Security

security

GoAnywhere MFT provides enterprise-level security features to meet stringent in-house policies and compliance requirements such as PCI DSS, HIPAA, SOX and state privacy laws. Only authorized administrators are able to configure security settings and users in GoAnywhere MFT, which is based on their assigned roles.

Security Features:

  • Set password policies and expiration intervals
  • Authenticate users against LDAP, Active Directory (AD), IBM i profiles, RADIUS, RSA SecurID, Google Authenticator, Duo Security, and other IAM (Identity and Access Management) solutions
  • Use Domains to virtually segment a GoAnywhere installation into multiple security zones
  • Filter connections with IP blacklists and whitelists (Global and User level)
  • Define administrator user permissions for separation of duties
  • Block Brute-Force and Denial of Service (DoS) attacks with an automatic IP blacklist
  • Create and manage SSL certificates, SSH keys, and Open PGP keys through integrated screens
  • Authenticate SFTP connections with passwords and/or SSH keys
  • Authenticate FTPS and HTTPS connections with passwords and/or SSL certificates
  • Utilize only FIPS 140-2 certified encryption algorithms to meet U.S. Government (NIST) standards
  • SAML support for single sign-on and dual factor authentication
  • Authorize selected services (e.g. FTP, SFTP, FTPS, HTTPS and AS2) to certain users and groups
  • Restrict users to specific home directories and subfolders
  • Specify folder level permissions (upload, download, delete, rename, etc.) by user and group
  • Automatically encrypt files on disk using AES256 encryption
  • Ability to accept or reject files with certain extensions
  • Run services under non-standard port numbers
  • Restrict user logins to certain days-of-week or times-of-day
  • Disable user accounts after maximum login attempts
  • Disable user accounts automatically after a period of inactivity
  • Receive instant notifications on login failures
  • Disable anonymous login
  • Generate full audit trails of all user events and file activity with reporting
  • Feed audit log messages to a central SYSLOG server
  • View the active sessions for logged-in users with the ability to terminate (kick) sessions

I like how scalable [GoAnywhere] is with projects! You can adopt anything you like in an easy to use interface and you can literally meet any business requirement thrown at you. Auditing makes it really easy to troubleshoot and gives a clear picture of all the activity being done by our clients. It also implements good security features such as IP whitelisting per user account which makes it much more secure and puts our mind at ease especially for sensitive projects.

Administrator , Financial Services | Mid-Market

We have to be able to pass audits. We get audited a lot, whether it’s internally or externally. This may be for the government, it may be our clients, or it may be a court or set of judges somewhere. We can’t fail them—period. It’s our business and our livelihood. GoAnywhere helps us pass these audits.

Applications Systems Administrator , Global Legal Services Provider | Legal | Read Case Study

The fact that you can customize [GoAnywhere] to your needs, as opposed to an out of the box solution with little to no flexibility. The product is extremely flexible and allows you to create workflows that are specific to your business use case. There is also the security aspect of the application. The product has built in auditing tools to complement our vulnerability management and PEN testing tools to ensure compliance.

James P , IS Director | CISO

[GoAnywhere] helped us with our PCI compliance and offered us additional flexibility in our data workflows.

George S. , IS Operations Manager

Long time user of GoAnywhere, its growth and improvements have been excellent and one of the reasons we continue to use GoAnywhere. It is a great solution when you have several siloed domains that need to share data in a secure manner. Even with external clients, you can control access. This is one of several things you can do, we leverage it for advanced workflows and ftp alternative because of its security. A lot of control is in your hands.

Keven G , Corporate IT Manager

How GoAnywhere Helps with Compliance

PCI DSS

  • Centralized controls and management
  • Role-based administration and permissions
  • Strong Key Management System (KMS)
  • Detailed audit logs and reporting
  • PCI Security Settings Audit Report

HIPAA & HITECH

  • File transfer monitoring
  • Detailed audit logs and reporting
  • Granular user permissions
  • Secure data exchange using SFTP, SCP, FTPS, and HTTPS

The GDPR

  • File transfer encryption technologies (e.g. Open PGP, SSH, and TLS)
  • Integrity checks for successful file transfers
  • Detailed audit logs and reporting
  • Module for sending sensitive emails
  • Admin User Roles for auditors and security or data protection officers

FISMA & NIST

  • A FIPS 140-2 compliance mode for all file transfers
  • Detailed audit logs and reporting
  • Granular user permissions
  • Stringent security controls

Move Files Securely with GoAnywhere Managed File Transfer

Obtain a personalized quote based on the features you need.

Request Pricing