» 

Blog

Posts Categorized Under "DATA SECURITY"

Still using SHA-1 to secure file transfers? It’s time to say goodbye.

Sha-1 Shattered

Securing information is rising in importance for organizations worldwide. Using outdated technology is extremely risky, yet many organizations continue to do so because of legacy systems that don’t allow them to upgrade, lack of resources and time to upgrade, or they are simply unaware. The commonly used SHA-1 algorithm is a perfect example of an obsolete encryption standard that should have been completely phased out long ago. So why are people talking about it today?

With over a decade of warnings about the security vulnerabilities of SHA-1, and deprecation by The National Institute of Standards and Technology (NIST) in 2011, many organizations have since phased out use of this older hash algorithm. For those remaining organizations who haven’t migrated away from SHA-1, Google’s recent public announcement of the first SHA-1 collision should motivate them to abandon this algorithm completely.

Hash algorithms are widely used for a variety of functions including authentication and digital signatures. With file transfers, the algorithm was typically utilized to verify the integrity of sent messages. Using SHA-1, files are compressed into a 160-bit message digest or hash file which is calculated both before and after transmission. On receipt, the two hash values (or signatures) for that transmission are checked to ensure the data has remained intact, as long as both values still match. If the hash values don’t match, the file was likely compromised at some point along the way.

Having two different messages that produce the same hash value should be almost impossible. However, advancements in technology and computational power since the introduction of SHA-1 have exposed its vulnerabilities. With last week’s announcement, Google has proven that systems using SHA-1 can be fooled into thinking a signature is valid when it’s not by producing the same cryptographic hash with two different files. By publicizing their work, this legacy algorithm has been rendered obsolete and insecure.

How does the SHA-1 collision affect file transfers?

If you are still using SHA-1 to verify the integrity of file transfers, you should know that it is no longer considered a safe or secure method. Bottom line, if you still use SHA-1, it should be transitioned to a more secure standard as soon as possible.

If you’re looking to replace SHA-1, an obvious alternative would be SHA-2. The SHA-2 algorithm is a family of hash functions with values of 224, 256, 384 or 512 bits, thus providing stronger security with longer message digests. The more complex algorithms generate more potential hash combinations than were possible with SHA-1 which make the SHA-2 algorithm extremely difficult to break using today’s technology.

GoAnywhere Managed File Transfer and SHA-2

GoAnywhere MFT fully supports the SHA-2 algorithm for secure file transfers over SFTP and FTPS. In addition, GoAnywhere is Drummond Certified for AS2 file transfers and successfully met all requirements for the optional AS2 secure hashing algorithm 2 (SHA-2) tests.

 


Preview of RSA Conference 2017 #RSAC

RSA conference

 

For those that are new to the annual RSA Conference U.S., this is one of the greatest info security conferences all year. The 2017 conference is said to be better than ever: more space, expanded food options, the new “Reserve a Seat” option and three full days of info security discussion led by global security experts.

Linoma Software will be attending this year’s conference, exhibiting in the North Expo. Our team is looking forward to learning which security topics are most prevalent among peers and engaging in meaningful discussions on today’s challenges and innovation. From an educational standpoint, there are several sessions we are most looking forward to:

 

CSA summit at RSACloud Security Alliance Summit 2017

February 13, 2017 | 9:00 AM - 4:00 PM | Marriott Marquis | Yerba Buena 5

Ah, “the cloud.” Over the past decade, businesses worldwide have been making the transition towards cloud computing and storage, and concern for security within the cloud has never been higher. In this special summit taking place during RSA 2017, world-leading security experts and cloud providers will join to discuss the threat landscape, data security innovations and global governance.

The keynote speakers are General Keith Alexander, CEO and President of IronNet Cybersecurity, and Robert Herjavec, CEO and Founder of Herjavec Group, and frequent investor on Shark Tank. Together with top officials from Symantec, Cryptozone, Duo Security and Oracle, these speakers are sure to bring decades of experience, lively discussion and actionable advice.

