No Such Thing as a Free File Transfer, Part 2: Cost-effective Security

With new corporate data breaches in the news seemingly every day, it’s no surprise that security is a top concern for IT professionals. However, file transfers are an area where many companies are still vulnerable. Most file transfers still use FTP, a protocol that comes with inherent risks. It’s especially worrisome that, as TechRepublic points out, FTP is actually becoming more popular again. Other common file transfer solutions, like file sharing apps, come with their own security concerns.

GoAnywhere MFT ROIThis is the second in a series of articles about the ROI of managed file transfer (MFT), the first of which covered time savings. There’s no doubt that data breaches are costly. The 2016 Ponemon Cost of Data Breach Study puts the current cost at $4 million—$158 per record breached. So it’s a no-brainer that a solution to secure your file transfers would bring you a great return on investment.

And yet, when you try to get internal approval for products to help with security, proving the ROI can be difficult. A good security tool is by nature preventative. If you haven’t suffered a breach (or you have and don’t know about it yet), you probably don’t have a way to precisely calculate cost-savings.

Still, your data certainly has value, and you know you have to keep it secure. So how do you know you are protecting your file transfers with the solution that gives you the most bang for your buck? By making sure the software you choose addresses all of the top file transfer security concerns within one solution—no additional purchases or custom scripting required.

A Variety of Secure Protocols

FTP has been proven vulnerable to hacking. For example, 7,000 FTP sites, including an FTP server run by The New York Times, had their credentials circulated in underground forums in 2014. In some cases, hackers used the credentials to upload malicious files.

It’s essential for modern enterprises to turn to more modern and secure file transfer methods, such as:

  • AS2: AS2 generates an "envelope" for the data, allowing it to be sent using digital certifications and encryption.
  • SFTP and FTPS: These secure FTP protocols bring down the risk during data exchange by using a secure channel between computer systems
  • HTTPS: The secure version of HTTP, HTTPS encrypts communications between browser and website.

Which of these methods your company implements may depend on several factors, like your industry compliance requirements or what your trading partners use. Your requirements may also change over time. That’s why the best investment is a versatile managed file transfer solution that can handle any of these protocols and more.   

GoAnywhere MFT ROIProtection against People

When you imagine the security threat to your company, you might conjure up images of hackers working tirelessly to access your systems and use your data for nefarious purposes. The truth is, one of your biggest threats is probably in the office down the hall.

A 2015 study found that internal actors were responsible for 43% of data loss. Half of this is intentional—disgruntled or opportunistic employees, contractors, or suppliers performing deliberate acts of data theft. But half of it is accidental. People like to cut corners, and probably most employees in your company aren’t as concerned about security as you are.

Any file transfer solution with a good ROI has to address the threat coming from within the business.  You want to have role-based security options that limit each user to the servers and the functions of managed file transfer that they absolutely need to use. Detailed audit logs mean you always know who is doing what with the solution.

Ensure Compliance

In many industries, inadequate security practices don’t just put your own corporate data at risk, they can endanger highly sensitive information like credit card numbers and health records. For this reason, a number of regulations exist to protect personal data. A few of the most common are PCI DSS, Sarbanes-Oxley, and HIPAA, but your industry may have others.

A 2011 study found that while the cost of compliance averaged more than $3.5 million, the estimated cost of failing to comply was $9.4 million, showing that a solution that can help you comply with regulations has a clear ROI. In the case of file transfers, your MFT platform should have a number of encryption methods available to protect sensitive data including SSL, SSH, AES, and Open PGP encryption. Audit trails should also be in place to track file transfer activity so you can easily determine what files are being sent, what time they are sent, and who the sender and receiver are.

Modernization and Scalability

Once you go to the effort of choosing a file transfer solution that will protect your company, convince management of its necessity, and implement the software, the last thing you want to have to do is  change it two years down the road because your company is bigger, has more compliance requirements, or new trading partners.

A managed file transfer platform from an established, reliable software provider will make sure you stay updated with the features necessary to combat current security threats. Furthermore, if your volume of file transfers increases, you won’t need to invest in a new tool to handle the workload.

Bonus: Increased Productivity

If your managed file transfer solution can prevent a data breach, that alone makes it worth the investment. But what if it could increase productivity and reduce errors at the same time? The automation capabilities of managed file transfer software allow you to make a high-volume of file transfers without the need for tedious manual work. Streamlining this process—and eliminating the risk of human error—add to your organization’s bottom line.

