» 

Blog

Exclusive Sneak Peak of COMMON 2017 Sessions

In just a few days, Power Systems professionals from around the world will gather for expert discussions on IBM i, open source and cybersecurity topics at the COMMON 2017 Annual Conference. Known as the largest Power Systems event of its kind, the conference offers over 300 sessions and presented by more than 100 experts in the field.

As the event quickly approaches, we sat down with some of this year’s speakers to uncover their passions, advice to attendees and exclusive peaks into next week’s presentations. Read on to see what each shared.

 

Greg Cannella

Director of MIS at Magid Glove & Safety Mfg

Greg will be presenting at two sessions titled Creating SQL Functions and How to Use the SQL Descriptor. You may view Greg’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?
“I am most passionate about Creating SQL Functions.  This topic has very broad applications and is most likely to appeal to the widest audience.  Once people learn how easy it is to create a function and how much they can do for you, the adoption rate should be very high.  My goal is to provide everything someone needs so they can go back to the office the next day and create a function.”

What are you most looking forward to at COMMON?

“Since I am a first time speaker at Common, I am definitely looking forward to those sessions.  I am also looking forward to meeting up with all of the other people that I have worked with in the industry.”

 

Raymond Johnson COMMON speakerRaymond Johnson

Consultant / Owner at iSolutions Consulting, Inc

Ray will be presenting at three sessions titled No More Excuses, Save the Entire System Using the IBM i Default Job Scheduler, Are You Secure? Are You Monitoring the IBM i Audit Journal? and IBM ACS Overview. You may view Ray’s biography and session schedule here.

What’s one topic you’re hoping to learn about at this year’s conference?

“I plan to learn more about VIOS since I now have two VIOS partitions to manage and the AIX environment is NOT like the IBM i (it is not integrated). Everything has its own version and the PTF and upgrade processes are nowhere near as easy (or maybe familiar??) as the IBM i processes.”

What do you predict will be the hottest topic of discussion at this year’s conference?

“I predict system and network security will be a hot topic of discussion.”

 

Carol Woodbury COMMON speakerCarol Woodbury

VP Global Security Services at HelpSystems

Carol will be presenting three sessions, with titles including IBM i Security from the Ground Up and Best Practices for the IBM i Security Administrator.  You may view Carol’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?
I’m probably most passionate about the Best Practices for the IBM i Administrator.  Attendees sit through a lot of sessions about new and advanced technology, but sometimes, it’s not obvious how to apply it. In this session I provide actionable tasks that administrators can take back to their workplace and start making their systems more secure.  In other words, it’s full of practical advice that’s easily applied in their work environment.

What is one piece of advice you’d offer to first-time attendees?
Don’t be afraid to ask questions. You’re there to learn! If something’s not clear… ask!

 

Liam Allan COMMON speakerLiam Allan

Product Developer at Profound Logic

Liam will be presenting at three sessions titled Git Fun and Games, Open-Source ILE Concepts and Web Requests in Embedded SQL. You may view Liam’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

“I am actually most excited for the workshop I am giving with Alan Seiden and Steph Rabbani. I am not only excited to talk about something I am passionate about, but having the opportunity to do it with two amazing people makes it even more exciting for me.”

What are you most looking forward to at COMMON?

“I am most looking forward to hanging out with people that I have worked with in the last year. My favourite part about COMMON is the social element to it.”

 

Bob Luebbe COMMON speaker IBM iBob Luebbe

Chief Architect at Linoma Software

Bob will be presenting at two sessions titled Simplify Encryption with DB2 Field Procedures and Securing Your File Transfers from the IBM i. You may view Bob’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

“I am most excited to talk about encryption using DB2 field procedures since a lot of organizations are looking at how to encrypt data at rest.  With field procedures, encryption has greatly been simplified.  Oftentimes, companies do not have to make any changes to their applications to implement encryption.  So it is much easier to do encryption at the field level now.”

What do you predict will be the hottest topic of discussion at this year’s conference?

