SFTP Server in the DMZ or Private Network

Wednesday, March 19, 2014 Posted by

Many organizations have an SFTP server installed where their trading partners can connect to securely upload and download sensitive files.

SFTP Server in the DMZ

Traditionally SFTP Servers have been installed in the DMZ (or public facing) segment of the network since organizations were fearful of opening inbound ports into the Private (internal) network.

sftp server - DMZ

Keeping the SFTP Server in the DMZ, however, has posed several problems.  The primary issue is that files have to be stored in the DMZ when they are dropped off by partners, or otherwise staged temporarily for pickup. Those staged files have a higher risk of being accessed by hackers since the DMZ is more exposed to the Internet.  You could require those staged files to be encrypted with something like Open PGP, but many auditors don’t like to see any sensitive files in the DMZ, encrypted or not.

Another issue is that you often have to write scripts to copy the files back and forth between the DMZ and private network, which takes programmer effort and can lead to errors.

SFTP Server in the Private Network

To keep sensitive files out of the DMZ, some organizations have moved their SFTP server into the private network.

sftp server - private network

This approach eliminates the need to write scripts for moving files back and forth.  The big downfall of this approach is that ports were traditionally opened into the private network for trading partners to gain access to the SFTP server.  These open ports could create a potential risk for attackers to gain access to the private network.  In today’s security-conscious environment, most IT auditors do not like to see any inbound ports opened into the private network… especially if you are storing sensitive PCI or HIPAA data on those servers.

Gateway in the DMZ while keeping the SFTP Server in the Private Network

An approach that is quickly gaining in popularity is to implement a gateway component in the DMZ.  The gateway will serve as an enhanced reverse proxy which does not require inbound ports into the private network. 

sftp server - gateway

At startup time, the SFTP server will establish a special control channel with the gateway, which is kept alive continuously.  When partners connect to the gateway, it will make requests over the existing control channel to the SFTP server.  The SFTP server will then open any data channels needed back through the gateway to service the trading partners.  The whole process is transparent to the trading partners.  No data is ever stored in the DMZ since it is simply streamed through the gateway.

A gateway in the DMZ therefore solves two major security issues:

  1. No files need to be stored in the DMZ, including user credentials
  2. No inbound ports need to be opened into the Private network

Since a proprietary control channel is used to communicate between the gateway and the SFTP server, you will need to purchase both components from a single vendor.  When looking for the right gateway for your organization, make sure it is easy to set up and manage.  It is critical that it does not require inbound ports into the private network or require any data to be stored in the DMZ.

Contact a Linoma Software representative today to learn more about an enhanced reverse proxy solution on your network.

Managed File Transfer Mobile App Targets Cloud Storage

Friday, March 14, 2014 Posted by

The introduction of smart phones and tablets quickly spawned an industry of mobile apps and cloud storage.  With the rise of Bring Your Own Device (BYOD) in the workplace, the demand for simple and efficient file sharing skyrocketed.  IT departments lacked the tools to satisfy internal customer demands so, in the interest of maintaining productivity, employees found workarounds through unsecured apps and public storage.

GoAnywhere mobile apps

Best of Both Worlds

Today, Managed File Transfer (MFT) software is bringing document management full circle.  In addition to flexibility, automation and improved compliance reporting, MFT has dramatically simplified how trading partners and end users interact with documents.  Mobile apps and web-based clients are bridging the gap recently filled by cloud storage providers.

The real advantage lies in returning control to the network administrator.  Data remains on corporate servers so no information is uploaded to the cloud.  Authorized users are restricted to accessing designated folders and administrators control permission settings, such as read-only or upload rights.  Secure Mail functionality allows users to send email messages with a unique link to files that recipients can download securely through a HTTPS connection.

Reducing Risk of Data Loss

Reliance on policy enforcement to control data security was always an uneasy stop-gap solution.  Now, IT personnel can transition resources to focus on strategic initiatives rather than police information flow.

The GoAnywhere File Transfer app is available for download now on iTunes and the Google Play store. It is free to customers licensed for the GoAnywhere Services HTTP/s module.

If you’d like to learn more about Managed File Transfer and it’s ability to transform your IT operations, contact a GoAnywhere team member today.

File sharing needs to be easier for employees
and more secure for IT administrators

Thursday, January 23, 2014 Posted by

It’s the age-old file sharing dilemma: how do you make technology easy for end users without compromising the security protocols your company requires?

Workflows are moving at ever increasing speeds, and we’re all trying to get more done in less time.  Employees are often juggling multiple projects at once and view having to follow complicated security protocols as an annoying speed bump.  They don’t mean to be non-compliant.  They’re just in a hurry and under pressure, so any shortcut they can find is tempting.

File sharing shortcuts may be easy, but are they secure?

When it comes to file sharing, especially sending sensitive files to vendors, customers, trading partners, or even other internal teams, those outside of the IT department will look for the path of least resistance.  How can I get this file to that person easily and quickly?

The answer tends to be one of two choices.  Employees will either attach the file to an email, or if it’s too large, they’ll try one of those free cloud-based applications like Dropbox, Box.net, or Google Drive.  As far as they’re concerned, as long as the file gets to where it’s going, that’s what really matters. Most people in the office don’t realize that email attachments aren’t secure, and that the cloud tools may not meet the security compliance regulations that affect their organization.