Read more about safeguarding company data and limiting risk, or get started with a free trial of managed file transfer.

No Such Thing as a Free File Transfer, Part I: How MFT Saves Time

How MFT Saves Time - GoAnywhere MFTEvery business engages in some kind of information exchange, whether it’s a small retailer attaching an invoice to an email or a hospital sending hundreds of patient records between departments. Some methods of exchanging files, like a basic FTP server or a file sharing app, seem like an inexpensive way to deal with your transfers. In the long run, however, the shortfalls of these tools will likely cost your company significantly more than the investment in a sophisticated managed file transfer (MFT) solution.

A study by the Aberdeen Group found that every file sent “for free” actually has an 80% chance of costing your organization money. In a new series of articles, we’ll break down the reasons why MFT gives your company a better ROI than any other file transfer solution. The first reason we’ll discuss is the time you’ll save with managed file transfer.

We’ve all heard that time is money, and if you’ve ever been the unlucky person manually transferring files by FTP, it’s no stretch of the imagination to think that automated file transfer software would save a bit of time on each exchange. But you probably haven’t even thought of all the ways a rudimentary file transfer tool can waste costly hours. Here are a few:

  1. Dealing with Exceptions

As with any process, your file transfers aren’t always going to go smoothly. While even a basic tool will work most of the time, you’ll inevitably run into the occasional problem which will require you to divert members of your staff away from more important projects to help get the files moving. Aberdeen’s analysis found that those who don’t use MFT have more than twice as many of these errors and exceptions as MFT users. With a single-function file transfer tool, the operator is solely responsible for checking if the transfer succeeded and trying it again if it failed. A good managed file transfer solution has ways of dealing with issues that arise—for example, the software could automatically reconnect and resume the file transfer after a problem occurs with the network.

Moreover, the MFT solution will provide visibility into the status of automated file transfers and let you know if something goes wrong. This allows you to attack the problem immediately and get back to your more strategic initiatives as soon as possible. A basic tool or script may cause you to waste hours just trying to determine what happened to your files.

  1. Upgrades and Modifications

A common solution for moving files is with custom scripts. This seems like an easy option at first. Your company has talented programmers and it’s not too hard to create a homegrown FTP script that gets the job done. The first few times you need a modification or a new feature, that’s not difficult either. But pretty soon your company is transferring thousands of files every day, your homegrown solution is severely lacking in the error-handling, security, and logging capabilities it needs, and updating your mess of sprawling scripts will cost you dearly in expensive programmer hours. Or maybe the original creator of the scripts has left the company and those hours will be spent just trying to figure out how it all works.

Managed file transfer has the features you require as your business needs grow more complex. You can trust that it will continue to be updated when necessary and upgrades won’t require the same technical expertise as creating a homegrown tool does. 

  1. Compliance Requirements and Auditing

Storing and tracking detailed audit information is crucial for staying compliant with PCI DSS, HIPAA, state privacy laws, and other regulations. A managed file transfer solution will store detailed audit records for all file transfer and administrator activity and provide that data in an easily accessible format to authorized users. If you are legally obligated to collect this information, there’s no better time-saver than implementing file transfer software that stores the data automatically.

Furthermore, compliance requirements can always change or new regulations can be put in place. While you may already have a process for complying with current regulations, MFT provides the flexibility to respond to new security requirements without creating too much additional time-consuming work.

  1. Avoiding Downtime.

Just one minute of unplanned system downtime costs a company an average of $5,600. Talk about expensive hours! Make sure your file transfers keep running even if a server goes down by implementing MFT software that integrates clustering. This means you have a group of linked servers running concurrently, with each installation of your MFT tool sharing the same set of configurations and trading partner accounts. The servers in the cluster are in constant communication with each other, so if one fails, the remaining systems in the cluster will continue to service the trading partners. With the fast pace of modern business, you can’t afford to let your transactions wait while you take the time to get your systems functioning again.

Every minute that your business isn’t paying employees to fight fires, write custom scripts, or compile audit reports is a minute that can be put towards the work that helps the bottom line.

Interested in learning more about the ROI of Managed File Transfer? Read the next installment in our series: No Such Thing as a Free File Transfer, Part 2: Cost-effective Security.


Learn more about the risks of inadequate FTP implementations or get started with a free trial of managed file transfer today. 