“I think security is going to be a hot topic since so many organizations are facing strict regulations regarding sensitive data.”

 

Randall Munson

President of Creatively Speaking

Randall will be presenting at three sessions titled WRITE RIGHT! Business Writing for Geeks, Magic of SELLING Technology! and Riding the Rapids of CHANGE! You may view Randall’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

"The presentation I am most passionate about is, 'Magic of SELLING Technology!'. Since working in the IBM development lab in Rochester as the interface between the lab and IBM sales and marketing more than 20 years ago, I have been focused on how to sell IBM i technology around the world. I've helped companies make millions of dollars in increased sales. I enjoy sharing with others what I have learned so that they can improve their marketing and sales. But this presentation isn't just for people in sales and marketing roles. It is also valuable for showing technical people how to sell their own company's decision makers on products and services that would be valuable to them."

What do you enjoy most about speaking at COMMON?

"I love teaching valuable information in a way that is fun and memorable. I'm deeply gratified when people tell me things like, 'I've been working on this for 6 years and now I finally understand it!' or, 'Ten years ago I saw you present and I'll never forget what you said!' or 'You've changed my life.' Most people don't have a chance to experience that but speaking at COMMON for 30 years has given me that opportunity and I am grateful."

 

Tom Huntington COMMON speaker IBM iTom Huntington

EVP of Technical Solutions at HelpSystems

Tom will be presenting a session titled High Availability Options for SMB IBM i Users on Tuesday, May 9th at 2:00pm. You may view Tom’s biography and session details here.

What is the largest takeaway that you’re hoping to leave the audience with?
“High availability can be hosted in the cloud and it can be affordable.”

What are you most looking forward to at COMMON?
“It’s great to unite with our customers and friends in the industry; I always learn so much from them. There’s a unique energy behind COMMON because it’s run by experts from all different industries using IBM Power Systems running IBM i.”


Vern Hamberg

Senior IT Developer at Ecolab, Pest Elimination

Vern will be presenting at nine sessions, with titles including Query Management: What is it? Why Should I Care?, Fast Modern Excel Workbook Creation Using RPG and Extend Your Reach to Remote Data with Open Access: RPG Edition. You may view Vern’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?
“Although I feel strongly about them all, probably I’m most passionate about the 2 on ‘Fast Modern Excel (XLSX) Workbook Creation Using RPG’. I hope they convey the idea that we should find ways to say ‘Yes!’ to almost any ‘Can you do this…?’ request. And to accomplish this goal in effective and interesting and well-pleasing ways.”

What’s one topic you’re hoping to learn about at this year’s conference?
“I want to learn more about the open source possibilities on our favorite system.”

 

Rich Diedrich COMMON speaker IBM iRich Diedrich

IBM i Wizard at Rich Diedrich Consulting, LLC

Rich will be presenting at three sessions titled Accessing Java from RPG IV, The RPG Programs Used by Madoff and Encryption on IBMi. You may view Rich’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

“The RPG Programs Used by Madoff (33CN) is the most fun because it is very different from my other more technical presentations. I get to talk about the experience of being an expert witness in a federal trial, how I did the analysis of the programs, and show the actual code used. I particularly appreciate talking through the code with an audience that understands the code and some of the more humorous aspects of how it was done.”

What do you predict will be the hottest IBM i topic of the conference this year?

“I am not sure what it will be, but based on the presentations and presenters available, this conference will be an excellent opportunity for attendees to think and learn about how their IBM i data needs to be made available in current application environments and the serious security considerations that need to accompany that availability.”

 

Dawn May COMMON speaker IBM iDawn May

Senior Technical Staff Member at IBM

Dawn will be presenting at ten sessions, with titles including Predictive Performance Management, Introduction to the IBM i Performance Data Investigator and Hidden Gems of IBM i. You may view Dawn’s biography and session schedule here.

Which of your sessions are you most looking forward to presenting, and why?