 

Peer2Peer at RSAMobile Devices: What Could Go Wrong? Discussion from the Frontlines

February 14, 2017 | 2:30 PM - 3:15 PM | Marriott Marquis | Nob Hill B

How many of your employees use their personal phones to access email, calendars or internal web resources? As of 2016, 77% of U.S. adults owned a smartphone, according to the Pew Research Center. In a world of BYOD (bring your own device), this session offers the opportunity to learn how your peers are dealing with security risks associated with mobile devices, apps and wi-fi networks that employees use.

This discussion will take place as part of the “Peer2Peers” breakout sessions, which is one of our favorite aspects of this conference. Facilitated by David Jevans, VP of Mobile Security at Proofpoint, it’s sure to spur meaningful conversations and peer-to-peer discussion.

 

Secure File Transfer for Enhanced Data Security

February 13-16, 2017 | Linoma Software Booth 4407, North Expo | San Francisco Moscone Center

Bring your most pressing file transfer questions to the North Expo, where secure file transfer experts from Linoma Software will be available to answer questions. This is a great opportunity to learn how a managed file transfer solution like GoAnywhere MFT can help to secure and automate transfers using a centralized approach.

We’re looking forward to connecting with you during the RSA 2017 conference! Be sure to stop by booth 4407 (map below).

RSA expo map to Linoma booth

 

Ready to get into the information security mindset? Watch the RSA 2016 opening theme video below for a glimpse into the discussions sure to occur during the 2017 conference.


7 Essential Resources on PCI Security

7 essential resources on PCI compliance

Did you know that 80% of organizations are not compliant with PCI DSS requirements? That means, if you’re reading this, there’s a pretty good chance your company needs to make adjustments in order to ensure a fully compliant payment processing infrastructure.

PCI compliance doesn’t happen overnight, and maintaining compliance year after year can be even more difficult. In fact, only 29% of companies surveyed were in compliance a year after validation. With these statistics in mind, we’ve compiled a collection of the best PCI security and compliance resources.

Don’t see your favorite resource listed? Add to the list by commenting below.

 

pci compliance guide1. PCI Quick Reference Guide [PDF]

This PDF guide provides a comprehensive overview of PCI requirements, necessary security controls and processes, instructions on how to comply with PCI DSS and a list of trusted resources. Published by the PCI Security Standards Council, it’s authoritative and comprehensive.

Why we love it:
For anyone just beginning their research on PCI DSS, this guide is a great place to start. Keep in mind, the PCI Security Standards Council typically releases a new guide when the next version of requirements is confirmed. Check their website for the most up-to-date version.

 

hacking point of sale2. Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions [Book]

This book is a must-have guide for anyone responsible for securing credit and debit card transactions, and offers an inside look at how these systems can be hacked. To beat the enemy, you must know the enemy.

Why we love it:
In the last few years POS hacks have become more prevalent (Wendy’s, Cici’s Pizza and Eddie Bauer, for example). With a reader rating of 4.3 out of 5 stars, this book provides real and actionable solutions on how to achieve better security at the point of sale.

 

 

the hacker playbook3. The Hacker Playbook 2: Practical Guide To Penetration Testing [Book]

This resource goes above and beyond PCI compliance to teach security professionals how to protect against hacking through the game of penetration hacking. Described by readers as a “no-fluff” “ultimate playbook”, this top-rated book made our list of recommended PCI security resources for good reason.

Why we love it:
This step-by-step guide is top-rated, and takes a unique approach to preventative security, helping readers to better understand all the ways their infrastructure could be compromised.

 

 

 

 

pci validation requirements4. Validation Requirements [Infographic]

Are you a visual learner? Then this infographic is a great place to start when looking to understand PCI validation requirements.

Why we love it:
The chart is straight-forward, allowing anyone to quickly understand which validation requirements their organization falls under.

 

 

 

reduce pci scope5. Reduce PCI Scope [SlideShare]

Most PCI compliant businesses are looking to minimize the cost and effort that comes with PCI compliance. Fortunately, there are a few key ways at reducing the scope of PCI, and this helpful SlideShare explains them.

Why we love it:
Reducing PCI scope is a very important aspect of PCI compliance, and can greatly help to reduce the costs dedicated to maintaining compliance. Beginning on slide 23, this SlideShare offers some great ways to reduce PCI overhead.