3 Steps to Safeguarding Company Data and Limiting Risk

GoAnywhere Safeguard Data and Limit LiabilitySecurity professionals of today are inundated with headlines about the potential consequences of a data breach. Take, for example, Target, which suffered a massive data breach at the end of 2013, exposing the personal information of 70 million shoppers. Worse yet, the breach occurred at the height of the holiday shopping season, rocking consumer confidence.

This case and many others underscore the fact that protecting data is getting more complex as security professionals work to manage vast amounts of data throughout various physical and virtual locations. So how can you best safeguard your data?

Catalog Assets: Know What Data You're Storing

The first step in protecting critical data is understanding the full extent of what you're storing. All data is important, but it's especially critical to identify and catalog sensitive information. For example, this may include:

  • Transaction and account records.
  • Customer lists and contracts.
  • Personally identifiable information (e.g., Social Security numbers, credit card numbers).
  • Proprietary corporate details that are, such as financial documents, marketing plans and trade secrets.
  • Employee records.

This list, of course, is endless and unique for every business type. Taking inventory of the types of information that you are storing and identifying which are the most sensitive will assist in implementing the best safeguards.

Identify Where Data Is Stored

The percentage of workers operating remotely has skyrocketed from 9 percent in 1995 to 37 percent now, according to Gallup. This trend presents additional complexity for security professionals, especially when you add other trends -- such as BYOD -- into the equation. In fact, in a recent survey by Tech Pro Research, 74 percent of companies said that they are already using or planning to adopt BYOD. After identifying the types of digital information stored and which are highly sensitive, you must also inventory where that data resides to effectively keep it safe. For example, locations may include:

  • Portable drives
  • Laptops
  • Network drives
  • Servers
  • The Cloud
  • Mobile devices

After identifying all the locations -- physical and virtual -- security professionals are faced with the important question "OK, now how do we protect this data?"

Protecting Data

Protecting data involves safeguarding the exchange of information between all systems, employees, customers and trading partners. For example, an effective security solution should:

  • Encrypt important information at rest and in transit.
  • Enforce strong password policies.
  • Allow you to limit access.
  • Include accountability, showing who has accessed data, when, and from what location and device.
  • Have multi-factor authentication.
  • Leverage safeguards that ensure you are alerted if important data is leaking or stolen.
  • Ensure that regular data backups are in place to safeguard data in case of an unexpected event.

Security threats won't be slowing down anytime soon, but advanced security solutions allow organizations to more effectively safeguard business data. As a result, organizations are able to mitigate business risk, reduce liability and provide customers with greater confidence.

The State of Data Security Technology: 4 Essential Safeguards

Enterprises today are capturing more data than ever. And while collecting an increasing amount of data yields valuable insights and the ability to connect more effectively with customers, it also creates more concerns -- mostly around security.

Sixty-nine percent of North American and European security decision-makers report they are responsible for protecting customers' personal information. As a result, the pressure is rising -- and so are the budgets. According to a recent Forrester report, 36 percent expect to increase spending in this area. But with increased media coverage highlighting devastating cyber attacks and security breaches, companies are asking, "How can we best ensure that this doesn't happen to our company?"

Data Security and Privacy

Many technologies claim to be the "cure all" to growing security concerns, yet with so much available, how can you be sure that you're selecting the right tools? Forrester recently explored the state of security through examining past research and surveying 53 field experts. The company highlighted important solutions that will play a critical role. Here are four to watch.

GAMFT Cloud Protection Solutions Data SecurityCloud data protection solutions.

Enterprises are seeking solutions that allow them to encrypt their own data and hold the keys, in contrast to older models that rely on a cloud or third-party provider's native encryption solution. This type of solution works by encrypting sensitive data before it leaves the enterprise network, rendering it unreadable or useless to cyber criminals. The cost to implement is moderate, and the solution can be deployed as an on-premise or virtual application or as hardware. It's typically priced per user and often based on the per-user pricing of an SaaS agreement.

GAMFT Email Encryption Data SecurityEmail encryption.

Regardless of the industry, email often contains confidential information that requires safeguarding. This is especially true for industries that are under strict regulatory scrutiny, such as the health care industry. Forrester predicts that email encryption adoption will remain steady over the next decade as compliance concerns rise. This solution works by encrypting emails between recipients so that only the correct email recipient is able to read the content and download attachments. This is typically offered as a feature of a security solution or service, and can have the added advantage or removing file size restrictions. Pricing is moderate and enterprises can typically select from a hosted or on-premise solution.