“One of my favorite presentations to give is ‘Introduction to the IBM i Performance Data Investigator’. I find there are a lot of people that have never used this function even though it is included with the operating system and everyone has it. I've really enjoyed it when someone tells me they logged onto their own system to try it out during the presentation.

I also look forward to presenting the ‘Manage Work Better with Better Work Management’ session. IBM i work management is a significant differentiator for IBM i and IBM has delivered some important enhancements that make it even better.”

As a seasoned COMMON veteran, what do you enjoy most about the conference?

“Of course it's the people in the IBM i community! Over the years, I've met a lot of people while at COMMON and there are a set of folks that I only see when at the conference. Each year, I meet a few more people and my professional network gets a little bit bigger. The best part is that the people in the IBM i community are the friendliest!”

 

Conrad Feldt COMMON speaker IBM iConrad Feldt

Owner / IT Consultant at Itasca Computer Resources

Conrad will be presenting two sessions titled Windows 7 & 10 Tips, Tricks & Techniques and Improving Your Memory. You may view Conrad’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

“My session Tuesday afternoon Improving Your Memory.  It is non-Technical session and it gives a break from the other sessions.  We all know that we do not remember as well as we would like to.  This is an interactive session and has proven to be a lot of fun.  Come to relax and at the same time come away with some useful tips on Improving Your Memory.”

What are you most looking forward to at COMMON?

“I enjoy meeting up with past acquaintances from 18 years ago to last year, and meeting new people, sharing ideas, thoughts, and knowledge.  Simply put the networking.”

 

Robin Tatum COMMON speaker IBM iRobin Tatam

Director of Security Technologies at HelpSystems

Robin will be presenting five sessions, with titles including IBM i Security: The Good, the Bad and the Downright Ugly, Data Breaches: Is IBM i Really at Risk? and IBM i Security for Programmers. You may view Robin’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

“The session I am most passionate about is definitely the enthusiastic discussion surrounding our annual "State of IBM i Security" study.  This is an award-winning session for a reason. Each year, we pour a wealth of resources into compiling what is the only study of its kind, and it always amazes me the provocative things we uncover.  It's a good education for the uninitiated as well as those that mistakenly think that security on a Power Server is correctly and fully preconfigured at the factory.”

As a seasoned COMMON veteran, what do you enjoy most about the conference?

“I thoroughly enjoy COMMON's encouragement of knowledge expansion. While we all gravitate towards sessions that are 100% pertinent to our daily grind, I also encourage attendees to sign up for one session whose abstract is completely outside of the box; just to get some exposure to something new.  It's also an unparalleled opportunity for our team to share what we work on behind the scenes and the expansive suite business solutions (software and services) we bring to the corporate table. From the human side, let's not forget meeting up with old friends as well as introductions to numerous new ones via a networking opportunity like no other!”

 

Gordon Leary COMMON speaker IBM iGordon Leary

IT Manager at AMPORTS, Inc.

Gordon will be presenting at two sessions, the Reception for First-time Attendees and the First Timers Social. You may view Gordon’s biography and session schedule here.

You’ve been attending COMMON conferences for quite some time. What keeps you coming back?

“I have been attending COMMON conferences since 1987 for several reasons. The first is education. The IT business is in a constant state of change, and COMMON has always kept me up to date on this change. Every time I come to a conference, I learn something that I can take back to my organization to use. It may be a new skill, a new relationship, or a new application that can be used to save my corporation time and resources. I can also use this information to take advantage of the year-round learning that COMMON offers.

The second reason I keep coming to a COMMON conference is relationships. The COMMON community is a helpful group of IT professionals. I do not know how many times I did not know how to pursue a problem, but I knew someone else that I met at the annual conference that does know the answer. A short email or phone call always brings help! The COMMON community wants to help and see every member grow in their profession.”

What is one piece of advice you’d offer to first-time attendees?