 

 

 

 

pci compliance made easy6. PCI Compliance Made Easy [Video]

In this 3 minute video, a small business owner explains how PCI compliance affects him, his customers, and his business. He also explains the important risks of non-compliance.

Why we love it:
PCI DSS compliance applies to so many types of businesses, and the importance of these regulations can easily be missed by small business owners focusing on day-to-day operations. This video takes a personable, engaging approach to PCI compliance.

 

 

how to give your pci compliance program a tune up7. Acquirers: How to Give Your PCI Compliance Program a Tune Up [Infographic]

If you’re confident that your organization is already meeting PCI compliance, this infographic is for you. Learn four ways you can give your PCI compliance program a tune-up, to ensure on-going compliance in years to come.

Why we love it:
In a sea of resources on “what is PCI” and the basics to becoming compliant, this infographic speaks to those organizations that have moved past that stage in their compliance.GoAnywhere PCI DSS Guide

 

 

Want more PCI compliance resources? Check out our new guide on how GoAnywhere Managed File Transfer helps to make PCI compliance easy. 

 

 


8 Shocking PCI Compliance Statistics

8 PCI statistics



If you work for any organization that processes credit or debit card information, you’ve heard of the Payment Card Industry Data Security Standard (PCI DSS), the regulatory standard aimed at preventing costly data breaches like the ones you may have heard about at Home Depot or TJX. But how much do you really know about PCI compliance? Here are some interesting PCI compliance statistics you may have missed.

 

1.     PCI compliance has increased by 167% since 2012

This is the best news on the list. According to Verizon’s latest PCI Compliance Report, the number of organizations that are fully compliant at the time of interim assessment is growing rapidly each year.

 

PCI statistics infographic2.     80% of organizations are still not compliant

While the increase in businesses taking PCI compliance seriously is important, the number of compliant organizations was very low to begin with. According to Verizon’s report, four out of five companies still fail at interim assessment.

 

 

3.     Only 26% of news media executives feel confident their businesses are compliant

A Newscycle Solutions survey found that only a small number of executives felt confident they had achieved PCI compliance. Another 13 percent were not certain. While this compliance statistic is a snapshot of a specific industry, it’s common across all types of organizations to feel unsure about meeting PCI standards. IT infrastructure becomes more complex every day, PCI rules change frequently, and many companies lack up-to-date expertise.

 

4.     Only 29% of companies are compliant a year after validation

Many businesses check PCI compliance off the list and then stop worrying about it. Unfortunately, less than a third have maintained compliance a year later. While successfully demonstrating PCI compliance to an auditor is a big relief, it won’t keep your business safe from security threats. The Verizon report recommends building a robust framework with security policies, procedures, and testing mechanisms to ensure compliance every day of the year.  

 

5.     You could pay $100,000 a month for being non-compliant…or much more

One of the least understood aspects of PCI compliance is that the fines for non-compliance are levied on the payment processors or credit card companies (the acquirers) that work with the non-compliant business, not the business itself. Those fines range from $5,000 to $100,000 a month. Of course, the acquirer will recoup the money from you, quite likely with added penalties and increased transaction fees.

 

6.     None of the companies breached during Verizon’s investigations were fully compliant

This statistic is just in case you thought that PCI standards were only important for your auditors. In Verizon’s ten years of having a forensics team investigate PCI compliance, they have never found a company that was fully PCI DSS compliant at the time it was breached. Take note.

 

7.     69% of consumers would be less inclined to do business with a breached organization

According to Verizon, the majority of consumers would be hesitant to do business with an organization that has suffered a data breach. If you’re having trouble justifying the cost of robust security solutions, this is what you need to think about: being complacent about PCI compliance today could lead to years of lost customers and a damaged reputation for your brand.

 

8.     The average total cost of a data breach is $4 Million

According to the Ponemon Institute, which tracks the costs of data breaches every year, the current amount is up 29 percent since 2013. Refer to #6 for why this statistic directly relates to your PCI compliance.

 

 

It’s clear that many organizations are struggling with PCI compliance. It doesn’t have to be difficult. Seek out security software solutions that protect your valuable data using up-to-date methods, generate detailed logs to keep auditors happy, and allow you to easily test for PCI compliance.

