» 

Blog

Linoma Software makes the Inc. 5000 list of Fastest-Growing Private Companies

Inc. 5000 - Fastest Growing Companies in AmericaFor the fourth consecutive year, Linoma Software, a leader in providing enterprise-class security and managed file transfer solutions, was included in Inc. Magazine’s prestigious annual list of the nation’s fastest-growing private companies. Honored as #16 for Top Nebraska Companies and ranked #3947 for the overall Inc. 5000 list, Linoma Software was one of only three Nebraska-based software companies to be featured in this year’s lineup.

“I’m thrilled that Linoma has made the Inc. 5000 list four years in a row,” said Bob Luebbe, President and Chief Architect of Linoma Software. “To be recognized with some of the most successful companies in the United States is a great honor and we are excited about our continued growth and positive economic impact.”

The Inc. 5000 list of Fastest-Growing Private Companies is ranked according to percentage revenue growth when comparing 2012 to 2015. For consideration, companies were qualified based on specific criteria which included being U.S.-based, privately held, founded and generating revenue by March 31, 2012. The Inc. 5000’s aggregate revenue is $200 billion, and the companies on the list collectively generated 640,000 jobs over the past three years, or about 8% of all jobs created in the entire economy during that period.

"The Inc. 5000 list stands out where it really counts,” says Inc. President and Editor-In-Chief Eric Schurenberg. “It honors real achievement by a founder or a team of them. No one makes the Inc. 5000 without building something great – usually from scratch. That’s one of the hardest things to do in business, as every company founder knows. But without it, free enterprise fails.”

To view Linoma Software’s full profile and ranking on the Inc. 5000 list, please visit http://www.inc.com/profile/linoma-software?cid=full500016-list-3947. Complete results of the Inc. 5000, including company profiles and an interactive database that can be sorted by industry, region, and other criteria, can be found at http://www.inc.com/inc5000.

About Inc. 5000 and Inc. Media:

Founded in 1979 and acquired in 2005 by Mansueto Ventures, Inc. is the only major brand dedicated exclusively to owners and managers of growing private companies, with the aim to deliver real solutions for today's innovative company builders. Winner of the National Magazine Award for General Excellence in both 2014 and 2012. Total monthly audience reach for the brand has grown significantly from 2,000,000 in 2010 to over 15,000,000 today.  For more information, visit www.inc.com.

The Inc. 5000 is a list of the fastest-growing private companies in the nation. Started in 1982, this prestigious list of the nation's most successful private companies has become the hallmark of entrepreneurial success. The Inc. 5000 Conference & Awards Ceremony is an annual event that celebrates their remarkable achievements. The event also offers informative workshops, celebrated keynote speakers, and evening functions.

For more information on Inc. and the Inc. 5000 Conference, visit http://conference.inc.com


Four Modern Alternatives to FTP Explained

Today's data-driven world is demanding, requiring accuracy, speed, integrity and above all -- security. It's a tall order to fill, and in the past, many organizations relied heavily on the legacy FTP protocol to transmit files. But over time, the security of this method has been tested by hackers.

FTP AlternativesFor example, a serious breach occurred at Yale University in 2001, when more than 43,000 user IDs were exposed and all data was carefully harvested from an FTP server. Acer customer details were stolen in a similar fashion the same year. And most recently, 7,000 FTP sites had their credentials circulated in underground forums, including an FTP server run by The New York Times.

Security and file transfers are a significant concern for IT security professionals, but what is the best way to safeguard your company's data?

Leveraging More Secure Options

As many organizations have evolved past traditional FTP, they are opting for modern and secure options for transmitting data, including:

SFTP. Also known as FTP over SSH, SFTP brings down the risk during data exchange by using a secure channel between computer systems to prevent unauthorized disclosures during transactions. Authentication of an SFTP connection involves a user id and password, SSH keys, or using both.  It is also firewall friendly, only needing a single port number to be opened.

HTTPS. Many sites are gravitating to HTTPS instead of the traditional HTTP, but what are the major differences? For starters, traditional HTTP doesn't encrypt traffic to your browser, which poses a security risk. In contrast, HTTPS provides an added encryption layer using Transport Layer Security (TLS). This creates a secure channel so the integrity of the data is not changed without your knowledge. HTTPS is ideally suited for file transfers where a trading partner requires a simple, browser-based interface for uploading data.