“Don’t be shy! The speakers are there to help you become a better IT professional. Ask questions, participate in sessions, talk to people outside of sessions.  Talk to the vendors in the Expo. You may not have a need for their product now, but things change. I keep a drawer full of vendor products. It is great to be able to pull out the answer for that new challenging project. If someone give out an email, it is because they truly want you to ask questions at any time. This is a great community, and COMMON is here to help grow that community.”

 

Steven Wolk COMMON speaker IBM iSteven Wolk

CTO at PC Richard & Son

Steven will be presenting at six sessions, with titles including Let’s Learn Linux, Words to Live By: A Blueprint for Success and Command Jeopardy. You may view Steven’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

“Of the six sessions I’m presenting at this year’s Annual Meeting, I’d have to say I’m most passionate about ‘Words to Live By: A Blueprint for Success’. While I enjoy speaking about a variety of technical topics that are near and dear to my heart, my true passion in teaching is helping people succeed. Personal success is a topic I’ve studied for many years, and I’ve identified what I believe are 12 key principles we can all follow that will lead to greater success in our own lives. We’ll discuss these principles through the context of meaningful motivational quotes, combined with some very personal stories demonstrating how these lessons can be applied. Many of the stories are funny, while others are poignant, but it’s my hope that they will be remembered – and help attendees be more successful - long after the conference has ended.”

What do you predict will be the hottest topic of discussion at this year’s conference?

“I think open source will be the hottest topic of discussion at this year’s Annual Meeting. While the IBM i has always been a very open operating system, the interest I’m seeing in running open source software on the i seems to just be exploding. That’s why I decided to present a brand new session at this year’s conference, ‘Let's Learn Linux’. It’s a great way for attendees to get their feet wet with open source software, without assuming any previous knowledge. And the skills learned will be applicable across a wide variety of platforms, ranging from Linux servers, to desktops, to our favorite server, the IBM i!”


Debbie Saugen COMMON speaker IBM iDebbie Saugen

Director of Business Continuity Services at HelpSystems

Debbie will be presenting four sessions, with titles including Essentials of Backup Recovery for Disaster Recovery on IBM i and Getting the Most Out of BRMS Recoveries. You may view Debbie’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

“Everyone who knows me, understands the passion I have about IBM i disaster recovery. My session on Essentials of Backup/Recovery for Disaster Recovery on IBM i will help you prepare for being recovery ready should  a system failure or disaster occur.  During this session, I will share true stories from my decades of experience helping companies recover their systems after a disaster.”

What are you most looking forward to at COMMON?
“I’m looking forward to seeing all my friends, making new friends and sharing my knowledge about the latest for IBM i Backup/Recovery and Disaster Recovery. Not only do I get to share my knowledge and experiences, but I will also be learning from others!”

 

Ron Byrd COMMON speaker IBM iRon Byrd

Director of Professional Services at Linoma Software

Ron will be presenting alongside Bob Luebbe of Linoma Software at two sessions titled Simplify Encryption with DB2 Field Procedures and Securing Your File Transfers from the IBM i. You may view Ron’s biography and session schedule here.

What are you most looking forward to at COMMON?

“I am looking forward to seeing all our customers that go to COMMON to learn more about the IBM i.”

What is one piece of advice you’d offer to first-time attendees?

"COMMON can be overwhelming for a first-time attendee. Spend time before you arrive to check out online the classes you want to attend. Learning can also happen in the Exposition. There are a lot of talented people working in the Exposition. Stop by and ask the vendors questions that you have about different processes and products. You will find that the vendors are always willing to help people learn."

 

 

From the teams at Linoma Software and HelpSystems, we wish this year’s COMMON speakers the best of luck!

Linoma Software, together with HelpSystems, will be participating in the Expo at booths 413 and 417. Be sure to stop by! For more information on the COMMON 2017 Annual Meeting and Exposition, visit www.common.org/events/annual-meeting/.


Are You Ready for the 2018 PCI DSS Deadlines?