Interested in learning more about PCI DSS compliance? Explore our PCI DSS resource section for requirement details, industry whitepapers and recent articles.

 

Ready to try a managed file transfer solution that keeps your enterprise data transfers secure and helps you assess whether you are PCI compliant? Download a free 30-day trial of GoAnywhere MFT.

 


3 Data Breaches That May Have Been Avoided through PCI Compliance

data breaches avoided with PCI compliance

 

“Dear Valued Customer,

As you may have heard, on September 8, 2014, we confirmed that our payment data systems have been breached, which could potentially impact customers using payment cards at our U.S. and Canadian stores.”

 

This is an excerpt from an actual email distributed by a large retailer, in the wake of a massive data breach jeopardizing over 50 million credit cards. Since 2004, Payment Card Industry Data Security Standards (PCI DSS) has stood as a core regulation aimed at thwarting breaches like the above, and any organization that accepts, transmits or stores cardholder data must comply.

Now, here’s the shocking truth: In the latest PCI Compliance Report conducted by Verizon, none of the companies it had investigated in ten years had been fully PCI compliant at the time they were breached.

In many cases, companies achieve total PCI compliance once but don’t sustain it. According to the Verizon report, 80 percent of companies fail at interim assessment. Technology moves quickly, and compliance solutions and policies implemented in past years may not be enough to stand up to modern security threats.

Other organizations believe that they don’t have to worry about protecting data. They believe their business is too small to be the target of hackers, or too large and successful to be using outdated, inadequate security practices. Sometimes they believe that data breaches only affect big retailers, not other industries.

But PCI compliance needs to be taken seriously by everyone or the consequences can be devastating. Here are three organizations that experienced the detriment of non-compliance.

hom depot data breach logo#1: Data Breach at Home Depot Compromises 56 Million Credit Cards

In what went down in history as one of the worst retail data breaches of all time, malware infected Home Depot point-of-sale systems and stole millions of customer credit and debit cards. The Home Depot attack seems to be a case of relying on inadequate software solutions and policies for data breach prevention. Employees later said that the company used outdated antivirus software and failed to monitor the network for unusual behavior.

PCI standards require routine vulnerability scans, but according to employees, more than a dozen systems handling customer information were not assessed and were off limits to much of the security staff. In Home Depot’s case, investing in a security software with the ability to audit security infrastructure for PCI compliance, may have been the difference between a $19.5 million data breach settlement, and business as usual.

OPM data breach logo#2: Office of Personnel Management Data Breach Affects Millions

After hackers attacked the Office of Personnel Management (OPM)’s servers and stole the personnel files of 4.2 million former and current government employees, as well as the security clearance background investigation information of millions more, a congressional investigation uncovered the organization’s security shortcomings.

Among many other findings, the report took especial issue with the department’s lack of two-factor authentication for employee access to sensitive data, claiming it was an oversight that could have prevented the security breach. This points to a key problem that PCI compliance is meant to address. It’s not enough to encrypt and protect your files during transfer, you need to monitor internal actors as well. A robust security solution will authenticate users, give them only the access they need, and maintain a detailed log of each user’s actions.

TJX data breach logo#3: Over 45 Million Credit Card Numbers Stolen in TJX Breach

TJX Companies, owner of popular home brands such as TJ Maxx, Marshalls, and HomeGoods, experienced a data breach in which more than 80GB of cardholder data was stolen over a period of 18 months. Before the company was able to detect and halt the breach, 45.6 records had been stolen.

Documents filed in court after the breach claimed that TJX had failed to comply with nine out of the twelve PCI DSS requirements. Factors contributing to the incident included an improperly configured wireless network, a failure to segment networks carrying cardholder data from the rest of TJX's network, and the storage of prohibited data. Two members of the PCI Standards Council later pointed to PCI compliance as the clearest way to protect data against a TJX-style breach.

PCI Compliance Can be Tricky, We Get It.

No company embarks on an initiative to avoid PCI compliance. You are trusted by your customers, partners and vendors to take the proper measures to secure and protect their sensitive payment data. It’s that trust that has kept your company successful for so many years!

