5 Signs Your Organization is Ready for MFT

Managed File Transfer Levels the Playing Field for SMB

Low-cost file transfer tools allow mid-market businesses to make simple data exchanges both internally and externally.  As your company grows, however, trading partners demand enterprise-level systems to improve reliability and data security. 

cityscape - mft readyManaged File Transfer (MFT) emerged to reduce the cost and programming skills required for you to meet customer requirements and stay competitive in the marketplace. According to an Info-Tech Research Group report on selecting and implementing an MFT solution, there are five signs that indicate your organization could benefit from this technology.

  1. A need for transparency and traceability in file exchange activities
  2. New business relationships mandate adherence to compliance laws and privacy regulations
  3. Traditional methods of sending data, such as FTP, aren't secure
  4. Processes need to be more agile and adapt to changing network conditions
  5. The inability to comply with government reporting requirements

MFT provides comprehensive audit trails and monitoring to document all file transfer activity. Reports generated from this data show every interaction with the files on your server in great detail and allow you to better serve customers by responding quickly when problems do arise.

When security and reporting tools are needed to meet strict regulatory compliance standards of even highly-regulated industries, MFT delivers.  These include the data protection and integrity requirements found in PCI DSS, GLBA, SOX, Dodd-Frank and state privacy laws.

In light of recent high profile data breaches, many organizations have chosen to reduce their risk by seeking alternatives to unsecure FTP.  MFT gives you the flexibility to connect with trading partners using secure protocols and popular encryption methods like SFTP, FTPS, HTTPS, AS2, Open PGP and ZIP with AES.

In addition, automation and simplified workflows offered in many MFT solutions streamline the process of adding and onboarding trading partners. Companies can reduce or eliminate time spent on manual file exchanges and interrupted file transfers, thus reducing administrative costs and assuring the timely delivery of mission-critical data.

To explore MFT further, download this useful checklist to help in your evaluation of vendors and find the best solution for your organization.

Federal Government Prioritizes Data Security

During the last State of the Union address, President Barack Obama included improving data security on his list of national priorities.

President Obama said, "America must also face the rapidly growing threat from cyberattacks½ We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."

Including data security 0n the President's agenda is significant because it first implies that our government is not yet accomplishing this goal, and second it compels us to put the pieces in place "to protect our national security, our jobs, and our privacy."

Cyberattacks Not Always Sophisticated

Government Data Security Identified as Top PriorityWhile the list of companies who have suffered some form of data breach grows, the sad reality is that many cyberattacks (malicious or otherwise) are not "sophisticated" and could be prevented with off-the-shelf solutions. These first level attacks focus on corporate secrets, personal identity fraud, credit information, and private email.

The second level of attacks are those that attempt to disrupt our national security, financial institutions, and the backbone of our infrastructure. Internet providers, utility and transportation companies use communications to run switching stations, trucks, and trains, all of which would affect our livelihood if disrupted.

The President mentioned signing an Executive Order to work on this initiative (Executive Order 13636--Improving Critical Infrastructure Cybersecurity). The Executive Order calls for standards, processes and procedures to be proposed within 120 days of its signing (February 19, 2013).

Don't Wait to Take Action

When trying to comply with all of the various data security regulations (like  PCI DSS or HIPAA), it is critical to have the right procedures and products in place.

A variety of government agencies have already implemented solutions such as the GoAnywhere managed file transfer solution.  GoAnywhere takes a standards-based approach to data security using proven FIPS 140-2 validated encryption, SSL, TLS and SSH protocols, along with role-based administration and detailed audit trails.  This comprehensive approach allows federal agencies to protect and automate their batch transmissions, perform ad-hoc transfers safely and provide a compliant alternative to email attachments.

Linoma Software will be demonstrating the GoAnywhere solution, which is now listed in the GSA Advantage Directory, at the upcoming FOSE Government Technology and IT Expo held in Washington DC, May 14-16.

In the State of the Union Address, the President encouraged Congress to pass laws to "give our government a greater capacity to secure our networks and deter attacks."

Take a look at GoAnywhere today and learn how you can meet your security requirements and save costs through file transfer automation.  

Do Business with the Government with FIPS 140-2

FIPS 140-2 is a standard with which cryptographic-based (encryption) security systems must comply when protecting sensitive data in U.S. government agencies and departments.  This FIPS 140-2 standard also extends to other entities that may exchange sensitive data with the federal government, including defense contractors, state agencies, county and city government.

Brief history of FIPS 140-2

The National Institute of Standards and Technology (NIST) is an agency of the U.S. Department of Commerce which establishes the standards for cryptographic modules used to protect and secure sensitive information.  NIST issued FIPS 140-1, the first set of standards developed in conjunction with cryptographic industry vendors and users on January 11, 1994. This group specified four security levels and eleven requirement areas of meeting a cryptographic standard.

On May 25, 2001, NIST issued FIPS 140-2, updating its specifications to address the technology changes since 1994 and is currently working on the draft version of FIPS 140-3 issued in Sept. 2009.

Why FIPS 140-2

FIPS 140-2 data securityThe purpose of the FIPS 140-2 standard is to coordinate the standards to be used by U.S. government and other regulated industries in gathering, storing, transferring, sharing, and disseminating sensitive information.  It also provides an FIPS 140-2 accreditation program for private sector vendors that develop cryptographic modules that can be used in other products.  For instance, our GoAnywhere solution uses an encryption module from RSA® which is FIPS 140-2 certified by an independent lab.

Traditional methods of sending files such as email or FTP do not meet the FIPS 140-2 standards. If you intend to exchange files with the federal government, it is critical that your file transmission is encrypted with a FIPS 140-2 compliant encryption module.

When researching managed file transfer (MFT) solutions, it is important to determine if they have a FIPS 140-2 compliant module available, especially if you are exchanging sensitive data with the federal government. Read more about GoAnywhere's FIPS 140-2 support.

By utilizing an automated and secure file transfer solution like GoAnywhere along with FIPS 140-2 compliant encryption, doing business with the federal government and other such regulated industries becomes much easier.