Security and Compliance

GoAnywhere works within compliance frameworks, regulations, and standards to help you make the best decisions for your data security. GoAnywhere is ready to help you in your quest for compliance and assist you in processing your data in a secure manner. Whether you use GoAnywhere on-premises or SaaS, you get to make the choices on how to manage, monitor, and audit the controls surrounding your data.

Meet all your IT security and compliance requirements with GoAnywhere MFT

Our Mission and Philosophy

Why do we care about security and compliance so much?

Because you care

Because it affects your business

Because it's the right thing to do

GoAnywhere security mission triad: integrity, confidentiality, and availability.

As a software solution dedicated to protecting your sensitive data in motion and at rest, GoAnywhere MFT takes all aspects of data security seriously. We actively improve security and compliance in GoAnywhere and maintain a roadmap to keep us moving forward. Whether you choose GoAnywhere MFT or our MFaaS solution, you will always be in the driver seat on your data security.

Meet all your IT security and compliance requirements with GoAnywhere MFT. GoAnywhere helps organizations and IT professionals alike comply with regulations, standards, and technologies by providing enterprise-level security features.

Get the infographic: Meeting IT Security and Compliance Requirements with GoAnywhere

For more information, download our datasheet: Our Approach to Security & Compliance

Enabling Data Security Compliance

Achieving compliance requires a holistic view and plan. With GoAnywhere MFT, you can secure your sensitive files and transmit data using the latest security standards to keep your data secure and comply with regulations, frameworks, and standards. GoAnywhere MFT addresses many controls in popular and widely-used security frameworks, standards, and regulations, including:

Enabling Data Security Compliance

PCI DSS

  • Centralized controls and management
  • Role-based administration and permissions
  • Strong Key Management System (KMS)
  • Detailed audit logs and reporting
  • PCI Security Settings Audit Report

Learn More

The GDPR

  • File transfer encryption technologies (e.g. Open PGP, SSH, and TLS)
  • Integrity checks for successful file transfers
  • Detailed audit logs and reporting
  • Module for sending sensitive emails
  • Admin User Roles for auditors and security or data protection officers

Learn More

HIPAA & HITECH

  • File transfer monitoring
  • Detailed audit logs and reporting
  • Granular user permissions
  • Secure data exchange using SFTP, SCP, FTPS, and HTTPS

Learn More

FISMA & NIST

  • A FIPS 140-2 compliance mode for all file transfers
  • Detailed audit logs and reporting
  • Granular user permissions
  • Stringent security controls

Learn More

Australia's CDR

  • Role-based administration and permissions to access data
  • Detailed audit logs and reporting
  • File encryption technologies
  • Security settings for sending and receiving confidential emails

Learn More

PIPEDA

  • Stringent security controls and role-based user access
  • Data encryption technologies
  • Secure data exchange

Learn More

California Consumer Privacy Act

  • Detailed audit logs and reporting
  • Centralized controls and management
  • File transfer encryption technologies

Learn More

Singapore's PDPA

  • Limited data access based on user permissions
  • Data encryption at rest and in motion
  • Detailed audit logs and reporting

Learn More

Do you have specific requirements or risks you want to address? We will collaborate with you to help you understand how GoAnywhere can assist in your compliance efforts.

  • CIS
  • FISMA & NIST (800-53r4, CSF, PS 800-37r2 RMF)
  • ISO 27001 & 27002
  • SOC 2
  • SOX
  • Australia's CDR
  • PIPEDA
  • CCPA
  • Singapore's PDPA

Data Encryption Methods & Technologies

While many organizations still use multiple solutions for their secure file transfer needs, GoAnywhere gives organizations the opportunity to centralize their encryption processes within a single, affordable solution for the enterprise. Reduce your exposure with GoAnywhere’s cutting-edge encryption technologies for data in transit and at rest:

  • NIST-certified FIPS 140-2 crypto module
  • Strong cipher suites
  • Secure transmission protocols
  • Detailed audit logs
  • Role-based access control
  • Multi-factor authentication

End-users can also securely upload files from their own infrastructure, which mitigates organizational remote access compliance issues.

System Hardening

System hardening is a process used to reduce IT vulnerabilities. It typically includes securing system configurations and strengthening internal operating procedures to reduce any available attack surface within an organization.

HelpSystems strives to apply security best practices in the design, development, and testing of GoAnywhere MFT. GoAnywhere’s security resources, including our services team, are available to assist customers throughout the GoAnywhere MFT hardening process.

Enabling Data Security Compliance

Interoperability

GoAnywhere MFT has the ability to interface with partners and external users via multiple protocols and advanced workflows. GoAnywhere is thoroughly tested for interoperability with enterprise-level operating systems, popular web browsers, and to meet commercial and federal compliance regulations. These features make GoAnywhere an excellent integrator at an affordable price.

Organizations have used GoAnywhere to create multi-state interoperable systems with 24/7 functionality, meet Drummond requirements for AS2, and provide technical safeguards for file transfers between health organizations. Learn how organizations use GoAnywhere MFT.

Cloud Connectors

There are many ways to connect your GoAnywhere instance with servers, tools, and popular cloud and web apps. Learn about GoAnywhere’s connectivity features, our Cloud Connectors, ways to integrate GoAnywhere MFT with applications you use every day, or our Secure ICAP Gateway, with introduces deep content inspection engine, adaptive data redaction, and flexible policy settings to GoAnywhere’s file transfer capabilities.