We read about data breaches and attacks like these in the news on a regular basis, but we don’t pause often enough to audit our own data security practices. IT infrastructure in today’s enterprises is increasingly complex, especially for large companies with systems spread around the world like Home Depot. Add to that the fact that PCI compliance has multiple, complex requirements, and it can be daunting for IT and security teams to implement a sustainable process that ensures ongoing compliance.

PCI DSS compliance can be greatly simplified by using software solutions with features designed to help you achieve security and compliance. This type of software addresses PCI requirements, provides the information you need to satisfy an audit, and in some cases even helps you check whether you are meeting compliance standards.

PCI Compliance with Secure Managed File Transfer

File transfers are an essential point of vulnerability to consider when developing your security strategy. The most common file transfer pitfall is relying on inadequate methods such as poor FTP implementation practices, file sharing apps, and unencrypted email attachments.

A secure managed file transfer (MFT) platform guards your sensitive data against attacks with robust security and encryption methods, all while streamlining the file transfer process and saving your team time and resources that can be used to tackle other potential security issues.  Furthermore, a good MFT solution will have features like detailed audit logging and compliance assessments to eliminate the headache involved with ensuring your file transfers are compliant.

To make protecting data transfers as easy as possible, make sure your managed file transfer platform provides:

  • Secure connections for the transmission of sensitive data
  • Integration with existing critical applications
  • Role-based security and user authentication
  • Strong encryption methods
  • Detailed logs for audit reporting

Securely managing your data transfers is just one aspect of achieving PCI compliance, but it is an essential step toward fully protecting your enterprise against security threats.

 

Interested in learning more about PCI DSS compliance? Explore our PCI DSS resource section for requirement details, industry whitepapers and recent articles.

 

Assess the PCI compliance of your file transfers for free when you try GoAnywhere MFT for 30 days. Sign up for a trial here.


No Such Thing as a Free File Transfer, Part 2: Cost-effective Security

With new corporate data breaches in the news seemingly every day, it’s no surprise that security is a top concern for IT professionals. However, file transfers are an area where many companies are still vulnerable. Most file transfers still use FTP, a protocol that comes with inherent risks. It’s especially worrisome that, as TechRepublic points out, FTP is actually becoming more popular again. Other common file transfer solutions, like file sharing apps, come with their own security concerns.

GoAnywhere MFT ROIThis is the second in a series of articles about the ROI of managed file transfer (MFT), the first of which covered time savings. There’s no doubt that data breaches are costly. The 2016 Ponemon Cost of Data Breach Study puts the current cost at $4 million—$158 per record breached. So it’s a no-brainer that a solution to secure your file transfers would bring you a great return on investment.

And yet, when you try to get internal approval for products to help with security, proving the ROI can be difficult. A good security tool is by nature preventative. If you haven’t suffered a breach (or you have and don’t know about it yet), you probably don’t have a way to precisely calculate cost-savings.

Still, your data certainly has value, and you know you have to keep it secure. So how do you know you are protecting your file transfers with the solution that gives you the most bang for your buck? By making sure the software you choose addresses all of the top file transfer security concerns within one solution—no additional purchases or custom scripting required.

A Variety of Secure Protocols

FTP has been proven vulnerable to hacking. For example, 7,000 FTP sites, including an FTP server run by The New York Times, had their credentials circulated in underground forums in 2014. In some cases, hackers used the credentials to upload malicious files.

It’s essential for modern enterprises to turn to more modern and secure file transfer methods, such as:

  • AS2: AS2 generates an "envelope" for the data, allowing it to be sent using digital certifications and encryption.
  • SFTP and FTPS: These secure FTP protocols bring down the risk during data exchange by using a secure channel between computer systems
  • HTTPS: The secure version of HTTP, HTTPS encrypts communications between browser and website.

Which of these methods your company implements may depend on several factors, like your industry compliance requirements or what your trading partners use. Your requirements may also change over time. That’s why the best investment is a versatile managed file transfer solution that can handle any of these protocols and more.   

GoAnywhere MFT ROIProtection against People

When you imagine the security threat to your company, you might conjure up images of hackers working tirelessly to access your systems and use your data for nefarious purposes. The truth is, one of your biggest threats is probably in the office down the hall.