GAMFT Managed File Transfer Data SecurityManaged File Transfer.

Managed file transfer is an important technology to help organizations protect and audit their data transmissions. It's at the core of many B2B interactions and serves as an effective replacement for unsecure methods such as FTP and email. MFT is proving especially important in financial services, healthcare, public sector and manufacturing, where security concerns are very high. The technology works by allowing for the secure movement of files between business applications internally and externally. It's typically offered as an on-premise solution or hosted service, and pricing can vary greatly. Because it's typically a replacement for a legacy FTP system, migration to a Secure Managed File Transfer solution is the ideal opportunity to review additional enterprise requirements for batch or ad-hoc file transfers.

GAMFT File Sharing Data SecuritySecure file sharing and collaboration.

Workers today are increasingly interacting remotely using consumer-grade cloud sharing tools, also called EFSS (Enterprise File Sync and Sharing). This remote workforce benefits greatly from using a professional platform to synchronize files across multiple devices. As a result, Forrester expects the demand for secure methods of file sharing and collaboration to continue growing. These EFSS tools allow for the safeguarding of information while sharing data and documents with internal and external partners. File sync and file distribution capabilities can also be included. The cost is typically low to implement, with services delivered on-premise or from the cloud and are priced per user.

Moving Forward

Data security is entering the golden age. S&R professionals will continue to feel increased pressure to analyze all available security options, stay nimble, and adjust quickly to ensure data privacy and security moving forward. Selecting options that offer a progressive amount of security and internal control over data, however, will ensure that enterprises are safeguarding critical data while navigating an increasingly complex regulatory environment.

How to Implement RSA SecurID via RADIUS with GoAnywhere Managed File Transfer

Linoma Software recently announced their certification as an RSA® Ready certified partner and the integration of RADIUS and RSA SecurID© within GoAnywhere MFT. Organizations already using RSA Authentication protocols can now easily implement RSA SecurID as a login method to be used by Admin Users, Web Users or as a second login step for Web Users in GoAnywhere MFT.

Here is a quick walkthrough of the RADIUS configuration in GoAnywhere MFT as shown in the RSA Ready implementation guide. Before you attempt to configure your software, always backup your files and be sure to consult the official implementation guide for further details and recommendations. RSA Radius SecurID GoAnywhere MFT Screens By default, Admin User and Web User passwords are authenticated against the passwords stored in the GoAnywhere database. Optionally, you can configure GoAnywhere Login Methods for basic authentication of Admin User and Web User passwords against a RADIUS (RSA SecurID) server located within your organization. Web User accounts can also be authenticated to the HTTPS Web Client using RSA SecurID tokens.

How to set up RADIUS (RSA SecurID) in GoAnywhere MFT

  1. To add a RADIUS Login Method, log in to the GoAnywhere MFT Admin Server as an Admin User with the Security Officer role. Complete the required information.
  2. From the main menu bar, select Users, and then click the Login Methods Link.
  3. In the Login Methods page, click the Add Login Method link in the page toolbar.
  4. Select Basic Authentication from the Select Login Method Type page and then click Continue.
  5. Complete the required information
    • Name - A unique name for the Login Method.
    • Description - The description field is optional text to describe the login method. Limited to 512 characters.
    • Type - The authentication type used by the Login Method. Choose RADIUS
    • Shared Secret - The shared secret provided by the RADIUS server. GoAnywhere automatically encrypts the shared secret with AES-256 bit encryption.
    • Host - The host name or IP address of the RADIUS server.
    • Port - The port number to use for connecting to the RADIUS server. If left blank, the default port number is 1645.
    • Timeout - The maximum amount of time, in seconds, to wait for a response from the RADIUS server. A value of 0 (zero) is interpreted as infinite timeout. The default timeout is 300 seconds
    • Retry Attempts - The number of times to retry the RADIUS connection if it cannot be established. This setting is used for both the initial connection and any reconnect attempts due to lost connections. If left blank, then no retries will be attempted.
  6. Click the Save button to save the settings.

RSA Radius RSA SecurID GoAnywhere Managed File Transfer If you need assistance with configuration of GoAnywhere MFT with RADIUS and RSA SecurID, our support team is ready to help. Visit our support page to get the help you need when you need it via email, phone, live online chat, forums or our customer portal.