AS2. This is a popular method for transporting EDI data safely and reliably over the Internet. The AS2 generates an "envelope" for the data, allowing it to be sent using digital certifications and encryption. For example, Walmart has become well known for using EDI through AS2 and has played an important role in driving adoption in the retail industry.

Managed File Transfer. A method that supports the above options and makes FTP more secure is managed file transfer (MFT). This secure option streamlines the exchange of data between systems, employees and customers. Numerous protocols and encryption standards are supported, and MFT provides extensive security features that meet strict security policies to comply with PCI DSS, HIPAA, GLBA and other regulatory requirements.

MFT solutions provide advanced authentication and data encryption to provide secure and reliable file transfers. You can also track user access and transfer activity through reporting features.

Overall, managed file transfer offers the best option for securely managing the transfer of data quickly, efficiently with detailed audit trails. It's preventive, rather than reactive, which is what security professionals in today's environment need most.  


How Managed File Transfer helped a Healthcare Organization Save Time and Money

For a healthcare group looking to streamline processes and slash costs without compromising on security and functionality, finding a reputable secure file transfer solution was imperative. Nemours, one of the largest integrated pediatric health systems in the United States, was tasked with migrating to a standardized system that would help them work more efficiently while maintaining compliance with health industry regulations such as HIPAA and HITECH.

With over 70 years of providing care and services to more than 300,000 children each year, Nemours relied on writing scripts and manual transfers in their day-to-day operations. While the process served them well in the past, as transfer numbers grew to over 5,000 per month, the team knew it was time to find an alternative that could help them save time and money.

Nemours - GoAnywhere Managed File TransferThe search was on for a file transfer solution…

Because of the sensitive nature of the patient data they often send, data security and safeguarding measures were at the top of the wish list for the Nemours team. Additionally, they required a solution that would provide flexibility and automation capabilities that could further streamline internal processes and workflows. After evaluating a number of solutions on the market, the team chose GoAnywhere MFT™ for its robust features and affordability.

Surprisingly versatile software

The Nemours team found that their GoAnywhere licenses could be used to manage workflows in multiple departments and as they implemented the software, they realized that they could harness the power of managed file transfer to handle projects that weren't on the original list for MFT.  For example, external clients would remotely connect and drop files via an HTTPS website in the past. Nemours was able to permanently migrate that entire process to GoAnywhere which gave them the added functionality of detailed audit logs and notifications when files were successfully received. Nemours was also able to deploy GoAnywhere to automate a complicated enterprise project that redefined how they processed electronic statement transfers.

Dealing with high volume, encryption and decryption and various data points became nearly effortless with the managed file transfer solution and as a result, projects that used to take several days now take just a few hours. Troubleshooting issues now takes minutes as they have the convenience of detailed job and audit logs to quickly pinpoint problems. By decreasing the amount of time that staffers had to spend on writing scripts, manually transferring files and troubleshooting as they did in the past, Nemours was able to save time and reduce stress on IT staff. Saving time equates to saving money and with GoAnywhere on their side, the team at Nemours can now turn their attention to more strategically significant projects. To learn more, read the case study.


GoAnywhere MFT Earns Drummond Recertification for AS2

Drummond Recertification AS2 1Q16 GoAnywhereMFTLinoma Software is pleased to announce that GoAnywhere Managed File Transfer (MFT) has earned Drummond Recertification for Applicability Statement 2 or AS2 interoperability.

AS2 is a popular security standard that defines how to transfer digital data securely and reliably over the internet using encryption and digital certificates. Some advantages of using AS2 include end-to-end encryption of the actual data files instead of just the transfer channel, non-repudiation verification of sender and recipient authenticity through the use of digital signatures, and validation of original file integrity with successful transfer confirmation.

In order to become Drummond Certified™, companies must submit to rigorous product testing and meet strict requirements that verify compatibility between certified products for specific protocols such as AS2. The Drummond Group provides a controlled, vendor-neutral environment where routine tests are conducted to ensure that certified products meet strict testing protocols and are kept current.

