» 

Blog

Decision Time for Organizations Facing IBM Sterling Connect:Enterprise End-of-Life

Users of IBM Sterling Connect:Enterprise were notified in January of this year that an end-of-life date had been set for the product.  A 16-month window was set to allow customers time to migrate to a replacement Managed File Transfer product. 

IBM Sterling Connect:Enterprise -End of Road DetourThe April 30, 2016 support deadline is fast approaching and failure to act has the potential for severe consequences. Operating mission-critical file transfer processes on an unsupported product can put operational continuity at risk, and an outright failure could irreparably damage relationships with trading partners.  It is critical for organizations to find an alternative to Connect:Enterprise and develop a migration strategy soon.

Options for Migration

IBM recommends that customers migrate over to another Sterling replacement, however this is not your only Managed File Transfer option.  Consider the following:

  • Be sure to evaluate the true cost of the alternative when factoring in staff and consultant time for migration, maintenance, and training.
  • What is the realistic timeline for this migration, and how do you mitigate risk if support for Connect:Enterprise expires before the project is complete?

To serve your organization's best interests, it's important to perform your due diligence when finding an alternative for Connect:Enterprise. Besides replacing Connect:Enterprise current functions, this is also the ideal opportunity to determine if there are additional enterprise requirements for batch or ad-hoc file transfers.

Linoma is offering GoAnywhere MFT™ as an enterprise-level managed file transfer alternative to Sterling Connect:Enterprise. GoAnywhere has an affordable price point with no limits on the number of trading partners.  With an intuitive interface and fast learning curve, Connect:Enterprise customers can convert to GoAnywhere in a relatively short period of time.

GoAnywhere offers centralized control over all transfers, including automation of internal and external file movement, and detailed audit logs with extensive reporting capabilities.  Key points of GoAnywhere are:

  • Affordable purchase price and low cost of ownership
  • Simple installation and operation
  • Responsive customer service and frequent updates
  • Industry standard encryption and protocols including SFTP, FTPS, HTTPS, SCP, Open PGP, ZIP with AES and AS2
  • Multi-platform support

GoAnywhere MFT's intuitive browser-based interface and comprehensive workflow features will help eliminate the need for custom programs/scripts, single-function tools and manual processes that were traditionally needed. This innovative solution improves the reliability of your file transfers and helps your organization comply with data security policies and regulations.

With integrated support for clustering, GoAnywhere MFT can process high volumes of file transfers for enterprises by load balancing processes across multiple systems. The clustering technology in GoAnywhere MFT also provides active-active automatic failover for disaster recovery.

In addition to addressing core data transfer requirements, GoAnywhere also simplifies and secures file sharing and collaboration with its GoDrive module.  Unlike consumer-grade cloud sharing tools, GoDrive provides an on-premise alternative with centralized control and end-to-end encryption.  For ad-hoc transfers, the Secure Mail module makes it easy for employees to send sensitive information and attachments without file size or file type restrictions.  Both provide the security and audit logs needed to achieve compliance company-wide.

Connect with the GoAnywhere team and let us help you explore your migration options and file transfer requirements.


SFTP Server in the DMZ or Private Network

Many organizations have an SFTP server installed where their trading partners can connect to securely upload and download sensitive files.

SFTP Server in the DMZ

Traditionally SFTP Servers have been installed in the DMZ (or public facing) segment of the network since organizations were fearful of opening inbound ports into the Private (internal) network.

sftp server - DMZ

Keeping the SFTP Server in the DMZ, however, has posed several problems. The primary issue is that files have to be stored in the DMZ when they are dropped off by partners, or otherwise staged temporarily for pickup. Those staged files have a higher risk of being accessed by hackers since the DMZ is more exposed to the Internet. You could require those staged files to be encrypted with something like Open PGP, but many auditors don't like to see any sensitive files in the DMZ, encrypted or not. Another issue is that you often have to write scripts to copy the files back and forth between the DMZ and private network, which takes programmer effort and can lead to errors.

SFTP Server in the Private Network

To keep sensitive files out of the DMZ, some organizations have moved their SFTP server into the private network.

sftp server - private network

This approach eliminates the need to write scripts for moving files back and forth. The big downfall of this approach is that ports were traditionally opened into the private network for trading partners to gain access to the SFTP server. These open ports could create a potential risk for attackers to gain access to the private network. In today's security-conscious environment, most IT auditors do not like to see any inbound ports opened into the private network... especially if you are storing sensitive PCI or HIPAA data on those servers.