A 2015 study found that internal actors were responsible for 43% of data loss. Half of this is intentional—disgruntled or opportunistic employees, contractors, or suppliers performing deliberate acts of data theft. But half of it is accidental. People like to cut corners, and probably most employees in your company aren’t as concerned about security as you are.

Any file transfer solution with a good ROI has to address the threat coming from within the business.  You want to have role-based security options that limit each user to the servers and the functions of managed file transfer that they absolutely need to use. Detailed audit logs mean you always know who is doing what with the solution.

Ensure Compliance

In many industries, inadequate security practices don’t just put your own corporate data at risk, they can endanger highly sensitive information like credit card numbers and health records. For this reason, a number of regulations exist to protect personal data. A few of the most common are PCI DSS, Sarbanes-Oxley, and HIPAA, but your industry may have others.

A 2011 study found that while the cost of compliance averaged more than $3.5 million, the estimated cost of failing to comply was $9.4 million, showing that a solution that can help you comply with regulations has a clear ROI. In the case of file transfers, your MFT platform should have a number of encryption methods available to protect sensitive data including SSL, SSH, AES, and Open PGP encryption. Audit trails should also be in place to track file transfer activity so you can easily determine what files are being sent, what time they are sent, and who the sender and receiver are.

Modernization and Scalability

Once you go to the effort of choosing a file transfer solution that will protect your company, convince management of its necessity, and implement the software, the last thing you want to have to do is  change it two years down the road because your company is bigger, has more compliance requirements, or new trading partners.

A managed file transfer platform from an established, reliable software provider will make sure you stay updated with the features necessary to combat current security threats. Furthermore, if your volume of file transfers increases, you won’t need to invest in a new tool to handle the workload.

Bonus: Increased Productivity

If your managed file transfer solution can prevent a data breach, that alone makes it worth the investment. But what if it could increase productivity and reduce errors at the same time? The automation capabilities of managed file transfer software allow you to make a high-volume of file transfers without the need for tedious manual work. Streamlining this process—and eliminating the risk of human error—add to your organization’s bottom line.

Read more about safeguarding company data and limiting risk, or get started with a free trial of managed file transfer.


No Such Thing as a Free File Transfer, Part I: How MFT Saves Time

How MFT Saves Time - GoAnywhere MFTEvery business engages in some kind of information exchange, whether it’s a small retailer attaching an invoice to an email or a hospital sending hundreds of patient records between departments. Some methods of exchanging files, like a basic FTP server or a file sharing app, seem like an inexpensive way to deal with your transfers. In the long run, however, the shortfalls of these tools will likely cost your company significantly more than the investment in a sophisticated managed file transfer (MFT) solution.

A study by the Aberdeen Group found that every file sent “for free” actually has an 80% chance of costing your organization money. In a new series of articles, we’ll break down the reasons why MFT gives your company a better ROI than any other file transfer solution. The first reason we’ll discuss is the time you’ll save with managed file transfer.

We’ve all heard that time is money, and if you’ve ever been the unlucky person manually transferring files by FTP, it’s no stretch of the imagination to think that automated file transfer software would save a bit of time on each exchange. But you probably haven’t even thought of all the ways a rudimentary file transfer tool can waste costly hours. Here are a few:

  1. Dealing with Exceptions

As with any process, your file transfers aren’t always going to go smoothly. While even a basic tool will work most of the time, you’ll inevitably run into the occasional problem which will require you to divert members of your staff away from more important projects to help get the files moving. Aberdeen’s analysis found that those who don’t use MFT have more than twice as many of these errors and exceptions as MFT users. With a single-function file transfer tool, the operator is solely responsible for checking if the transfer succeeded and trying it again if it failed. A good managed file transfer solution has ways of dealing with issues that arise—for example, the software could automatically reconnect and resume the file transfer after a problem occurs with the network.

Moreover, the MFT solution will provide visibility into the status of automated file transfers and let you know if something goes wrong. This allows you to attack the problem immediately and get back to your more strategic initiatives as soon as possible. A basic tool or script may cause you to waste hours just trying to determine what happened to your files.