PCI DSS 2018 deadlines

Sometime last year you achieved total compliance with PCI DSS, the information security standard for all organizations that process credit or debit cards. That means your data is safe, the auditors will leave you alone, and you can kick back and relax, right?

Unfortunately, hackers don’t take breaks. Their methods are constantly evolving, making it essential that you are compliant with the latest security standards. Fortunately, PCI DSS is designed to ensure that you know exactly what to do to stay ahead of new threats. Staying PCI DSS compliant also lets you avoid hefty fines.  

The latest version of PCI DSS is version 3.2, which was announced in April 2016. Hopefully you’ve already seen the new rules and are taking steps to improve your security. You should be aware that some major PCI DSS compliance deadlines are approaching in 2018.

Although PCI DSS 3.1 technically expired in October 2016, all new requirements in version 3.2 will be considered best practices until 2018, when they’ll become mandatory. Here are some of the most important changes:

 

Multi-Factor Authentication (Best Practice Now, Mandatory February 2018)

PCI DSS version 3.1 called for two-factor authentication. Don’t worry about the name change to multi-factor authentication—it’s just to clarify that more than two types of authentication are possible. The more important update is that the requirement is expanded to include all individual non-console administrative access as well as all remote access to the cardholder environment (CDE).

That means that for any potential CDE access points, including through tools like your managed file transfer solution, you need to have multi-factor authentication either at the network or the system level.

 

TLS 1.1 or Above (Best Practice Now, Mandatory June 2018)

SSL and its immediate successor, TLS 1.0, are no longer considered strong encryption methods. Originally, the new PCI DSS requirement mandated that every organization migrate to TLS 1.1 and above (ideally TLS 1.2) by June 2016. This deadline was later pushed out to June 2018.

However, if you’re using SSL or early TLS, you should know that you’re not using current security best practices. We recommend that you move your file transfers to a stronger encryption method as soon as possible.

 

PCI DSS 3.2Get the Full Scoop

In order to help you fully understand the changes to PCI DSS 3.2, especially how they relate to managed file transfer, we’ve created a new whitepaper. Download it to learn:

  • Who needs to comply with PCI DSS 3.2
  • What has changed since version 3.1
  • How PCI DSS compliance affects your file transfer processes and solutions

Get the Whitepaper

 


Getting the Most out of GoAnywhere Support

Have questions or need to troubleshoot your GoAnywhere project? Our talented support team is always happy to help. We know you want to get your problem solved and your project up and running without delay, so we’ve put together a few tips to speed things along.

First, log into My.GoAnywhere.com and create a Support Case. Once it’s created, you’ll receive an email response with your case number. For the best results, reply to that email and attach the following:

Project XML

You can export your project XML by following these steps:

  1. Log in as an Admin User with the Project Designer role.
  2. From the main menu, select Workflows and then click the Projects link.
  3. Drill down to the folder containing the Project to export.
  4. Click the Action icon beside the Project to export and from the drop-down menu and click Export.

Debug-Level Job Log

Each time a job is executed, a log is created that captures the activity related to the job. The amount of information captured in the job log is defined by the Log Level set on the Control tab in the Project.

  1. View the Job Log for a job by clicking the Job Log icon next to the job you wish to view.
  2. Open the drop-down menu of job logs and choose the debug log from that list
  3. After the debug log is selected, click the Download Job Log button

If your issue is not related to project workflow, you should also attach:

Server Logs

The Server Log Viewer is available to Admin Users with the Product Administrator or Auditor role and is located on the Logs drop-down menu. Downloading the server log will default to the most recent log, but an older log can be selected from the drop-down if necessary.

Thanks for helping us get your support case solved as soon as possible!

Open a Support Case

 


FBI Issues Warning on FTP Servers

FBI warning for FTPThe FBI recently issued a Private Industry Notification to healthcare providers warning them of the dangers of unsecured FTP servers. According to the alert, the FBI is aware of criminal actors actively targeting FTP servers operating in “anonymous” mode, meaning a user can authenticate to the FTP server with a common username like “anonymous” or with a generic email address or password. The FBI notification cited a 2015 study from the University of Michigan that indicated over one million FTP servers were configured to allow anonymous access.