Gateway in the DMZ while keeping the SFTP Server in the Private Network

An approach that is quickly gaining in popularity is to implement a gateway component in the DMZ. The gateway will serve as an enhanced reverse proxy which does not require inbound ports into the private network.

sftp server - gateway

At startup time, the SFTP server will establish a special control channel with the gateway, which is kept alive continuously. When partners connect to the gateway, it will make requests over the existing control channel to the SFTP server. The SFTP server will then open any data channels needed back through the gateway to service the trading partners. The whole process is transparent to the trading partners. No data is ever stored in the DMZ since it is simply streamed through the gateway.

A gateway in the DMZ therefore solves two major security issues:

  1. No files need to be stored in the DMZ, including user credentials
  2. No inbound ports need to be opened into the Private network

Since a proprietary control channel is used to communicate between the gateway and the SFTP server, you will need to purchase both components from a single vendor. When looking for the right gateway for your organization, make sure it is easy to set up and manage. It is critical that it does not require inbound ports into the private network or require any data to be stored in the DMZ.

Contact a Linoma Software representative today to learn more about an enhanced reverse proxy solution on your network.


Could your FTP server pass a compliance audit?

data security compliance auditIf an auditor showed up in your office tomorrow and wanted to examine your file transfer security policies and procedures, how confident are you that your organization would earn high marks?

Take this short quiz and find out.

  1. Are you still hosting an outdated SFTP or FTP server in the public area of your network (or DMZ)?
  2. Do trading partners have access to inbound ports within your internal network to drop off or retrieve files?
  3. Are your administrative security controls granular enough to manage user access to specific files, folders and areas of the network?
  4. Can you monitor all file transfer activity and maintain detailed audit logs?
  5. Do employees have easy access to an ad hoc file transfer tool that lets them transfer files of any size, all while generating audit trails?

To find out how auditors expect you answer these questions, don't miss our next webinar:

Get Your FTP Server Into Compliance
Thursday, July 18 at Noon Central

Linoma Software's Chief Architect Bob Luebbe will show you how the GoAnywhere Services secure FTP server can work with GoAnywhere Gateway to keep sensitive data and credentials safely in your internal network and out of the DMZ.  He'll also demonstrate how the two work together to allow you to exchange files with trading partners without opening inbound ports.

Do your homework so you can prepare for a visit from the auditor.  Sign up today!  


Reverse Proxy Gateway Video Now Live

Rounding out our series of GoAnywhere product videos, we've recently added an overview of GoAnywhere Gateway.  It explains how incorporating a reverse proxy and a forward proxy into your managed file transfer processes adds an extra layer of protection for your private network.reverse proxy DMZ gateway

When GoAnywhere Gateway is implemented, trading partners can exchange files with your organization without gaining access to your private network because no inbound ports will need to be opened to complete the exchange.  This feature is especially important to auditors evaluating compliance with regulations such as PCI DSS, HIPAA, and SOX.

Our Gateway video premier coincides with the release of our latest white paper entitled DMZ Gateways: Secret Weapons for Data Security.  Please let us know if you'd like to learn more about how our reverse proxy DMZ gateway can improve your secure file transfer system.


Reverse Proxy DMZ Gateways May Be The Missing Link in Your MFT Strategy

By now, most companies have gotten the message that their data - as well as the sensitive data belonging to customers and partners - needs reliable protection from unauthorized access. The ever growing regulatory environment is making it more and more painful for any company who does not take their data security seriously. Reverse Proxy Gateway, Managed File Transfer

The difference between the desire to keep data secure and actually getting it done, however, has proven to be challenging, especially considering the extraordinary amount of data that is being shared among companies and their customers, health care providers, financial institutions and more as part of daily business activities.

A common approach for sharing information with partners is to deploy a FTP or SFTP server in the "public" area of the company's network called the DMZ (demilitarized zone) where authorized users can drop off or retrieve files.  Those files will often remain in the DMZ until an internal program or user copies them into the private network for processing.

Industry regulators and compliance auditors are becoming increasingly alarmed at this practice of staging files in the DMZ, because even if those files are encrypted, they are more susceptible to theft by savvy hackers.  Worse yet, if the company decides to move those file servers into the private network, they may unintentionally be allowing unwanted access through open inbound ports.

A solution that's gaining in popularity is the reverse proxy DMZ gateway, which is used as a secure bridge between your trading partners and your file servers.  A DMZ gateway allows you to move file servers and other public services out of the DMZ and into the private network without having to open inbound ports.  Because it serves both as a reverse proxy for handling inbound traffic and a forward proxy for any outbound file transfer requests originating from inside your network,  DMZ gateways keep the auditors happy and your data safe in the private network.

For more information about how a DMZ gateway works and what advantages it brings to your network security, please download our new white paper DMZ Gateways: Secret Weapons for Data Security.  Then, let us know what you think!