Take a Proactive Approach to New PCI Standards

For some organizations, the 36 month lifecycle of new Payment Card Industry Data Security Standards (PCI DSS) can be a grueling schedule to tackle. With the release of PCI DSS 3.2 just around the corner, many organizations are trying to estimate the effort required to remain compliant. Wouldn't it be nice if there was a way to predict what was on the minds of the folks on the PCI Security Standard Council before the new standards were released? Well, there just might be a way.

In June, 2015, the Council published a document called The PCI DSS DESV (Designated Entities Supplemental Validation). Inside that document are "extra requirements" which apply to entities requiring "additional validation". These could be organizations that deal with Payment Card Data in large volume, serve as an aggregation point for cardholder data, or suffered significant or repeated breaches.

As folks in the world of security know, defense in depth is a rule we all live by. Extraordinary soon becomes ordinary. Exceptional soon becomes standard. Supplemental soon becomes required.

pci compliant future versionsThrough the DESV, it's possible to glimpse the future of PCI DSS.  By implementing these controls and processes, your organization gains even more protection than what is currently and commonly required. By doing so, you can prepare - to some extent - for the surprises lurking down the road. At the very least, your processes will be better defined and your controls will be more secure. Implementing best practices early could give you the competitive edge you need to respond quickly when those practices become required.

This idea is based on more than just speculation. In a Council blog, "Preparing for PCI DSS 3.2: What to Expect in 2016", posted on February 17, 2016, chief technology officer Troy Leach eluded to some updates in the standard they were considering, which included the following:

  • Multi-factor authentication for administrators
  • Incorporating some of the DESV criteria for service providers
  • Clarifying masking criteria for primary account numbers when displayed
  • Updating migration dates for SSL/early TLS that were published in December 2015

As a developer of enterprise managed file transfer and encryption solutions, Linoma Software remains vigilant in keeping up with the latest PCI DSS standards so we can help organizations to protect their most sensitive data assets and meet compliance requirements.

SHA-2 and TLS Security for AS2 Transfers

2016 is a pivotal year for organizations to upgrade the security used to protect their AS2 data transfers. In order to be compliant with the latest security standards, you need to be using a modern AS2 solution.

The End of SHA-1

SHA-1 (Secure Hash Algorithm) is a cryptographic hash algorithm created by the NSA and published in 1995. SHA-1 takes a message of any length and produces a 160-bit message digest. The message digest verifies the integrity of the message by comparing the hash that was calculated before and after message transmission. For example, the hash of a transmitted file is compared against the hash of the file before it was sent. If the hash values are the same, the file was not tampered with. If the hash values are different, the file was altered during transmission. In 2005, attacks have demonstrated the security in SHA-1 is weaker than intended, and a more secure SHA-2 standard was created. SHA-2 is actually a family of hash functions with hash values of 224, 256, 384, or 512 bits. Due to the stronger hash algorithms in SHA-2, Federal agencies have been directed to stop using SHA-1 and must use SHA-2. 2016 is the year software vendors are completing their migration to SHA-2. Google Chrome has begun displaying warning messages for SHA-1 certificates with expiration dates past January 1, 2016, and Microsoft instructed Certificate Authorities to stop issuing SHA-1 certificates earlier this year. Major organizations, like UPS, are requiring their AS2 trading partners to use SHA-2.


Transport Layer Security is a protocol that encrypts communications between client applications and servers. TLS is the successor to the Secure Sockets Layer (SSL) protocol version 3.0, and uses more advanced methods for message authentication, better alerting for problem certificates, and more robust cipher suites. After the POODLE vulnerability was discovered in late 2014, companies that are still using SSL instead of TLS are leaving themselves open to man-in-the-middle exploits. Google and Mozilla have already phased out the support of SSL 3.0 in Chrome and Firefox, and trading partners are demanding companies support TLS for AS2 transfers.

SHA-2 and TLS migration

GoAnywhere MFT fully supports SHA-2 and TLS for AS2 transfers. GoAnywhere is certified by the Drummond Group to validate our AS2 solution follows the RFC 4130 standard and is interoperable with other certified products. Using a Drummond Certified solution, and requiring your trading partners do as well, alleviates the challenges of AS2 and ensures your transfers fully meet the latest security standards. For more information on AS2 support in GoAnywhere MFT, visit the pages on our AS2 Client and AS2 Server.

