Archive for category Managed File Transfer

Finding the Path to PCI DSS Compliance

Posted by on Wednesday, 28 March, 2012

PCI DSS Compliance with Managed File TransferIf you’re doing business and collecting payments via credit card, debit card, or other e-commerce options that allow you to store and/or transmit cardholder data, you are subject to PCI DSS compliance regulations.

In an attempt to reduce credit card fraud, the Payment Card Industry Security Standards Council developed an information security standard for those with access to consumers’ transactions and card numbers.  This standard continues to evolve, and is now labeled PCI DSS 2.0.  While the compliance verification process isn’t formal for all organizations, they all must meet the standard to manage liability in case of credit card fraud.

Linoma Software has published a new white paper entitled PCI DSS Compliance with Managed File Transfer that reviews the requirements for PCI DSS 2.0, and explains what role implementing a managed file transfer solution can have in meeting several aspects of the regulations, especially the protection of cardholder data. Download the white paper now, and review other resources available at GoAnywhereMFT.com.

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

How Important is Auditing Your File Transfers?

Posted by on Monday, 30 January, 2012

When you send someone a file via FTP, how do you know — and later prove — that it was successfully sent?

It might be possible to save a screen shot as long as the process was simple and you can see all the commands on a single screen.  But what if your commands start getting complex? And if you start sending quite a few files every day, how do you organize all these screen shots so that you can easily retrieve proof 2 1/2 weeks from now. What about 2 1/2 years from now?  Believe me, I’ve been there and it’s no picnic.

Why should you care what files you sent two-and-a-half years ago anyway?  To begin with,  it’s the law… for most of us anyway.  Most businesses are required by law to maintain an audit trail of any files that hold personally identifiable information in the data.  Still, we shouldn’t do it just because it is the law, we should do it because it’s is a good business practice to protect and track the movement of all business information.

How to Audit

The screen capture option is probably the worst-case scenario in maintaining an audit trail of all your FTP transactions.  It makes sense to look into better tools to manage your FTP processing that make it easier and safer to prove the files have been sent or received from the correct locations.

In most windows-based FTP tools, whether free or purchased, there are options to maintain a log of all your transactions.  Here’s an example of GoAnywhere Director’s job log that shows the status of your file transfers, and allows you to drill down further into each job to find out even more.

managed file transfer, secure file transfer, audit logs

Other FTP software solutions have similar settings.  Logging your transactions provides the audit trail you need to prove that you have done your part in sending or retrieving the files.  Managed file transfer solutions, in addition to providing necessary file transfer security, provide an even better audit trail by logging exactly who sent or received the files.

Bottom line: Your FTP audit logs should be easy to find and understand just in case you are audited 2 1/2  years from now.

Daniel Cheney

Daniel has been the IT Director at a healthcare company for the last 12 years and a longtime beneficiary of GoAnywhere Director and the IBM i platform. He is also a technical analyst and writer for various technical and social media projects with Humanized Communications.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

MFT Helps Strengthen Business Relationships

Posted by on Monday, 9 January, 2012

Our business environment today is really all about relationships.  Not just relationships with people but also our relationship with information: private, sensitive, timely, accurate, priceless data that is literally the lifeblood of the business that we obtain daily from our trusting customers and vendors and exchange with our trusted business partners.

managed file transfer, secure file transferOf concern is how information is being exchanged. Too often, business owners/managers are stuck in the mindset of sending business information by email and if it is too big, perhaps by FTP.  Neither of these methods are, by any means, safe and secure. As businesses grow and its information relationships become more complex, how do we know who within the office is sending what data to which partners? And who is actually receiving it? As the demand for data exchange increases, so do the complexity and risk of managing all of these processes.

This increased complexity exponentially increases the chance of some information getting sent to the wrong place at the wrong time or accessed by the wrong people. If this happens, we are required by state laws to disclose this data breach to our customers, which undermines the trust and the relationships that we have so carefully worked to build with clients and partners.

As business processes continue to become more regulated and complex, it is critical that these data exchanges are improved. Controlling and automating data exchanges can be greatly simplified and secured by implementing a managed file transfer (MFT) system. The good news is that it isn’t too difficult with the right tools.  MFT solutions are available to provide powerful, yet simple ways to address these challenges.

Those companies that can earn and maintain the trust of their customers and trading partners not only through their business interactions, but also by the way they respect and protect their data exchanges, will be the leaders in today’s global business environment.