GoAnywhere File Sharing WebinarUpcoming webinar provides a convenient and secure solution

Therefore, the challenge is finding a way to make it as easy for employees to share files securely as it is for them to use one of those shortcuts.  Fortunately, GoAnywhere has developed that alternative.

We’re presenting a live webinar on Thursday, January 30, to show you just how easy secure file sharing can be.

Find out how GoAnywhere Services, the secure FTP server product within the GoAnywhere Managed File Transfer Suite, gives your employees a convenient way to share files as easily as with any other shortcut they’ve found.  The advantage is that those files are sent through a unique, encrypted HTTPS link that the recipient clicks to download the file.  In addition, the file transfer is tracked so that detailed audit reporting can be maintained in compliance with organizational and industry data security regulations.

Finding the right balance between convenience and security is the key to maintaining a great relationship between employees and the IT team.

 

Grocery Outlet Uses GoAnywhere to Automate File Transfers

Tuesday, December 10, 2013 Posted by

When your network of retail locations expands, how do you keep up with all the data that needs to be exchanged between stores, vendors, and other trading partners? At some point, the only solution becomes to automate file transfers. See how Grocery Outlet made the transition with GoAnywhere.

Read the transcript

Grocery Outlet is a family-owned company established to provide inexpensive groceries to its customers.  It’s now the largest deep-discount grocery store chain in America, with more than 200 stores in seven states.  Many of these stores are owned and operated by local families to serve their neighborhood’s needs, and the company keeps growing.

Between sharing data with store owners and communicating with vendors, Grocery Outlet exchanges more than 30,000 files every day.  Steve Tuscher, the Director of IT, realized that having his staff write manual scripts for these file exchanges was time consuming enough, but tracking down and fixing problems when files didn’t arrive at their intended destinations was the last straw.

He began looking for a solution that would automate file transfers and provide better error reporting, and after discovering some high-priced options, he decided to take a look at GoAnywhere.

GoAnywhere helps Grocery Outlet automate file transfers“We quickly replaced all of our internal FTP scripts and within a couple of months, we’d transformed our data delivery across all of our business partners and all our internal systems with GoAnywhere,” Tuscher said. “We were surprised that we were able to do that as quickly and easily as we did.”

To hear more about Grocery Outlet’s success with GoAnywhere, and to find out which feature the team found most valuable in transforming the way they managed their workflows, be sure to watch the video.  You can also read the transcript here.

 

 

How To Build a Data Breach Response Plan:
5 Great Resources

Thursday, November 14, 2013 Posted by

What is a data breach?

The definition seems obvious for any organization.  A data breach occurs when data that was supposed to be protected from unauthorized access is exposed.

What may not be as clear cut is all of the ways that sensitive data can be compromised.  These include malicious attacks, accidental mistakes, and employee incompetence.  Confidential information can fall into the wrong hands during electronic file transfers, accessing lost or stolen devices, or as a result of hackers’ infiltration into a company’s servers.  Even sending an unsecure email could qualify as a data breach, depending on the information it contained.

five resources for developing a data breach response planWhat is your data breach response plan?

As complex as the causes of data breaches can be, the steps for responding are fairly straightforward, though time-consuming, stressful, and expensive.  Dealing with the breach will be monumentally more challenging if you don’t already have a data breach response plan in place.

Generally agreed upon steps include

  • thorough, extensive documentation of events leading up to and immediately following the discovery of the breach
  • clear and immediate communication with everyone in the company about what happened, and how they should respond to any external inquiries
  • immediate notification and activation of the designated response team, especially legal counsel, to determine whether law enforcement and/or other regulatory agencies need to be involved
  • identification of the cause of the breach and implementation of whatever steps are necessary to fix the problem
  • development of messaging and deployment schedule for notifying those whose data was compromised, based on counsel from lawyers who will review state laws, compliance regulations, and other mandates affecting what the messaging must say and how soon notification must occur, as well as what compensation to affected victims should be provided

5 Important Resources

If your company does not yet have a data breach plan in place, or if you’ve been thinking it might be time to update your current policy, here are five great resources that you’ll want to review.

Data Breach Response Guide (Experian Data Breach Resolution Team)

Here is a comprehensive 30-page PDF that includes how to handle each step of the response process, as well as information about specific kinds of breaches such as healthcare breaches.  It even includes an audit tool for you to use to check your current plan to make sure it’s as updated as it needs to be.

Security Breach Response Plan Toolkit (International Association of Privacy Professionals (IAPP))

Use this questionnaire to guide the development of your incident response plan.  Involve your executive and IT team so everyone can better understand all facets of the process.

BBB Data Security Guide (Better Business Bureau)

Specifically designed for small businesses, the BBB provides a series of articles and resources to help companies understand the issues surrounding data security, as well as how to build a response plan.

Model Data Security Breach Preparedness Guide (American Bar Association)

For those with limited access to legal counsel, this PDF provides an overview from the legal perspective of how to prepare for a data breach.  It obviously isn’t a substitute for seeking advice from a lawyer who knows or can learn the details of your specific situation as well as the laws that apply in your state and industry.  However, it does provide some good general information that could help you launch a discussion with your legal team.

Data Breach Charts (Baker Hostetler law firm)

If your company does business in more than one state, this is a great starting point to review how different states’ data breach laws compare.  Again, it doesn’t take the place of your legal team, but it’s a helpful overview.

What other resources do you know about that should be included in this list?  Let us know in the comments!