Drummond Recertification for AS2-1Q16

For the first quarter AS2-1Q16 tests, 12 Global companies participated and 16 products were certified or recertified.   "Not all companies are willing to undergo the certification process, it's not easy," said Bob Luebbe, President and Chief Architect at Linoma Software. "We count certification as part of our unwavering commitment to providing one of the highest quality and proven managed file transfer solutions on the market. Being Drummond Certified makes it easy for our customers to verify at-a-glance that our products have been real world tested and are guaranteed to fit into their existing AS2 infrastructure."

In addition to receiving Drummond Recertification for AS2, GoAnywhere MFT also successfully met requirements for AS2 optional tests including multiple attachments (MA), file name preservation (FN), file name preservation for multiple attachments (FN-MA), chunked transfer encoding (CTE), and secure hashing algorithm 2 (SHA-2). To learn more about Applicability Statement 2 or AS2, please visit these links.


3 Steps to Safeguarding Company Data and Limiting Risk

GoAnywhere Safeguard Data and Limit LiabilitySecurity professionals of today are inundated with headlines about the potential consequences of a data breach. Take, for example, Target, which suffered a massive data breach at the end of 2013, exposing the personal information of 70 million shoppers. Worse yet, the breach occurred at the height of the holiday shopping season, rocking consumer confidence.

This case and many others underscore the fact that protecting data is getting more complex as security professionals work to manage vast amounts of data throughout various physical and virtual locations. So how can you best safeguard your data?

Catalog Assets: Know What Data You're Storing

The first step in protecting critical data is understanding the full extent of what you're storing. All data is important, but it's especially critical to identify and catalog sensitive information. For example, this may include:

  • Transaction and account records.
  • Customer lists and contracts.
  • Personally identifiable information (e.g., Social Security numbers, credit card numbers).
  • Proprietary corporate details that are, such as financial documents, marketing plans and trade secrets.
  • Employee records.

This list, of course, is endless and unique for every business type. Taking inventory of the types of information that you are storing and identifying which are the most sensitive will assist in implementing the best safeguards.

Identify Where Data Is Stored

The percentage of workers operating remotely has skyrocketed from 9 percent in 1995 to 37 percent now, according to Gallup. This trend presents additional complexity for security professionals, especially when you add other trends -- such as BYOD -- into the equation. In fact, in a recent survey by Tech Pro Research, 74 percent of companies said that they are already using or planning to adopt BYOD. After identifying the types of digital information stored and which are highly sensitive, you must also inventory where that data resides to effectively keep it safe. For example, locations may include:

  • Portable drives
  • Laptops
  • Network drives
  • Servers
  • The Cloud
  • Mobile devices

After identifying all the locations -- physical and virtual -- security professionals are faced with the important question "OK, now how do we protect this data?"

Protecting Data

Protecting data involves safeguarding the exchange of information between all systems, employees, customers and trading partners. For example, an effective security solution should:

  • Encrypt important information at rest and in transit.
  • Enforce strong password policies.
  • Allow you to limit access.
  • Include accountability, showing who has accessed data, when, and from what location and device.
  • Have multi-factor authentication.
  • Leverage safeguards that ensure you are alerted if important data is leaking or stolen.
  • Ensure that regular data backups are in place to safeguard data in case of an unexpected event.

Security threats won't be slowing down anytime soon, but advanced security solutions allow organizations to more effectively safeguard business data. As a result, organizations are able to mitigate business risk, reduce liability and provide customers with greater confidence.


The State of Data Security Technology: 4 Essential Safeguards

Enterprises today are capturing more data than ever. And while collecting an increasing amount of data yields valuable insights and the ability to connect more effectively with customers, it also creates more concerns -- mostly around security.

Sixty-nine percent of North American and European security decision-makers report they are responsible for protecting customers' personal information. As a result, the pressure is rising -- and so are the budgets. According to a recent Forrester report, 36 percent expect to increase spending in this area. But with increased media coverage highlighting devastating cyber attacks and security breaches, companies are asking, "How can we best ensure that this doesn't happen to our company?"

Data Security and Privacy

Many technologies claim to be the "cure all" to growing security concerns, yet with so much available, how can you be sure that you're selecting the right tools? Forrester recently explored the state of security through examining past research and surveying 53 field experts. The company highlighted important solutions that will play a critical role. Here are four to watch.

