While facing a compliance audit for the newest version of PCI DSS, one global healthcare technology organization that focused on enabling better patient care and cost-savings for the healthcare community realized they needed a file transfer solution to help the company achieve PCI compliance and streamline compliance processes.
PCI DSS Compliance Challenges
Before switching to a managed file transfer (MFT) solution, this organization was handling file transfers using multiple tools and manual processes. CoreFTP was used for inbound transfers and WinSCP for outbound transfers. Customers using an FTP connection had to provide the healthcare organization with their IP address, and connections were difficult to set up due to excessive manual effort.
Since the tools also lacked detailed audit capabilities, the IT team was manually importing text log files to a database as an audit method. Neither tool provided extensive support.
At the time, the organization’s file transfer software was hosted on a multi-use server. During their PCI DSS audit, they discovered they needed to move to architecture specifically dedicated to file transfer processes and put something between their servers and the outside world. The IT team realized it was the perfect opportunity to upgrade their current file transfer processes to a more secure functionality across the board.
Evaluating Managed File Transfer Solutions
It was clear that what this healthcare company needed was a sophisticated managed file transfer solution, so they got to work evaluating around ten different vendors. Some low-cost solutions failed to pass basic compliance tests. Others were robust but unreasonably priced.
Out of the potential MFT candidates, a key factor differentiating GoAnywhere from the bunch was GoAnywhere Gateway, an enhanced reverse proxy and forward proxy that provides an additional layer of security for data exchanges. The healthcare organization went into the evaluation process knowing that a reverse proxy would be critical in any new solution.
“GoAnywhere Gateway was big,” said the organization’s Technical Product Manager. “We really didn’t want a direct connection to our server, and we needed a solution that would do that well.” Thankfully, the reverse proxy feature in GoAnywhere Gateway allows inbound ports into a private network to remain closed, which is essential for complying with PCI DSS and many other industry regulations. This is just what the healthcare organization needed.
Support was another major factor that made GoAnywhere stand out from the rest of the solutions they evaluated. “We've been very pleased with the support we get, starting from the evaluation stage,” said the Technical Product Manager.
Secure File Transfers with GoAnywhere MFT
The organization’s IT team found GoAnywhere quick and easy to set up, and the time savings only continued from there. “So much less effort goes into setting up a new customer,” said the Technical Product Manager. “I just pick an existing profile for the new user, update the template to their information, and in a few seconds a new trading partner is created. It used to be a good half hour to 45 minutes each time I set up a connection.”
The auditing features of GoAnywhere have also greatly increased the efficiency of compliance processes. GoAnywhere logs all the details of both inbound and outbound connections in a central location, and unlike the organization’s previous methods, it makes that data available to the team immediately.
While PCI DSS compliance inspired the company’s IT team to choose GoAnywhere MFT, the powerful capabilities of GoAnywhere’s workflows have been an unexpected benefit. Before moving to GoAnywhere, the team was using a combination of Windows Scheduled tasks and SQL Server Agent jobs to automate file movement and processing. To date, they have around 200 jobs scheduled within GoAnywhere and only a few SQL Agents left to convert over.
Finally, the Technical Product Manager knows he doesn’t have to worry if new challenges arise. “I've found the documentation to be good at helping me solve nearly anything,” he said, “and when I do have a question, GoAnywhere’s support team has been very helpful.”