While the notification was intended for medical and dental facilities, inadequate FTP security is a concern across all industries. According to the FBI, “Any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals.”

The problems with FTP servers go beyond anonymous mode. For one thing, many organizations are running legacy FTP software that hasn’t been kept up-to-date with modern security concerns. Another widespread issue comes from granting excess permissions to trading partners or internal staff. Anyone given administrative access could change a setting on the server without realizing the potential security implications.

Hopefully it’s clear that you should be using encryption to protect your data. What some businesses fail to realize is that encryption methods vary greatly in strength based on factors like  key size and type of encryption ciphers used. Many of the older ciphers and protocols have been broken and are now obsolete. Finally, a major problem with legacy FTP servers is a lack of alerts if anything goes wrong and the lack of detailed logs to help you maintain compliance with industry regulations.

These common pitfalls can be addressed with a robust managed file transfer (MFT) solution. Managed file transfer offers a variety of strong, up-to-date protocols and encryption methods, allowing you to replace standard FTP with something more secure like SFTP or FTPS. Software with role-based security gives you the option to limit any user or user group to just the permissions they absolutely need, and detailed audit logs keep track of exactly which user took what action and when—essential information for your team and for auditors alike.

To learn more about how to secure an FTP server, watch the on-demand webinar, Top 10 Tips for Securing Your FTP or SFTP Server.

 


Take the PCI DSS Quiz, Win a Free Tablet!

With the looming 2018 compliance deadlines and the constant news of data breaches, PCI DSS is on the minds of IT and cybersecurity professionals around the world. For organizations that reached compliance within the last year, you may be surprised to know that only 29% of companies are compliant a year after validation.

As processes, partners, and staff shift within an organization, keeping track of the measures required to maintain compliance can be difficult. The first step in becoming or maintaining PCI DSS compliance is understanding the requirements, and how they apply to your organization.

How well do you understand the PCI DSS requirements? 

Find out by taking this fun, interactive quiz for the chance to win a free Google Pixel C. That’s right, one lucky winner will be selected at random to win a free tablet just for taking the quiz.

 

So what are you waiting for? Test your PCI DSS skills below.

 

 

 

 

 


GoAnywhere Wins Cybersecurity Award

GoAnywhere MFT wins 2017 Cybersecurity Excellence Award for Secure File Transfer


For the second year in a row, GoAnywhere Managed File Transfer from Linoma Software, a division of HelpSystems, has been awarded a 2017 Cybersecurity Excellence Award in the category of Secure File Transfer.

The Cybersecurity Excellence Awards honor individuals, products, and companies that demonstrate excellence, innovation, and leadership in information security. The awards are based on the strength of the company’s nomination and the popular vote by members of the Information Security Community on LinkedIn.

Sending and securing data is a challenge for many organizations. GoAnywhere addresses that challenge by providing a secure solution for transferring files, with a firm dedication to improving features and adding functionality to address ever-evolving security and compliance concerns.

The software is browser-based and features a user-friendly graphical interface for easy deployment and integration. Users can be up and running in minutes and the automation and logging features save time and money for IT admins. Whether you’re initiating transfers, your partner is initiating them or if you need to collaborate with a group of users, GoAnywhere MFT can handle your file transfer requirements.

“Congratulations to Linoma Software for winning the Secure File Transfer category of the 2017 Cybersecurity Excellence Awards for the GoAnywhere MFT solution,” said Holger Schulze, founder of the 350,000 member Information Security Community on LinkedIn which organizes the awards program. “With over 450 entries, the 2017 awards are highly competitive. All winners and finalists reflect the very best in leadership, excellence and innovation in today's cybersecurity industry.”