GAMFT Cloud Protection Solutions Data SecurityCloud data protection solutions.

Enterprises are seeking solutions that allow them to encrypt their own data and hold the keys, in contrast to older models that rely on a cloud or third-party provider's native encryption solution. This type of solution works by encrypting sensitive data before it leaves the enterprise network, rendering it unreadable or useless to cyber criminals. The cost to implement is moderate, and the solution can be deployed as an on-premise or virtual application or as hardware. It's typically priced per user and often based on the per-user pricing of an SaaS agreement.

GAMFT Email Encryption Data SecurityEmail encryption.

Regardless of the industry, email often contains confidential information that requires safeguarding. This is especially true for industries that are under strict regulatory scrutiny, such as the health care industry. Forrester predicts that email encryption adoption will remain steady over the next decade as compliance concerns rise. This solution works by encrypting emails between recipients so that only the correct email recipient is able to read the content and download attachments. This is typically offered as a feature of a security solution or service, and can have the added advantage or removing file size restrictions. Pricing is moderate and enterprises can typically select from a hosted or on-premise solution.

GAMFT Managed File Transfer Data SecurityManaged File Transfer.

Managed file transfer is an important technology to help organizations protect and audit their data transmissions. It's at the core of many B2B interactions and serves as an effective replacement for unsecure methods such as FTP and email. MFT is proving especially important in financial services, healthcare, public sector and manufacturing, where security concerns are very high. The technology works by allowing for the secure movement of files between business applications internally and externally. It's typically offered as an on-premise solution or hosted service, and pricing can vary greatly. Because it's typically a replacement for a legacy FTP system, migration to a Secure Managed File Transfer solution is the ideal opportunity to review additional enterprise requirements for batch or ad-hoc file transfers.

GAMFT File Sharing Data SecuritySecure file sharing and collaboration.

Workers today are increasingly interacting remotely using consumer-grade cloud sharing tools, also called EFSS (Enterprise File Sync and Sharing). This remote workforce benefits greatly from using a professional platform to synchronize files across multiple devices. As a result, Forrester expects the demand for secure methods of file sharing and collaboration to continue growing. These EFSS tools allow for the safeguarding of information while sharing data and documents with internal and external partners. File sync and file distribution capabilities can also be included. The cost is typically low to implement, with services delivered on-premise or from the cloud and are priced per user.

Moving Forward

Data security is entering the golden age. S&R professionals will continue to feel increased pressure to analyze all available security options, stay nimble, and adjust quickly to ensure data privacy and security moving forward. Selecting options that offer a progressive amount of security and internal control over data, however, will ensure that enterprises are safeguarding critical data while navigating an increasingly complex regulatory environment.


How to Implement RSA SecurID via RADIUS with GoAnywhere Managed File Transfer™

Linoma Software recently announced their certification as an RSA® Ready certified partner and the integration of RADIUS and RSA SecurID© within GoAnywhere MFT™. Organizations already using RSA Authentication protocols can now easily implement RSA SecurID as a login method to be used by Admin Users, Web Users or as a second login step for Web Users in GoAnywhere MFT.

Here is a quick walkthrough of the RADIUS configuration in GoAnywhere MFT as shown in the RSA Ready implementation guide. Before you attempt to configure your software, always backup your files and be sure to consult the official implementation guide for further details and recommendations. RSA Radius SecurID GoAnywhere MFT Screens By default, Admin User and Web User passwords are authenticated against the passwords stored in the GoAnywhere database. Optionally, you can configure GoAnywhere Login Methods for basic authentication of Admin User and Web User passwords against a RADIUS (RSA SecurID) server located within your organization. Web User accounts can also be authenticated to the HTTPS Web Client using RSA SecurID tokens.