What is AS2?

Applicability Statement 2 (AS2) is a popular file transfer protocol that allows businesses to exchange data with their trading partners.

AS2 combines the use of several secure and widely used technologies including HTTPS, SSL Certificates, S/MIME, and file hashing. By utilizing the strengths of each of them, AS2 has become the preferred protocol in many organizations for exchanging sensitive EDI files.

AS2 messages can be compressed, signed, encrypted and sent over an SSL tunnel making the file transfers very secure. And receipts can be sent back to the sender ensuring the messages were delivered successfully. The receipts can be digitally signed and will contain a checksum value that the sender will use to verify the message received is identical to what was sent.

Key Features of AS2

  • Message Encryption - By using the recipient's public certificate, the AS2 message contents can be encrypted to keep the data secure. Only the recipient will be able to decrypt the contents using their private certificate.
  • Digital Signatures - The message can be signed using the sender's private certificate which allows the recipient to verify the authenticity of the sender. The receipt that is sent back to the sender can also be signed to ensure the identity of the recipient's system. These digital signatures are used for message integrity and non-repudiation of origin. They are typically used in addition to authentication using a user name, password, and/or certificate.
  • Compression - In order to improve transmission time, compression can be added to decrease the size of the message.
  • Receipt - The Message Disposition Notification (MDN, which is commonly referred to as a receipt) plays an important role in AS2 as it acknowledges that the recipient received the message. It can also be used to verify the identity of the recipient when the receipt is signed. Receipts that are sent back immediately over the same connection are referred to as a synchronous MDN. Receipts can also be sent back at a later time in asynchronous mode. This allows the recipient to process and verify the data before sending back a status to indicate if the transaction was successful.
  • Message Integrity Check - The recipient will calculate a checksum of the message using MD5, SHA1, or a SHA2 hashing algorithm. This value is referred to as the MIC and is shared with the sender by placing it in the receipt. The sender will calculate a checksum as well using the same algorithm. These two values are then compared to guarantee that the message sent is identical to the message that was received.
  • Non-repudiation of Receipt -The use of signatures on the message and receipt creates a Non-Repudiation of Receipt (NRR) event, which is considered legal proof of delivery.

Challenges with AS2

Both organizations will need an AS2 solution in order to exchange data. Due to the complex nature of the AS2 protocol with encryption, signatures, and receipts; it is possible that there can be compatibility issues between two separate products. Fortunately, Drummond Group has a rigorous program that validates an AS2 product follows the RFC 4130 standard and is interoperable with other certified products. Using a Drummond Certified solution, and requiring your trading partners do as well, alleviates the challenges of AS2 and allows you to focus on the business aspects of data transfers.

GoAnywhere MFT is Drummond Certified™ for AS2 and supports SHA2 algorithms for stronger security, chunked transfer encoding to handle large files, multiple attachments per message, and filename preservation.

RSA Conference 2015 Recap

RSA Conference 2015 Moscone Center South HallAfter an influx of high-profile data breaches, it was no surprise that the RSA Conference saw a record crowd this year of 33,000 attendees. The Moscone Center in San Francisco is a great venue and packed with attendees, over 500 vendors, 290 sessions and 700 speakers, there was no disputing the fact that if you were interested in anything related to information security, this was the place to be.

Walking amidst the sea of vendors in the North and South Halls it was easy to be simply overwhelmed by the sheer volume of displays, gimmicks and swag tactics. As this was my first RSA Conference, I was very excited to see and experience the myriad of phenomenon that comes standard with any conference of this size. Some of the booth displays are seriously impressive, huge LED screens, Oculus Rift interactive displays, flashy lights and celebrity look-alikes were everywhere. The great thing about it is that every single person or vendor at the conference was working toward the same goal in some form or fashion...securing information. If you were on a mission to find a product or person to help you achieve a higher level of security for your company's specific needs, chances are you would find it here once you took the time to look. With so much going on, after a while everything starts to look the same, so you really have to pay attention or engage in conversations to figure out what most of the vendors at RSA Conference are representing.

RSA Conference 2015

Sharing Files, Sharing Conversations

The GoAnywhere Booth at RSA 2015In the slightly quieter South Hall, our booth saw significant and steady traffic throughout the conference. It was great talking to people and getting firsthand feedback on the challenges they face and the concerns they had about security for their organizations. One thing I found to be a recurring theme in these conversations was the desire for file sharing solutions that were not cloud-based. I thought that was interesting as it seemed there were 10 cloud vendors for every non-cloud vendor with a display at RSA 2015.