The Cybersecurity Excellence Awards are produced in cooperation with the Information Security Community on LinkedIn, tapping into the experience of over 300,000+ cybersecurity professionals to recognize the world's best cybersecurity products, individuals and organizations. For more info: cybersecurity-excellence-awards.com.


RSA 2017 Recap: Influential Sessions (videos included)


On Feb 13th, 2017, over 40,000 people descended on San Francisco for one of the largest security conferences in the world: RSA Conference 2017. The Linoma Software team was among those attendees, speaking with IT professionals interested in finding a top-rated managed file transfer solution at our expo booth, and sitting in on world-class educational sessions throughout the week. Below you’ll find an overview of some of our favorite sessions, as well as social highlights from the conference.


The Seven Most Dangerous New Attack Techniques,
and What's Coming Next

This was one of the most interesting sessions we attended of the conference. Three security experts (Ed Skoudis, Michael Assante and Dr. Johannes Ullrich) discussed the types of cyber attacks that are increasing in popularity among the cyber “bad guys”. Among their discussions, two important points stood out to us.

1. Attackers are broadening their targets

Attackers are not just looking for PII now. They are interested in other information that could be used for exploitation. Embarrassing information, extortion malware, power grid attacks and background check data are a few examples. “It’s not all about PII. If your organization does not store personally identifiable information, that doesn’t mean you’re not a target. In fact, you’re a target more than ever,” explained panelist Ed Skoudis in the presentation.

2. IOS attacks are projected to increase

Over the past few years, attackers have pivoted their strategy to focus more on mobile devices, specifically Android and IOS. Both Google and Apple are frequently deploying software updates that patch newly discovered vulnerabilities, but sometimes implementation of these patches can take weeks or even months. The best course of action for users is to ensure they’re updating their mobile operating system often, to take advantage of newly released security measures.

I encourage you to watch the full session below.

Planning for Chaos

There are complex cybersecurity challenges on the horizon, and the best step any organization can take is to learn how to plan for that chaos. Dr. Zulfikar Ramzan, Chief Technology Officer at RSA, walked the audience through the required steps for planning for this unknown future, and mitigating risk along the way.

In his session, he discussed the importance of a tangible and realistic incident response plan.

“An incident response plan isn’t a wishlist,” explained Ramzan. “Only leverage available resources.” He stressed the message that for an incident response plan to be successful, it requires the availability of resources, budget and collaboration between IT, finance, sales, marketing and others.

To watch the full session, play the video below:

What’s Next in Cybersecurity

An important aspect of security software development is addressing current and upcoming policies and compliance requirements. In this session, cybersecurity officials discussed the findings of a year-long effort in Washington and Silicon Valley to identify new cybersecurity policies for the administration. Below are just a few of the discussions taking place in the cyber-policy realm:

  • Cloud implementation and shared services: Implemented services in the cloud, in a secure way
  • More focus on NIST framework: Aimed at helping organizations align security, IT and business needs
  • Better reporting of cyber attacks and cyber breaches: Developing a safe way of reporting incidents that protect anonymity while helping us understand the details and learn from the incidents
  • Accelerating the security workforce: Discussing both short and long term solutions to build our US workforce of security professionals

You can listen to the full session in the video below.

Top Tweets of the Conference

The hashtag used on Twitter during the 2017 RSA conference was #RSAC2017. This hashtag was used to share motivational speaker quotes, shocking statistics, cybersecurity resources and conference happenings. Of these tweets, several rose above the rest, receiving hundreds of retweets and favorites. Here are a few tweets that your fellow security professionals found to be most intriguing.

 

 

 

Did you miss a session you were hoping to catch?

Have no fear, RSA has collected a wide range of presentations from the 2017 RSA Conference. They can be found here.

 

We’re curious to hear from you! What was your favorite session or experience at this year’s RSA conference? Comment below.


Still using SHA-1 to secure file transfers? It’s time to say goodbye.