How to set up RADIUS (RSA SecurID) in GoAnywhere MFT

  1. To add a RADIUS Login Method, log in to the GoAnywhere MFT Admin Server as an Admin User with the Security Officer role. Complete the required information.
  2. From the main menu bar, select Users, and then click the Login Methods Link.
  3. In the Login Methods page, click the Add Login Method link in the page toolbar.
  4. Select Basic Authentication from the Select Login Method Type page and then click Continue.
  5. Complete the required information
    • Name - A unique name for the Login Method.
    • Description - The description field is optional text to describe the login method. Limited to 512 characters.
    • Type - The authentication type used by the Login Method. Choose RADIUS
    • Shared Secret - The shared secret provided by the RADIUS server. GoAnywhere automatically encrypts the shared secret with AES-256 bit encryption.
    • Host - The host name or IP address of the RADIUS server.
    • Port - The port number to use for connecting to the RADIUS server. If left blank, the default port number is 1645.
    • Timeout - The maximum amount of time, in seconds, to wait for a response from the RADIUS server. A value of 0 (zero) is interpreted as infinite timeout. The default timeout is 300 seconds
    • Retry Attempts - The number of times to retry the RADIUS connection if it cannot be established. This setting is used for both the initial connection and any reconnect attempts due to lost connections. If left blank, then no retries will be attempted.
  6. Click the Save button to save the settings.

RSA Radius RSA SecurID GoAnywhere Managed File Transfer If you need assistance with configuration of GoAnywhere MFT with RADIUS and RSA SecurID, our support team is ready to help. Visit our support page to get the help you need when you need it via email, phone, live online chat, forums or our customer portal.


Take a Proactive Approach to New PCI Standards

For some organizations, the 36 month lifecycle of new Payment Card Industry Data Security Standards (PCI DSS) can be a grueling schedule to tackle. With the release of PCI DSS 3.2 just around the corner, many organizations are trying to estimate the effort required to remain compliant. Wouldn't it be nice if there was a way to predict what was on the minds of the folks on the PCI Security Standard Council before the new standards were released? Well, there just might be a way.

In June, 2015, the Council published a document called The PCI DSS DESV (Designated Entities Supplemental Validation). Inside that document are "extra requirements" which apply to entities requiring "additional validation". These could be organizations that deal with Payment Card Data in large volume, serve as an aggregation point for cardholder data, or suffered significant or repeated breaches.

As folks in the world of security know, defense in depth is a rule we all live by. Extraordinary soon becomes ordinary. Exceptional soon becomes standard. Supplemental soon becomes required.

pci compliant future versionsThrough the DESV, it's possible to glimpse the future of PCI DSS.  By implementing these controls and processes, your organization gains even more protection than what is currently and commonly required. By doing so, you can prepare - to some extent - for the surprises lurking down the road. At the very least, your processes will be better defined and your controls will be more secure. Implementing best practices early could give you the competitive edge you need to respond quickly when those practices become required.

This idea is based on more than just speculation. In a Council blog, "Preparing for PCI DSS 3.2: What to Expect in 2016", posted on February 17, 2016, chief technology officer Troy Leach eluded to some updates in the standard they were considering, which included the following:

  • Multi-factor authentication for administrators
  • Incorporating some of the DESV criteria for service providers
  • Clarifying masking criteria for primary account numbers when displayed
  • Updating migration dates for SSL/early TLS that were published in December 2015

As a developer of enterprise managed file transfer and encryption solutions, Linoma Software remains vigilant in keeping up with the latest PCI DSS standards so we can help organizations to protect their most sensitive data assets and meet compliance requirements.


SHA-2 and TLS Security for AS2 Transfers

2016 is a pivotal year for organizations to upgrade the security used to protect their AS2 data transfers. In order to be compliant with the latest security standards, you need to be using a modern AS2 solution.

The End of SHA-1

SHA-1 (Secure Hash Algorithm) is a cryptographic hash algorithm created by the NSA and published in 1995. SHA-1 takes a message of any length and produces a 160-bit message digest. The message digest verifies the integrity of the message by comparing the hash that was calculated before and after message transmission. For example, the hash of a transmitted file is compared against the hash of the file before it was sent. If the hash values are the same, the file was not tampered with. If the hash values are different, the file was altered during transmission. In 2005, attacks have demonstrated the security in SHA-1 is weaker than intended, and a more secure SHA-2 standard was created. SHA-2 is actually a family of hash functions with hash values of 224, 256, 384, or 512 bits. Due to the stronger hash algorithms in SHA-2, Federal agencies have been directed to stop using SHA-1 and must use SHA-2. 2016 is the year software vendors are completing their migration to SHA-2. Google Chrome has begun displaying warning messages for SHA-1 certificates with expiration dates past January 1, 2016, and Microsoft instructed Certificate Authorities to stop issuing SHA-1 certificates earlier this year. Major organizations, like UPS, are requiring their AS2 trading partners to use SHA-2.