  1. Upgrades and Modifications

A common solution for moving files is with custom scripts. This seems like an easy option at first. Your company has talented programmers and it’s not too hard to create a homegrown FTP script that gets the job done. The first few times you need a modification or a new feature, that’s not difficult either. But pretty soon your company is transferring thousands of files every day, your homegrown solution is severely lacking in the error-handling, security, and logging capabilities it needs, and updating your mess of sprawling scripts will cost you dearly in expensive programmer hours. Or maybe the original creator of the scripts has left the company and those hours will be spent just trying to figure out how it all works.

Managed file transfer has the features you require as your business needs grow more complex. You can trust that it will continue to be updated when necessary and upgrades won’t require the same technical expertise as creating a homegrown tool does. 

  1. Compliance Requirements and Auditing

Storing and tracking detailed audit information is crucial for staying compliant with PCI DSS, HIPAA, state privacy laws, and other regulations. A managed file transfer solution will store detailed audit records for all file transfer and administrator activity and provide that data in an easily accessible format to authorized users. If you are legally obligated to collect this information, there’s no better time-saver than implementing file transfer software that stores the data automatically.

Furthermore, compliance requirements can always change or new regulations can be put in place. While you may already have a process for complying with current regulations, MFT provides the flexibility to respond to new security requirements without creating too much additional time-consuming work.

  1. Avoiding Downtime.

Just one minute of unplanned system downtime costs a company an average of $5,600. Talk about expensive hours! Make sure your file transfers keep running even if a server goes down by implementing MFT software that integrates clustering. This means you have a group of linked servers running concurrently, with each installation of your MFT tool sharing the same set of configurations and trading partner accounts. The servers in the cluster are in constant communication with each other, so if one fails, the remaining systems in the cluster will continue to service the trading partners. With the fast pace of modern business, you can’t afford to let your transactions wait while you take the time to get your systems functioning again.

Every minute that your business isn’t paying employees to fight fires, write custom scripts, or compile audit reports is a minute that can be put towards the work that helps the bottom line.

Interested in learning more about the ROI of Managed File Transfer? Read the next installment in our series: No Such Thing as a Free File Transfer, Part 2: Cost-effective Security.

 

Learn more about the risks of inadequate FTP implementations or get started with a free trial of managed file transfer today. 


3 Steps to Safeguarding Company Data and Limiting Risk

GoAnywhere Safeguard Data and Limit LiabilitySecurity professionals of today are inundated with headlines about the potential consequences of a data breach. Take, for example, Target, which suffered a massive data breach at the end of 2013, exposing the personal information of 70 million shoppers. Worse yet, the breach occurred at the height of the holiday shopping season, rocking consumer confidence.

This case and many others underscore the fact that protecting data is getting more complex as security professionals work to manage vast amounts of data throughout various physical and virtual locations. So how can you best safeguard your data?

Catalog Assets: Know What Data You're Storing

The first step in protecting critical data is understanding the full extent of what you're storing. All data is important, but it's especially critical to identify and catalog sensitive information. For example, this may include:

  • Transaction and account records.
  • Customer lists and contracts.
  • Personally identifiable information (e.g., Social Security numbers, credit card numbers).
  • Proprietary corporate details that are, such as financial documents, marketing plans and trade secrets.
  • Employee records.

This list, of course, is endless and unique for every business type. Taking inventory of the types of information that you are storing and identifying which are the most sensitive will assist in implementing the best safeguards.

Identify Where Data Is Stored

The percentage of workers operating remotely has skyrocketed from 9 percent in 1995 to 37 percent now, according to Gallup. This trend presents additional complexity for security professionals, especially when you add other trends -- such as BYOD -- into the equation. In fact, in a recent survey by Tech Pro Research, 74 percent of companies said that they are already using or planning to adopt BYOD. After identifying the types of digital information stored and which are highly sensitive, you must also inventory where that data resides to effectively keep it safe. For example, locations may include:

  • Portable drives
  • Laptops
  • Network drives
  • Servers
  • The Cloud
  • Mobile devices

After identifying all the locations -- physical and virtual -- security professionals are faced with the important question "OK, now how do we protect this data?"

