Single Sign-On Adds Simplicity and Integration to GoAnywhere Services 3.5

Tuesday, May 13, 2014 Posted by

The release of GoAnywhere Services version 3.5 introduces SSO (Single Sign-On) support to our secure FTP software.  Those familiar with the technology understand the significance of this enhancement in improving security and simplicity in our HTTPS Web Client.

Single Sign-On GoAnywhere Services

Today’s workplace requires a growing number of usernames and passwords to access the company’s network portal, webmail, benefits system, cloud-based applications, and much more.  This can lead to “weak” passwords or the overuse of a single password which, if stolen, can create vulnerability across multiple accounts.

SAML (Security Assertion Mark-Up Language) is an XML based open standard for authorization and authentication between an Identity Provider and a Service Provider.

Implementing SSO affords your organization a number of opportunities.  The addition of SAML v2.0 support, using the OpenSAML API, allows GoAnywhere Services to improve productivity, increase adoption, centralize user access control and add a uniform security layer.

In addition, SSO support now allows integration of GoAnywhere Services with both internal applications and compatible external applications.  For example, you can now regain control of documents storage in Salesforce.com while providing a simple and seamless experience for users.

Additional enhancements include two new languages, custom disclaimers for all languages and new Virtual Folder commands.

Expanded Language Support

Version 3.5 adds support for two new languages: Portuguese and Bahasa.  Linoma Software continues to evaluate requests for additional languages as part of our commitment to building a product that serves an international marketplace.

This release also improves language support by accommodating custom disclaimers for each language.

Virtual Folder Commands

GACMD (GoAnywhere Command) received an update that improves the ability to create, update, and delete virtual files and folders across a range of web user and group profiles in GoAnywhere Services.  GACMD provides a way to programmatically send commands to GoAnywhere Services and our file automation solution; GoAnywhere Director.

A result of user feedback, this enhancement further improves the efficiency of GoAnywhere Services.

 

 

 

IT Security Threat Reaches Executive Level

Friday, April 18, 2014 Posted by

The success of a company now relies on its ability to secure critical data.  When escalated to this level of importance, it’s time for the CEO and board to become directly engaged in the process.

The traditional role of IT has changed significantly in recent years.  IT professionals, previously tasked with configuring office computers and network servers, are now entrusted with securing trade secrets and highly sensitive customer records.  Add to this a surge of cloud-based applications and storage that make an organization’s data vulnerable and the IT department suddenly has a very full plate.

Organizations are being targeted primarily for the purpose of financial gain.  Customer records often include sensitive data that can be easily monetized, providing ample motivation for both hackers and internal threats.  As companies increase their digital assets — through the harvesting of more customer personal, financial and transaction information – they become a higher profile target for thieves.

Failure to Recognize a Breach

single sign-on breachFirewallThe challenge often seems to be detecting and resolving intrusions.  Sometimes the first notification of a breach comes from federal investigators who’ve discovered the organization’s data on the open market.  Even when signs of suspicious activity present themselves, too frequently the threat is not given proper escalation.

Of greatest concern is the timely reporting of incidents through the levels of company leadership, regulatory authorities and, ultimately, the effected parties. The IT department might feel compelled to research and resolve the breach before notifying senior management.  This can turn a potentially damaging situation into a public relations nightmare.

Common Language is Key

The solution begins with establishing a communication channel and common language between business and IT leaders.  Together they must understand and agree upon the level of risk the organization is willing to tolerate.

These marching orders allow the IT department to make a plan that meets these strategic needs.  Once completed, the gaps, priorities, and strategy needs to be communicated back to the CEO and board in a language that top leadership can understand.

Lastly, don’t deny the limitations of your IT department.  The complexities and rapidly changing nature of security breaches may require the assistance of outside expertise to keep systems and procedures current.

This post is based on a TechRepublic article by Michael Kassner titled, “C-level execs need to rethink IT security”.

 

SFTP Server in the DMZ or Private Network

Wednesday, March 19, 2014 Posted by

Many organizations have an SFTP server installed where their trading partners can connect to securely upload and download sensitive files.

SFTP Server in the DMZ

Traditionally SFTP Servers have been installed in the DMZ (or public facing) segment of the network since organizations were fearful of opening inbound ports into the Private (internal) network.

sftp server - DMZ

Keeping the SFTP Server in the DMZ, however, has posed several problems.  The primary issue is that files have to be stored in the DMZ when they are dropped off by partners, or otherwise staged temporarily for pickup. Those staged files have a higher risk of being accessed by hackers since the DMZ is more exposed to the Internet.  You could require those staged files to be encrypted with something like Open PGP, but many auditors don’t like to see any sensitive files in the DMZ, encrypted or not.

Another issue is that you often have to write scripts to copy the files back and forth between the DMZ and private network, which takes programmer effort and can lead to errors.