TLS

Transport Layer Security is a protocol that encrypts communications between client applications and servers. TLS is the successor to the Secure Sockets Layer (SSL) protocol version 3.0, and uses more advanced methods for message authentication, better alerting for problem certificates, and more robust cipher suites. After the POODLE vulnerability was discovered in late 2014, companies that are still using SSL instead of TLS are leaving themselves open to man-in-the-middle exploits. Google and Mozilla have already phased out the support of SSL 3.0 in Chrome and Firefox, and trading partners are demanding companies support TLS for AS2 transfers.

SHA-2 and TLS migration

GoAnywhere MFT fully supports SHA-2 and TLS for AS2 transfers. GoAnywhere is certified by the Drummond Group to validate our AS2 solution follows the RFC 4130 standard and is interoperable with other certified products. Using a Drummond Certified solution, and requiring your trading partners do as well, alleviates the challenges of AS2 and ensures your transfers fully meet the latest security standards. For more information on AS2 support in GoAnywhere MFT, visit the pages on our AS2 Client and AS2 Server.


What is AS2?

Applicability Statement 2 (AS2) is a popular file transfer protocol that allows businesses to exchange data with their trading partners.

AS2 combines the use of several secure and widely used technologies including HTTPS, SSL Certificates, S/MIME, and file hashing. By utilizing the strengths of each of them, AS2 has become the preferred protocol in many organizations for exchanging sensitive EDI files.

AS2 messages can be compressed, signed, encrypted and sent over an SSL tunnel making the file transfers very secure. And receipts can be sent back to the sender ensuring the messages were delivered successfully. The receipts can be digitally signed and will contain a checksum value that the sender will use to verify the message received is identical to what was sent.

Key Features of AS2

  • Message Encryption - By using the recipient's public certificate, the AS2 message contents can be encrypted to keep the data secure. Only the recipient will be able to decrypt the contents using their private certificate.
  • Digital Signatures - The message can be signed using the sender's private certificate which allows the recipient to verify the authenticity of the sender. The receipt that is sent back to the sender can also be signed to ensure the identity of the recipient's system. These digital signatures are used for message integrity and non-repudiation of origin. They are typically used in addition to authentication using a user name, password, and/or certificate.
  • Compression - In order to improve transmission time, compression can be added to decrease the size of the message.
  • Receipt - The Message Disposition Notification (MDN, which is commonly referred to as a receipt) plays an important role in AS2 as it acknowledges that the recipient received the message. It can also be used to verify the identity of the recipient when the receipt is signed. Receipts that are sent back immediately over the same connection are referred to as a synchronous MDN. Receipts can also be sent back at a later time in asynchronous mode. This allows the recipient to process and verify the data before sending back a status to indicate if the transaction was successful.
  • Message Integrity Check - The recipient will calculate a checksum of the message using MD5, SHA1, or a SHA2 hashing algorithm. This value is referred to as the MIC and is shared with the sender by placing it in the receipt. The sender will calculate a checksum as well using the same algorithm. These two values are then compared to guarantee that the message sent is identical to the message that was received.
  • Non-repudiation of Receipt -The use of signatures on the message and receipt creates a Non-Repudiation of Receipt (NRR) event, which is considered legal proof of delivery.

Challenges with AS2

Both organizations will need an AS2 solution in order to exchange data. Due to the complex nature of the AS2 protocol with encryption, signatures, and receipts; it is possible that there can be compatibility issues between two separate products. Fortunately, Drummond Group has a rigorous program that validates an AS2 product follows the RFC 4130 standard and is interoperable with other certified products. Using a Drummond Certified solution, and requiring your trading partners do as well, alleviates the challenges of AS2 and allows you to focus on the business aspects of data transfers.

GoAnywhere MFT™ is Drummond Certified™ for AS2 and supports SHA2 algorithms for stronger security, chunked transfer encoding to handle large files, multiple attachments per message, and filename preservation.