With the sheer volume of cloud products represented, it was nice seeing the looks on people's faces when they learned that GoAnywhere is an on-premise Managed File Transfer (MFT) product. I wish I had a dollar for every time someone said, "Not in the cloud? Oh good, better security." I think as more people come to realize that they are responsible for the security of their data no matter where it is stored, being able to encrypt, control and monitor that data in your own local environment becomes paramount for many.

RSA Conference 2015I like analogies and when it comes to cloud vs on-premise, I personally tend to think of it in terms of storage. I can store my belongings in my home or I can pay for a space at a public storage facility. If my belongings were in a public storage facility, all it takes is someone with a lock cutter to gain access and chances are with all the traffic going in and out, it wouldn't be noticed until it's too late. Personally, I prefer storing things in my basement or attic simply because I am diligent (perhaps overly so) about my home security. Sure, there are risks in any situation, but I prefer having my belongings and risk in an environment I can completely control. If I want to add Fort Knox level security measures to make it difficult for an intruder to get in, there's nothing stopping me from doing that, it's my home after all. RSA Conference 2015Given the many conversations had and overheard at this year's RSA Conference, I'm not alone in my thinking. It's astonishing how many people seemed more comfortable with the idea of their digital data staying on premise, not in the cloud. When they learn that GoAnywhere can give them the ability to send, collaborate, secure and automate data transfers on premise, it's like watching kids at a candy store. Those conversations are what makes attending these conferences so worthwhile, there is so much you can learn.

My RSA 2015 #SecSelfieOverall, the conference was a great experience, especially for a first timer. I chatted with several people who had wonderful things to say about the sessions, networking and things that they learned and the various speakers who presented. While it might be information overload to some extent with such a big crowd and so many sessions, speakers and vendors, I thought it was a friendly,energetic and informative atmosphere. I met a ton of great people, got to chat with some customers and really learned a lot about how people can/do use our software and which features truly make their work easier. One thing is for sure, we are definitely looking forward to returning next year to the RSA Conference.

Truly Secure On-Premise Document Management for HR

Document Management for HRHR departments receive, generate, and accumulate substantial volumes of documents such as job postings, employment applications, resumes, reference checks, testing data, personnel files wage and hour records, payroll records, and disciplinary files.

GoDrive by GoAnywhere is a secure file storage and collaboration solution that's ideally suited to the unique document management requirements of today's Human Resources departments.  GoDrive is an on-premise Enterprise File Sync and Sharing (EFSS) alternative to vulnerable cloud-based document storage services.

Even though files are stored using on-site or hosted systems, all data is encrypted in transit and at rest for true file integrity. When single documents or entire folders are shared with individuals or groups, only those authorized users can view the documents.

In compliance with Sarbanes-Oxley requirement DS5.11, GoDrive creates a trusted path to exchange sensitive transaction data.  Detailed audit logs track all activity, including who accessed which documents and from what location. Email notifications can be generated when an individual downloads or uploads a file, providing a receipt confirming each interaction.

DS5.11 Exchange of Sensitive Data: Exchange sensitive transaction data only over a trusted path or medium with controls to provide authenticity of content, proof of submission, proof of receipt, and non-repudiation of origin.

GoDrive supports a distributed workplace, making it efficient to disseminate informational and regulatory documents to in-office and remote employees.  Shared groups might include individual departments or a management team that spans the entire organization. Vendors and contractors can be authorized to access designated documents, and it's an efficient way to accommodate requests by regulatory bodies.  You can also streamline the distribution of documents to job candidates and new hires.

File shares can be expired quickly and easily at any time due to termination, changes in vendor relations or at the completion of a disclosure commitment.  Permission settings on each file share let you define view-only, download, upload and delete rights.  Best of all, version control enables any document in GoDrive to be restored to a previous version and deleted files can be easily recovered without assistance from an IT Specialist.

GoDrive is robust yet cost-effective, flexible in scale to accommodate unlimited storage and is one of the only multi-platform on-premise EFSS solutions.  Talk to your IT administrator about the surprisingly inexpensive security advantages of GoDrive. Download a FREE full feature trial for evaluation on your own on-site or hosted systems.