SFTP Server in the Private Network

To keep sensitive files out of the DMZ, some organizations have moved their SFTP server into the private network.

sftp server - private network

This approach eliminates the need to write scripts for moving files back and forth.  The big downfall of this approach is that ports were traditionally opened into the private network for trading partners to gain access to the SFTP server.  These open ports could create a potential risk for attackers to gain access to the private network.  In today’s security-conscious environment, most IT auditors do not like to see any inbound ports opened into the private network… especially if you are storing sensitive PCI or HIPAA data on those servers.

Gateway in the DMZ while keeping the SFTP Server in the Private Network

An approach that is quickly gaining in popularity is to implement a gateway component in the DMZ.  The gateway will serve as an enhanced reverse proxy which does not require inbound ports into the private network. 

sftp server - gateway

At startup time, the SFTP server will establish a special control channel with the gateway, which is kept alive continuously.  When partners connect to the gateway, it will make requests over the existing control channel to the SFTP server.  The SFTP server will then open any data channels needed back through the gateway to service the trading partners.  The whole process is transparent to the trading partners.  No data is ever stored in the DMZ since it is simply streamed through the gateway.

A gateway in the DMZ therefore solves two major security issues:

  1. No files need to be stored in the DMZ, including user credentials
  2. No inbound ports need to be opened into the Private network

Since a proprietary control channel is used to communicate between the gateway and the SFTP server, you will need to purchase both components from a single vendor.  When looking for the right gateway for your organization, make sure it is easy to set up and manage.  It is critical that it does not require inbound ports into the private network or require any data to be stored in the DMZ.

Contact a Linoma Software representative today to learn more about an enhanced reverse proxy solution on your network.

Managed File Transfer Mobile App Targets Cloud Storage

Friday, March 14, 2014 Posted by

The introduction of smart phones and tablets quickly spawned an industry of mobile apps and cloud storage.  With the rise of Bring Your Own Device (BYOD) in the workplace, the demand for simple and efficient file sharing skyrocketed.  IT departments lacked the tools to satisfy internal customer demands so, in the interest of maintaining productivity, employees found workarounds through unsecured apps and public storage.

GoAnywhere mobile apps

Best of Both Worlds

Today, Managed File Transfer (MFT) software is bringing document management full circle.  In addition to flexibility, automation and improved compliance reporting, MFT has dramatically simplified how trading partners and end users interact with documents.  Mobile apps and web-based clients are bridging the gap recently filled by cloud storage providers.

The real advantage lies in returning control to the network administrator.  Data remains on corporate servers so no information is uploaded to the cloud.  Authorized users are restricted to accessing designated folders and administrators control permission settings, such as read-only or upload rights.  Secure Mail functionality allows users to send email messages with a unique link to files that recipients can download securely through a HTTPS connection.

Reducing Risk of Data Loss

Reliance on policy enforcement to control data security was always an uneasy stop-gap solution.  Now, IT personnel can transition resources to focus on strategic initiatives rather than police information flow.

The GoAnywhere File Transfer app is available for download now on iTunes and the Google Play store. It is free to customers licensed for the GoAnywhere Services HTTP/s module.

If you’d like to learn more about Managed File Transfer and it’s ability to transform your IT operations, contact a GoAnywhere team member today.

File sharing needs to be easier for employees
and more secure for IT administrators

Thursday, January 23, 2014 Posted by

It’s the age-old file sharing dilemma: how do you make technology easy for end users without compromising the security protocols your company requires?

Workflows are moving at ever increasing speeds, and we’re all trying to get more done in less time.  Employees are often juggling multiple projects at once and view having to follow complicated security protocols as an annoying speed bump.  They don’t mean to be non-compliant.  They’re just in a hurry and under pressure, so any shortcut they can find is tempting.

File sharing shortcuts may be easy, but are they secure?

When it comes to file sharing, especially sending sensitive files to vendors, customers, trading partners, or even other internal teams, those outside of the IT department will look for the path of least resistance.  How can I get this file to that person easily and quickly?

The answer tends to be one of two choices.  Employees will either attach the file to an email, or if it’s too large, they’ll try one of those free cloud-based applications like Dropbox, Box.net, or Google Drive.  As far as they’re concerned, as long as the file gets to where it’s going, that’s what really matters. Most people in the office don’t realize that email attachments aren’t secure, and that the cloud tools may not meet the security compliance regulations that affect their organization.

GoAnywhere File Sharing WebinarUpcoming webinar provides a convenient and secure solution

Therefore, the challenge is finding a way to make it as easy for employees to share files securely as it is for them to use one of those shortcuts.  Fortunately, GoAnywhere has developed that alternative.

We’re presenting a live webinar on Thursday, January 30, to show you just how easy secure file sharing can be.

Find out how GoAnywhere Services, the secure FTP server product within the GoAnywhere Managed File Transfer Suite, gives your employees a convenient way to share files as easily as with any other shortcut they’ve found.  The advantage is that those files are sent through a unique, encrypted HTTPS link that the recipient clicks to download the file.  In addition, the file transfer is tracked so that detailed audit reporting can be maintained in compliance with organizational and industry data security regulations.

Finding the right balance between convenience and security is the key to maintaining a great relationship between employees and the IT team.