Security Features in GoAnywhere

Auditing & Reporting

  • Generate full audit trails of all user events and file activity with reporting
  • Feed audit log messages to a central SYSLOG server
  • Generate reports of file transfer activity, user statistics, and completed jobs from within the console

Authentication & Encryption

  • Use Domains to virtually segment a GoAnywhere installation into multiple security zones
  • Filter connections with IP blacklists and whitelists (Global and User level)
  • Block Brute-Force and Denial of Service (DoS) attacks with an automatic IP blacklist
  • Authenticate SFTP connections with passwords and/or SSH keys
  • Utilize only FIPS 140-2 certified encryption algorithms to meet U.S. Government (NIST) standards
  • Authenticate FTPS and HTTPS connections with passwords and/or SSL certificates
  • Automatically encrypt files on disk using AES256 encryption
  • Ability to accept or reject files with certain extensions
  • Run services under non-standard port numbers
  • Create and manage SSL certificates, SSH keys, and Open PGP keys through integrated screens

User Access & Controls

  • Authenticate users against LDAP, Active Directory (AD), IBM i profiles, RADIUS, RSA SecurID, Google Authenticator, Duo Security, and other IAM (Identity and Access Management) solutions
  • Define administrator user permissions for separation of duties
  • SAML support for single sign-on and dual factor authentication
  • Restrict users to specific home directories and subfolders
  • Specify folder level permissions (upload, download, delete, rename, etc.) by user and group
  • Restrict user logins to certain days-of-week or times-of-day
  • Set password policies and expiration intervals
  • Authorize selected services (e.g. FTP, SFTP, FTPS, HTTPS and AS2) to certain users and groups
  • Disable user accounts after maximum login attempts
  • Disable user accounts automatically after a period of inactivity
  • Receive instant notifications on login failures
  • Disable anonymous login
  • View the active sessions for logged-in users with the ability to terminate (kick) sessions

Certifications & Partnerships


GoAnywhere has received the following certifications:

Certifications & Partnerships
common criteria award

Common Criteria (in progress)

GoAnywhere is in progress to be the only MFT solution to be included on the Product Compliant List of the National Information Assurance Partnership’s Common Criteria Evaluation and Validation Scheme (NIAP-CCEVS). This milestone recognizes that GoAnywhere is being evaluated to meet the rigorous security standards for NIAP, the resource required for federal government buyer and other security-forward organizations.


AS2 Drummond Certified

AS2 Drummond Certified

GoAnywhere MFT is Drummond Certified™ for AS2 which ensures compliance and compatibility with other AS2 solutions. GoAnywhere is also certified for SHA-2, Multiple Attachments, Filename Preservation, and Chunked Transfer Encoding with AS2.


Certified for Windows Server 2012

Certified for Windows Server 2012

The GoAnywhere products successfully completed the Certified for Windows Server 2012 requirements using the robust Microsoft Platform Ready tools.


IBM Ready for Power Systems Software

IBM Ready for Power Systems Software

GoAnywhere meets or exceeds IBM's criterion for integration with the Power Systems software stack for System Management, Energy, Security, Availability and Virtualization. HelpSystems is an IBM Business Partner and fully supports GoAnywhere on AIX, i, and Linux.


Microsoft Azure

Microsoft Azure

The Azure Marketplace is an online store that offers applications and services either built or designed to integrate with Microsoft Azure. By obtaining a listing on the Marketplace, Microsoft has acknowledged that GoAnywhere MFT is certified and optimized to run on Azure.


VMware Ready

VMware Ready

Secure Managed File Transfer is ready for virtual private cloud infrastructure when running GoAnywhere Managed File Transfer on vSphere from VMware.


Partnerships

Active involvement in the industries it serves keeps GoAnywhere MFT on the leading edge of secure file transfer services. Current professional partnerships include:

Common

Common


Docker

Docker


IBM Business Partner

IBM Business Partner


Microsoft Partner

Microsoft Partner


Open PGP Alliance

Open PGP Alliance


Oracle Partner Network

Oracle Partner Network


PCI DSS Security Standards

PCI DSS Security Standards


Red Hat ISV Partner

Red Hat ISV Partner


RSA

RSA


VMware Partner

VMware Partner

Learn More

What GoAnywhere Users Say

We have to be able to pass audits. We get audited a lot, whether it’s internally or externally. This may be for the government, it may be our clients, or it may be a court or set of judges somewhere. We can’t fail them—period. It’s our business and our livelihood. GoAnywhere helps us pass these audits.

Applications Systems Administrator , Global Legal Services Provider | Legal | Read Case Study

The fact that you can customize GoAnywhere to your needs, as opposed to an out of the box solution with little to no flexibility. The product is extremely flexible and allows you to create workflows that are specific to your business use case. There is also the security aspect of the application. The product has built in auditing tools to complement our vulnerability management and PEN testing tools to ensure compliance.

James P , IS Director | CISO

[GoAnywhere] helped us with our PCI compliance and offered us additional flexibility in our data workflows.

George S. , IS Operations Manager

Long time user of GoAnywhere, its growth and improvements have been excellent and one of the reasons we continue to use GoAnywhere. It is a great solution when you have several siloed domains that need to share data in a secure manner. Even with external clients, you can control access. This is one of several things you can do, we leverage it for advanced workflows and ftp alternative because of its security. A lot of control is in your hands.

Keven G , Corporate IT Manager

I like how scalable [GoAnywhere] is with projects! You can adopt anything you like in an easy to use interface and you can literally meet any business requirement thrown at you. Auditing makes it really easy to troubleshoot and gives a clear picture of all the activity being done by our clients. It also implements good security features such as IP whitelisting per user account which makes it much more secure and puts our mind at ease especially for sensitive projects.

Administrator , Financial Services | Mid-Market

Move Files Securely with GoAnywhere Managed File Transfer

Obtain a personalized quote based on the features you need.

Request Pricing