the team at Linoma would be happy to schedule a live demo of the GoAnywhere Suite.  You can also click here to view the entire webinar for free. Discover how simple and affordable it can be to utilize an MFT solution in your organization.