Protecting Data

Protecting data involves safeguarding the exchange of information between all systems, employees, customers and trading partners. For example, an effective security solution should:

  • Encrypt important information at rest and in transit.
  • Enforce strong password policies.
  • Allow you to limit access.
  • Include accountability, showing who has accessed data, when, and from what location and device.
  • Have multi-factor authentication.
  • Leverage safeguards that ensure you are alerted if important data is leaking or stolen.
  • Ensure that regular data backups are in place to safeguard data in case of an unexpected event.

Security threats won't be slowing down anytime soon, but advanced security solutions allow organizations to more effectively safeguard business data. As a result, organizations are able to mitigate business risk, reduce liability and provide customers with greater confidence.


The State of Data Security Technology: 4 Essential Safeguards

Enterprises today are capturing more data than ever. And while collecting an increasing amount of data yields valuable insights and the ability to connect more effectively with customers, it also creates more concerns -- mostly around security.

Sixty-nine percent of North American and European security decision-makers report they are responsible for protecting customers' personal information. As a result, the pressure is rising -- and so are the budgets. According to a recent Forrester report, 36 percent expect to increase spending in this area. But with increased media coverage highlighting devastating cyber attacks and security breaches, companies are asking, "How can we best ensure that this doesn't happen to our company?"

Data Security and Privacy

Many technologies claim to be the "cure all" to growing security concerns, yet with so much available, how can you be sure that you're selecting the right tools? Forrester recently explored the state of security through examining past research and surveying 53 field experts. The company highlighted important solutions that will play a critical role. Here are four to watch.

GAMFT Cloud Protection Solutions Data SecurityCloud data protection solutions.

Enterprises are seeking solutions that allow them to encrypt their own data and hold the keys, in contrast to older models that rely on a cloud or third-party provider's native encryption solution. This type of solution works by encrypting sensitive data before it leaves the enterprise network, rendering it unreadable or useless to cyber criminals. The cost to implement is moderate, and the solution can be deployed as an on-premise or virtual application or as hardware. It's typically priced per user and often based on the per-user pricing of an SaaS agreement.

GAMFT Email Encryption Data SecurityEmail encryption.

Regardless of the industry, email often contains confidential information that requires safeguarding. This is especially true for industries that are under strict regulatory scrutiny, such as the health care industry. Forrester predicts that email encryption adoption will remain steady over the next decade as compliance concerns rise. This solution works by encrypting emails between recipients so that only the correct email recipient is able to read the content and download attachments. This is typically offered as a feature of a security solution or service, and can have the added advantage or removing file size restrictions. Pricing is moderate and enterprises can typically select from a hosted or on-premise solution.

GAMFT Managed File Transfer Data SecurityManaged File Transfer.

Managed file transfer is an important technology to help organizations protect and audit their data transmissions. It's at the core of many B2B interactions and serves as an effective replacement for unsecure methods such as FTP and email. MFT is proving especially important in financial services, healthcare, public sector and manufacturing, where security concerns are very high. The technology works by allowing for the secure movement of files between business applications internally and externally. It's typically offered as an on-premise solution or hosted service, and pricing can vary greatly. Because it's typically a replacement for a legacy FTP system, migration to a Secure Managed File Transfer solution is the ideal opportunity to review additional enterprise requirements for batch or ad-hoc file transfers.

GAMFT File Sharing Data SecuritySecure file sharing and collaboration.

Workers today are increasingly interacting remotely using consumer-grade cloud sharing tools, also called EFSS (Enterprise File Sync and Sharing). This remote workforce benefits greatly from using a professional platform to synchronize files across multiple devices. As a result, Forrester expects the demand for secure methods of file sharing and collaboration to continue growing. These EFSS tools allow for the safeguarding of information while sharing data and documents with internal and external partners. File sync and file distribution capabilities can also be included. The cost is typically low to implement, with services delivered on-premise or from the cloud and are priced per user.

Moving Forward

Data security is entering the golden age. S&R professionals will continue to feel increased pressure to analyze all available security options, stay nimble, and adjust quickly to ensure data privacy and security moving forward. Selecting options that offer a progressive amount of security and internal control over data, however, will ensure that enterprises are safeguarding critical data while navigating an increasingly complex regulatory environment.