Sha-1 Shattered

Securing information is rising in importance for organizations worldwide. Using outdated technology is extremely risky, yet many organizations continue to do so because of legacy systems that don’t allow them to upgrade, lack of resources and time to upgrade, or they are simply unaware. The commonly used SHA-1 algorithm is a perfect example of an obsolete encryption standard that should have been completely phased out long ago. So why are people talking about it today?

With over a decade of warnings about the security vulnerabilities of SHA-1, and deprecation by The National Institute of Standards and Technology (NIST) in 2011, many organizations have since phased out use of this older hash algorithm. For those remaining organizations who haven’t migrated away from SHA-1, Google’s recent public announcement of the first SHA-1 collision should motivate them to abandon this algorithm completely.

Hash algorithms are widely used for a variety of functions including authentication and digital signatures. With file transfers, the algorithm was typically utilized to verify the integrity of sent messages. Using SHA-1, files are compressed into a 160-bit message digest or hash file which is calculated both before and after transmission. On receipt, the two hash values (or signatures) for that transmission are checked to ensure the data has remained intact, as long as both values still match. If the hash values don’t match, the file was likely compromised at some point along the way.

Having two different messages that produce the same hash value should be almost impossible. However, advancements in technology and computational power since the introduction of SHA-1 have exposed its vulnerabilities. With last week’s announcement, Google has proven that systems using SHA-1 can be fooled into thinking a signature is valid when it’s not by producing the same cryptographic hash with two different files. By publicizing their work, this legacy algorithm has been rendered obsolete and insecure.

How does the SHA-1 collision affect file transfers?

If you are still using SHA-1 to verify the integrity of file transfers, you should know that it is no longer considered a safe or secure method. Bottom line, if you still use SHA-1, it should be transitioned to a more secure standard as soon as possible.

If you’re looking to replace SHA-1, an obvious alternative would be SHA-2. The SHA-2 algorithm is a family of hash functions with values of 224, 256, 384 or 512 bits, thus providing stronger security with longer message digests. The more complex algorithms generate more potential hash combinations than were possible with SHA-1 which make the SHA-2 algorithm extremely difficult to break using today’s technology.

GoAnywhere Managed File Transfer and SHA-2

GoAnywhere MFT fully supports the SHA-2 algorithm for secure file transfers over SFTP and FTPS. In addition, GoAnywhere is Drummond Certified for AS2 file transfers and successfully met all requirements for the optional AS2 secure hashing algorithm 2 (SHA-2) tests.

 


Get the Guide: Achieving HIPAA Compliance with GoAnywhere MFT


Are your file transfers HIPAA compliant? Is your healthcare organization at risk for fines, or worse - a data breach of sensitive patient information? Many health IT teams meet these questions with unease.

Fortunately, GoAnywhere is here to help.

HIPAA (the Health Insurance Portability and Accountability Act) protects the confidentiality, integrity, and availability of electronic health information. For any IT professional working in the healthcare industry—or for a company that does business with healthcare organizations—HIPAA is a concern. Compliance is strictly enforced, with penalties including substantial fines and, in rare cases, even prison sentences.

HIPAA is dedicated to protecting patient health information, but cybersecurity is only a portion of what the law covers and HIPAA’s security standards were not written for an IT audience. Avoiding specific technical language means the law changes with the times and allows organizations to adopt new technologies that help them meet HIPAA requirements. This approach provides flexibility, but it also makes HIPAA compliance challenging—IT professionals have to translate HIPAA into IT terms to determine what steps they need to take to become compliant.

Patient care involves constantly exchanging and updating electronic records, making file transfers a potential area of security vulnerability. GoAnywhere MFT protects valuable personal data while simplifying HIPAA compliance.

We’ve put together a guide that demonstrates how GoAnywhere MFT addresses several key HIPAA requirements. For example, GoAnywhere prevents unauthorized access by authenticating users and passwords with a variety of techniques including database authentication, LDAP, and Active Directory. Audit trails are generated to document if unauthorized attempts are made to alter or delete documents.

 

Download the guide to learn more about how GoAnywhere makes HIPAA compliance easy.