Daniel Cheney

Daniel has been the IT Director at a healthcare company for the last 12 years and a longtime beneficiary of GoAnywhere Director and the IBM i platform. He is also a technical analyst and writer for various technical and social media projects with Humanized Communications.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

The Problem with FTP

Posted by on Thursday, 8 December, 2011

Moving files from one computer to another has been essential since the start of computing. Once we were able to connect computers via network protocols and cables, we worked to find ways to send data and files back and forth across the network connections. Thus, FTP was developed specifically for this.  FTP also allowed programmers and system administrators to begin writing scripts to automate transfers based on some event that occurred in software applications.

Of course, once the Internet came along, businesses found more reasons to exchange files with their business partners and an FTP solution became an everyday necessity.

The Problemsecure file transfer, secure ftp server, managed file transfer

Early users of the Internet were universities sharing information that was freely available to the public.  But as businesses began using the Internet, the culture of data security changed.

Sending files to trading partners including confidential transactions and detailed customer information were becoming daily events.  In response, hackers expanded from hacking into computers connected to the Internet to plucking confidential data from the streams now traveling across the public network.

Network firewalls were developed to block hackers from access to individual networks, but the FTP protocol and its problems remained essentially the same.

The Solution

The flaws with standard FTP soon became obvious. To better secure file transfers, more secure protocols such as SFTP, FTPS, HTTPS, and PGP were developed for Internet file transfers. While these protocols allow greater protection for confidential data, many businesses and organizations still lack the understanding and the expertise to properly manage all of the processes that each of these methods involve. Some have turned to free PC-based tools like as Filezilla and CoreFTP, but most organizations that do regular file transfers need a much more robust way to manage these critical processes.

This need trigged the development of what are called “managed file transfer (MFT)” solutions that help IT staffs confidently manage and secure the file transfer process.  In particular, these MFT products make it easy to set up and manage FTP workflows that can be scheduled, automated, and logged with alerts for successful and/or failed connections and transmissions. A flexible MFT solution, like GoAnywhere, will work on most databases and run on multiple platforms.

So from the early days of sending files through rudimentary network connections to the fast-paced Internet driven business processes of today, finding the right FTP solution for your organization is more critical than ever.  Your customers, trading partners and compliance auditors are depending on you.

Bob Luebbe

Bob Luebbe has worked in the IT field since 1985. During his career, he has worked in a wide variety of roles including software development, project management, consulting and architecting large-scale applications. Bob has been with Linoma Software since 1994 and is currently serving its Chief Architect. His main focus for the last several years has been developing technologies to help organizations to automate and secure their file transfers, as well as to protect data at rest through encryption and key management.

More Posts - Website

Reverse Proxy DMZ Gateways May Be The Missing Link in Your MFT Strategy

Posted by on Monday, 31 October, 2011

By now, most companies have gotten the message that their data – as well as the sensitive data belonging to customers and partners – needs reliable protection from unauthorized access. The ever growing regulatory environment is making it more and more painful for any company who does not take their data security seriously.

Reverse Proxy Gateway, Managed File TransferThe difference between the desire to keep data secure and actually getting it done, however, has proven to be challenging, especially considering the extraordinary amount of data that is being shared among companies and their customers, health care providers, financial institutions and more as part of daily business activities.

A common approach for sharing information with partners is to deploy a FTP or SFTP server in the “public” area of the company’s network called the DMZ (demilitarized zone) where authorized users can drop off or retrieve files.  Those files will often remain in the DMZ until an internal program or user copies them into the private network for processing.

Industry regulators and compliance auditors are becoming increasingly alarmed at this practice of staging files in the DMZ, because even if those files are encrypted, they are more susceptible to theft by savvy hackers.  Worse yet, if the company decides to move those file servers into the private network, they may unintentionally be allowing unwanted access through open inbound ports.

A solution that’s gaining in popularity is the reverse proxy DMZ gateway, which is used as a secure bridge between your trading partners and your file servers.  A DMZ gateway allows you to move file servers and other public services out of the DMZ and into the private network without having to open inbound ports.  Because it serves both as a reverse proxy for handling inbound traffic and a forward proxy for any outbound file transfer requests originating from inside your network,  DMZ gateways keep the auditors happy and your data safe in the private network.

For more information about how a DMZ gateway works and what advantages it brings to your network security, please download our new white paper DMZ Gateways: Secret Weapons for Data Security.  Then, let us know what you think!

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus