Getting Started with Managed File Transfer

Brooke: Hello everyone, thank you for joining today's webinar on getting started with managed file transfer. Whether you're already familiar with GoAnywhere or just want to learn more about managed file transfer today, we're happy you've joined us and hope the presentation is helpful. This event is scheduled for an hour and we'll be recording it, so if you need to leave or drop off at any point, do know that you will get a copy of the recording afterwards. Throughout the presentation, you can use the questions option in the control panel to submit any questions you might have and our team will do our best to answer. And if time permits, we'll take a few questions at the end aloud as well. Finally, a survey will display at the close of the presentation and please do share any feedback you have and any additional questions you might have and we will be sure to follow up with you.

With that, let's jump into our presenter introductions. So I will introduce you to our presenter today. Scott is a senior sales engineer with HelpSystems working primarily on our GoAnywhere and Clearswift product lines. He spent three years at Clearswift prior to their acquisition by HelpSystems this year. And prior to that, he was in the financial sector for 12 years, holding various IT roles, focusing on the Windows platform and IT security infrastructure. So we're very excited to have Scott walking through our content today.

With that, I will quickly run through our agenda. So we'll start off with just a basic overview of what is MFT, if that's something that you need some background on. We'll talk through why consider an MFT solution, and then we'll walk through some use cases of real ways that organizations use MFT. We'll do a brief run through of our MFT and ICAP integration, and then we'll spend the bulk of the time in our live demo section so Scott will show you GoAnywhere in action. And like I mentioned, Q and A at the end. So that's where we're headed. With that, Scott, I will let you take it from here.

What is MFT?

Scott: Thanks Brooke and thanks for everybody taking the time out of your day to watch this introduction to managed file transfer. And so, what we will begin with is just discussing a little bit about traditional file transfer or in the old days, what we just used to refer to as file transfer or using FTP or a couple of different applications that you have that you see here that are pointed out. And traditionally, as I had mentioned, with file transfer, there wasn't a lot of automation, there wasn't a lot of logic. In some cases, file transfers weren't secure.

In my previous employment, there was some basic file transfer methodologies that were used and they were simple, as I mentioned with, with some of the concepts that are called out here. There were some applications that were tied into the email, which I'll get into as well. Third party tools where we could securely transmit something via email. But the bottom line is that a lot of these technologies were just plain and simple. And then there was a lot of custom processes that were built on the backend in order to automate some of the things that we're going to get into today.

And so oftentimes now, you'll hear me say or you'll hear us use the terminology managed file transfer. So what managed file transfer is basically taking that traditional file transfer and moving that into an automated process. And so you've built in a lot of these custom automation or these custom tools that you may be using behind the scenes in order to fulfill a file transfer from beginning to end. And there's a lot of points that we're going to get into today like making sure that that file transfer is secure, making sure that you've got some auditing or compliance built into a tool so that you can ensure that whatever permissions will have been adhered to or if there's some sort of a holdup in between where a file transfer began to where it ended, to make sure that you have a full level of compliance from a step-by-step process. And then also being able to just take all of those old processes and move them into a centralized tool where you can make sure that you've got one place to go from the beginning of a file transfer to the end of the file transfer.

So there's a couple of things that we're going to look at as far as managed file transfer is concerned. The first thing is you want to make sure that it's a tool that's easy to use. And so with GoAnywhere, we have a centralized console and there's a lot of logic that can be built into the tool. We can integrate it with applications such as Active Directory to ensure that you've got a consolidated sign in and and to make sure that all of the tools that you're using that are tied into the managed file transfer process are centralized. All your connections, all your authentication, all of your connectors, all of your resources, all these things can be built into a centralized console and you can go to one place to manage all of the everything from the beginning to the end.

From a security and compliance standpoint, you also want to make sure that you've got a good audit track as far as who is sending, who made the connection? If once a connection is made and a file is placed in a location, whether it's hosted by MFT by GoAnywhere or if it's hosted in another location, another secure FTP server or a file share or something along those lines, you want to make sure that we can see who made that connection, where the file was placed or where the file was moved.

And then if there's some other tasks or there's some other job logic that is built into a project, you want to make sure that you've got that error logging. Whether it's an email, whether it's an encryption that's triggered, whether it's another partner where when a file comes in, you've got a transfer obligation to go to another location. So you want to make sure that you've got a tool that is, as I previously mentioned, easy to use, and from a security and compliance standpoint, you've got all of the logging built into it and you can go to one place to gain all of that information.

And finally, if you've got an issue with some sort of a connection failure or authentication failure or there's some logic that's built into an automation process, maybe that you've used that you've carried over from a legacy environment, you want to make sure that if there's an error at any point within the process, that you can go through your logs and you can get down to the bottom of where that failure was. And more importantly, you could build logic into our MFT configuration that allows for you to control if there was an error, either allow the job to continue or send a notification or cancel the job or kick off another task, something along those lines. And so you want to make sure that from beginning to end, you've got that full view over the entire file transfer to make sure that you can build processes to compensate for certain things that may or may not happen during a file transfer or some other tasks that may kick off after a file transfer.

Why Consider an MFT Solution?

So here's a number of things that should be considered when we talk about managed file transfer. As I previously mentioned, you've got full time resources that are supporting a lot of legacy processes, and I can speak of this firsthand from my previous employment because we did have tools that had different people managing different processes that were taking place. So we had individuals that were monitoring solutions for instance, at seven o'clock when our end of day business would start, and there were certain processes that had to happen in order for other processes to continue. So we had people that were sitting watching for certain things to happen in order to trigger other tasks.

And so there was a lot of custom scripts that were written to try to automate a lot of that, and what happens is they become very difficult to manage over time. So now what we can do with GoAnywhere is we could build a lot of that or all of that logic into GoAnywhere so that we can start automating some of that and just to let you know if something happens as opposed to you sitting and watching and looking for something to happen. I talked a little bit about scripts. So what we can do is we can incorporate a lot of legacy configuration into MFT projects to make sure that you've got all of that visibility that you previously had, and maybe we can offer some additional functionality as well, and you move away from that decentralized approach to a more centralized approach within the GoAnywhere console.

So as far as automation and alerting and then retrying, we could build a lot of that logic into projects. And this is very valid because instead of if certain tasks fail, somebody gets an alert from a data center operator, they have to pick up the phone, they have to call an operations individual, maybe from a Linux team or an application team or a Windows team, sign in and have a look at why something didn't happen so that they can kick off a task again, we can now build a lot of that automation into the process. So there may be certain things, as I mentioned previously, that have happened or that must happen, whereas other things, it's okay if they didn't happen. And so we could build a lot of that automation or logic into GoAnywhere.

And from a security standpoint, a lot of the older file transmissions, although they could have been secure at one point in time during the transmission, for instance, credentials are oftentimes submitted without being securely transmitted. So you want to make sure that when you build your SFTP infrastructure, your file transfer infrastructure, you want to make sure that you've got everything, your secure communication channel in place, so that not only if the file transmission or the data transmission is secure, but that the credentials are also being transmitted securely as well.

You also want to try to prevent human intervention. So, as I mentioned, from my previous employment, and I'm sure a lot of you can attest to this, is that there's often times when you're using legacy processes, there's oftentimes a lot of manual intervention because it takes time to build these processes. And as you start to identify issues that you're running into at any point in time during a transfer or during a job when they're running, you may not have everything that you need with a certain set of scripts that you're running and now what you wind up doing is you have to incorporate another set of scripts. And so now you've got a lot of logic that's custom and ad hoc. And as I've been mentioning, you can bring all that into GoAnywhere.

As far as encryption is concerned, we've got a number of different encryption algorithms that we support, and I'll get into that in a little bit more detail. And so when you add all of this up, GoAnywhere offers a holistic solution that incorporates... That grants you the ability to make sure that you can cut down on your support once you invest your time to build out your infrastructure, make sure that those file transfers are secure, everything from the transfer to the authentication to the connection itself is being securely transmitted and that you've got all of that automation and security and compliance built into the solution.

GoAnywhere Overview

So a little bit more about GoAnywhere. You can see here that we've got a bunch of different modules. I'll focus on the top area of the presentation. So we talked a little bit about encryption, we talked a little bit about automation. So what we could do is within any given project, we can take, for instance, a file copy that's made via an SFTP session that's hosted by GoAnywhere and what we can do with that is we can take that connection and we can say for instance, okay, log that connection, take that file once that secure file transfer happens, place that file on a share and make sure that that file is also encrypted using this set of keys, send an email confirmation to the individual that submitted the transfer and also drop an email to an operations team.

And so we could build a lot of that logic in too. There may be also a file where you want to also copy it elsewhere, maybe for a backup or something along those lines. You may also choose that you want to make a SQL connection and you want to import some information, maybe that's being read from a file or something like that that's in inside of some content that's been placed within a share. And so all of that automation and much more, obviously, other than what I've mentioned here, all of that logic can be built into any given workflow.

As far as the scheduler and folder monitors are concerned, not only can we host connections, SFTP, and different types of file transfer mechanism, we could also do is we can place monitors on shares that we connect to and we can read content from those chairs and... Excuse me, shares and trigger actions based upon that. So if someone were to take a file or a group of files and place it within a share or an FTP server or something along those lines, we can connect to that share or that location and then we can perform some custom actions based upon something that we see inside of that share, build all that into a workflow automation as I've been previously mentioning. And so now, in addition to hosting file transfer communication sessions and content, what we can also do now is we can go out and we can monitor stuff that you've got sitting out on your network.

As far as inbound or outbound connections are concerned, we can either host content for people to retrieve, or we can host storage points for people to connect to. It doesn't matter if there's batch processing that's involved or if there's one-offs, individual file transfers. We can take files or content that's placed in any given share and we can synchronize it to another location via file archiving task. And then we could talk about secure forms a little bit more. So in addition to some of the basic concepts that I've just discussed here that have to do with just transferring data from, for instance, point A to point B or vice versa, what we can also do is we can build a front-end application that allows for people to upload content or download content, something along those lines.

So I'm going to actually going to demonstrate this during the end to the webinar, but what you have is basically a secure form is essentially a website, custom designed branded where you populate some information. Today I'll get into a concept where for instance, you've got a job application and you've got people submitting resumes for a job application. And so you could build a custom front-end that allows for you to dictate what fields you want populated and to place and attach or the ability to attach a file, and then that file can be uploaded moving back to square one again, where you've got all that workflow automation. You could send an email confirm back to the individual who submitted the application or whatever the content may be, and then trigger some other workflows as a result of that.

As far as secure email is concerned, we can give you the ability now via a plugin or within Outlook or within a web interface where you can securely transmit email. What happens is once that attachment is recognized, we can provide offload that to GoAnywhere. The recipient gets a link or a capacity in order to download that email. So that... Excuse me, that attachment. So now you don't have to worry about transmitting large files or files in general within emails. We have a plugin in Outlook or it can be triggered within a web front-end.

Triggers, a little bit more about triggers, are custom actions that take place once someone, for instance, places a file within an FTP, SFTP share, or something along those lines. So just using a front-end as a home drive, if you will, whether they're remote or in the office, this could be published externally as well, gives you the ability to schedule things to happen, a workflow to happen if someone just uploads a file into their portal.

And then as far as your customers are concerned, making sure that you have visibility into, if you're expecting a certain file. Once you get that file, you have to send something to a customer or a partner of yours. We build all that logic into your workflow. As I previously mentioned, we have a lot of alerting that's built into the system if different things within projects don't happen, and all of that is visible within job logs, which I'll get into in a little more detail. And then as far as the audit logs and the reporting, this is after the fact if you want to have the ability to monitor or to watch something that previously happened.

I briefly talked about the front-end web console. So you have the ability now to also just purely use GoAnywhere as a console to transmit content. Like whether a group of users is internal or external to your infrastructure, you can publish that link externally, and now you give people the ability to upload and download and store content securely. Towards the bottom of this slide, you see a number of items that have to do with our resources or different connectors that we support. So in addition to just standard file transfer, giving people the ability to upload and download content, and some of the different mechanisms that I previously talked about, we also support the ability to link to existing cloud connectors like Amazon. We can connect to other file services platforms. Maybe you already have an SFTP infrastructure in place or another platform where you want to transfer content. So we could just use our platform to connect to that.

And then we've got agents as well. So in your branches, if you've got people that don't have the time or it's a little time consuming to just manually take content and upload it into a console, we've got an agent where people can just drop content and then the agent will securely transfer all that to our backend. And then there's a lot of scripting language that we have built into our application where we can automate and help you with some of your processes that you're currently using to build them into GoAnywhere. So there's a lot of different resources and connectors that we can tie into your infrastructure.

A little bit more about our gateway. And so like any technology, if you've got a public and an internal facing infrastructure, what we could do is we can mask your internal infrastructure by placing a gateway in a DMZ. And what this allows for you to do is this allows for you to make sure that those external connections are secure and then the DMZ GoAnywhere Gateway itself takes that communication and funnels that to your internal environment. And so what this does is this just gives you from a security and a compliance standpoint, this is the best practice.

It doesn't really much matter if this applies to secure file transfer. Or if we extend this logic to, for instance, email, traditionally, you would have an email gateway as a front-end, maybe doing your threat protection and your spam protection and then you've got your internal email infrastructure such as Microsoft Exchange. And so in the secure file transfer world or the managed file transfer world, similar concept. So you've got the gateway that shields your external connections from your internal environment and all of those services that you're hosting by GoAnywhere can be published by the GoAnywhere Gateway.

Use Cases

I'm going to briefly talk about a few case studies. As you see at the bottom of the slide, you'll see a reference to a link. And we have, I believe the last time I checked, there were more than three dozen case studies across many verticals that we worked with, and there's some useful information there having to do with how GoAnywhere has helped some of our customers implement secure file transfer... Excuse me, manage file transfer implementations. So the first case study that we're going to get into has to do with the healthcare industry. So when transferring medical records, you just want to make sure that you have the current measures in place to securely transmit all of that content. As we talked about previously, you'll also want to make sure that the credentials are not passed in plain text and then you've got some error handling when certain things happen or don't happen. You've got some logic that's built into the project.

So an event at any point in time there's an issue with a data transfer, everything from the connection to the content being transferred should be logged. When transferring information such as medical records, we can ensure that you're using encryption if that's required. Threat protection can also be incorporated, which I'll discuss in a little bit more detail. DLP or any other custom controls that may be required can be adhered to. So as I described earlier, GoAnywhere supports many secure file transfer mechanisms. And by virtue of Clearswift now falling under the HelpSystems umbrella, we can also assign threat... Excuse me, PHI or protected health care controls. During the product demonstration, I'll show you a little bit more about how we can build automation into some of these file transfers if there must be logic built into your requirements.

Second case study has to do with the education sector. And speaking from personal experience, my children all have portals where parents can sign in, download information such as report cards. This is extremely sensitive information with everything moving to the cloud. And distance learning, of course, over the last couple of months for most, the transfer of this content must remain secure. We can securely publish or front-end this information via various communications channels such as Secure Folders. If a simple portal interface is requested, I'll also demonstrate that, or secure forms if a more elaborate custom interfaces needed. This only applies to parents, it could also apply to students and staff. Perhaps projects or school works is required to be published. And with the shift to the cloud by many education institutions, the use of the cloud connectors gives us the ability to integrate content from various providers.

MFT and ICAP

So now I'm going to talk a little bit more about ICAP. So within GoAnywhere, we support an ICAP resource, and that ICAP resource also integrates Clearswift. And so Clearswift is a solution or a company that was recently acquired by HelpSystems. We have been working with GoAnywhere for roughly the last three years or so, and what Clearswift brings to the table is deep content inspection. And so what we do when a file transfer occurs, it doesn't matter what type of content it is, we open up that content, file or group of files, we inspect what's inside of it, send the results back to GoAnywhere. And so now what you gain is you gain some DLP, you gain media type protection, you gain threat protection and some other aspects if you're looking to do more than simply implement a managed file transfer solution, which makes sure that the content itself is securely transmitted.

So how does this all work? This is a use case by one of our joint customers that uses both GoAnywhere as well as Clearswift. The MFT platform is for securely transferring attachments between employees and their trading partners. So when that content comes through the MFT infrastructure, the ICAP Gateway intercepts it when threat protection is required. And so we tie this into users and devices that are connected to MFT. And so when these requirements exist, our ICAP Gateway, the Clearswift ICAP Gateway, takes that content, scans it for keywords executable as media type protection, et cetera. If we can sanitize the content, for instance, DLP, if we can strip out the the content that is not allowed to be transmitted, or if we can take out the threats that are inside of documents that are being transmitted if they are being transmitted, we will do that. Otherwise, what we'll do is we'll just block the communication altogether.

So with that being said, we're going to move into the demo. And we've got four different use cases that I'm going to get into, the first having to do with a standard secure file transfer via a web user. And so I'm going to show you some logic that's built into that. The second is a secure form for a job application, as I previously discussed earlier, and we're going to do some protection to ensure that people are not uploading items that they're not supposed to be uploading. Then we're going to monitor a folder by placing some content in the folder and watching how MFT can take that content and ensure that you can do what you want to do with it. And then the last thing we're going to get into is encrypted folders.

Live Demo

So I'm just working on sharing my screen here. Okay, so the first thing that I'm going to do is I'm going to sign into my GoAnywhere console. And first I'm going to do two things. The first thing I'm going to do is I am going to make a SFTP connection, and I'm going to upload two files into my GoAnywhere Gateway. So I'm going to make my connection here. This is my FileZilla. This is emulating my SFTP connection. I'm going through my gateway here, which I'll point out in a moment. I'm going to make my connection, sign in as my user, and now what I'm going to do is I'm going to upload a couple of different documents here.

So I have two different documents, PDF files, but one of them has some active content in it and one of them does not. So I'm going to upload both of these files through the GoAnywhere platform, and then I'm going to just do my refresh here. And then I'm going to take an executable as well. I'm going to drag that over and I'm going to do my refresh. And as you can see here, the executable has been removed. And so now what I'm going to do is I am going to first go into my GoAnywhere console, and I'm going to walk you through the job itself. So it was a fairly straightforward connection, just uploading a couple of documents. And so now you have the three different connections that were launched here. And so I'm just going to walk through the job log itself.

So as you can see here, I've got this document. This document has to have... Excuse me, it has active content inside of it. Active content is an advanced persistent threat or a document that's got some content in it to try to lure people into clicking on something and then something else can be spawned after that. So we've got that. And you can see here that I've just grabbed a couple of variables. Here's the document that was uploaded and you could see that I'm triggering my ICAP connection, which is the handoff to Clearswift in order to do the scanning. Here's a little bit more information about the response from Clearswift. You could see here that the file's infected and that Clearswift has sanitized the document because you'll see here, the file was allowed to be transferred.

And there's some custom coding here. I'm not going to get too much into the detail of this, but this is essentially a code that Clearswift says I found a threat, but I fixed it and I sent it back. And so now there's some other tasks that have been kicked off. You'll see that I've made an SFTP connection and I've copied it to another location and I've also sent an email with that as well. And what I'm also going to do is I'm going to look at the third upload, which was the executable. And I have a media type rule that's states that I cannot upload executable.

Where this is valuable is it's a little bit more than just the name of the .exe. If somebody tries to rename an .exe to a doc file, same concept will get picked up. You'll see here that now we have a different code, which is a 200403, and the file was not allowed to be uploaded. You'll see here that there's been some deletes that have taken place. And then there is also a connection that was not allowed because we did not allow the upload to take place, and so some additional error handling that's been built in here along with an email.

I'm just going to walk you through the project itself very quickly. So here's my project that was kicked off by a trigger. And you can see here, here's some of the logic that's built in. Here's my ICAP connection. There's some output that has been taken from the output connection in order for us to determine what we want to do with content once it's uploaded. You can see here if the file was successfully sanitized, what we're doing with the file, we're copying, it's sending an email. Here's a clean file. If we don't identify anything within the file, we continue to move forward with it. And then if we find something, some issues with it, we're not going to do anything with it. And of course, if the ICAP Gateway is offline, we built some logic into it as well.

So now what I'm going to do is I'm just going to sign in and you'll see here that two uploads were completed successfully, some little bit more information about the file itself, and then one file was not uploaded because it was an executable. So there's a little bit of job logic that's built into the project itself. All right, so the second use case that we're going to submit. So as you can see here, here is my MFT server. You'll notice here, I have a different IP address than my gateway and I'm just going to demonstrate signing in through my gateway. So this is my second use case.

This could be emulating an external connection in a case where someone is looking to upload, for instance, apply to a resume or submit a job application or something along those lines to a job that's been posted. So I'm going to sign in as my test user, and I'm going to go into my secure forms. This can all be locked down, of course, so that maybe only the form is available or this form could be published on your website. Let me go into my job application. And I'm going to say, my name is Mickey Mouse, and then I'm going to upload a document here. I'm going to submit this document to be uploaded. That happens to be an application.

And so now what I'm going to do is I'm going to move over into my mail client. You can see here that I sent a response. So dear Mickey Mouse, thank you for submitting your resume for the current job opening. A member of our human resources team will be in touch with you once the job applications have been reviewed. And so now back to the GoAnywhere Gateway itself, I'm going to walk you through the workflow here that's tied into this particular secure form. And you can see there's a little more logic that's built into this. And so what I'm doing in this case now, similar concept where I'm doing a scan. I'm not going to get into the details of the scan here of the content. I'm more interested in the logic that's behind what happens if a file is successfully uploaded?

So you'll see here that we're going to make a directory. This has to do with a secure form, so I'm going to create a custom secure forms copy folder. This is emulating a folder where a human resources employee could go into this folder and look at all of the resumes that have been uploaded. I'm going to copy that file. I sent a response, thank you for your upload, as you can see here in the portal update. Thank you, upload successful. That can be customized. And then I sent an email back to the individual who uploaded the resume.

So now what I'm going to do is I'm going to go into the secure forms copy folder. You can see here, there's a new folder by the name of Mickey Mouse created, and this could be the resume that was uploaded. And so now what you have is you've got the secure email itself, you've got the secure communication with the resume upload, and you've got all of the logging and compliance as I previously demonstrated in the first use case.

So now the next use case has to do with a folder monitor. So now what I'm going to do is I'm going to actually show you a project where I'm actually monitoring a file share for PII. This file share monitor could be really for anything. And so now what I'm going to do is I'm basically going to say, I'm going to move back over to the monitor to show you the file share in a moment, but all I'm really going to do is I'm going to scan the content because there might be some PII inside of it that I'm concerned about. If there is, I'm going to take some custom actions, and then I'm going to also encrypt the file and move that file to another location to make sure that it's kept on a secure file share.

And then I'm going to make an FTP connection to a remote location of your choice. And I'm going to put a copy of that file there. It could be for somebody else to review. And then I'm going to delete the original file once it's done because I'm concerned that somebody might have access to that original share.

So I'm going to move over into my monitor. And as you can see here, I have the monitor of the file share and I have a loan documents which I happened to use for the resume, but this is what I'm going to use for my monitor. And then what I do is I link this file share to the project that I just demonstrated to you and I'm just going to scan this every 20 seconds. So now what I'm going to do is I'm going to take a file. We're going to just take this JPEG here and we're going to actually copy that into, here's my loan document share. I'm going to paste that into the loan document share that was just referenced here. And then what I'm going to do is I'm just going to wait for this to disappear, and this should happen in a moment.

So as you can see here that the share was picked up because I scanned it every 20 seconds. And now what I'm going to do is I'm just going to walk through the job log and I'm going to show you what was done here. So here is my file share monitor. As you can see here, there is a JPEG that was placed in a share. And then you've got here's some variables that are associated with the project. You can see here again, I'm kicking off another ICAP task where I'm going to scan content because there might be some PII, that's a share that's got some loan information in it.

I see here that the ICAP Gateway, once it did its thing, it found an issue, but it was able to clean it. I'm going to get into that in a moment, sent an email, and then I also encrypted the document because we found that there was some personal information in there. Here's my encryption information. And then I took this file and I was asked to also copy this to, for instance, a partner that may have to do something with these loan applications. And so now what I'm going to do is I'm going to walk back into, first, I'm going to take a look at the email itself. So here you could see that there was a loan document that was uploaded. So now if I open this document, what you'll see here is that the personal information has been masked. So this is an image, as you can see from the attachment, this is a PDF file. You can't modify any of the contents inside of that image.

Now, if I go back to the original document, you'll see that once it opens, there is an account number that's in here and two different locations inside the document. So why this is relevant is people are uploading this content. You want to make sure that if there is some type of sensitive information, you may not necessarily want it on this share, but this is the share that's used as the entry point. So now we've taken that information, we've stripped out the content that's inside of it, and we've replaced the PII information with we blacked it out. So we could do that with documents or PDFs or JPEGs images via our optical character recognition engine.

And so now, the next thing that I'm going to do is I'm going to show you that we've also made a copy of that document in an encrypted share. So now I'm just going to take a look. It's been placed in my secure forms directory, and then we've also copied it to another location, which is built into my workspace into my project. So I'm going to move over to this share and I'm going to show you that as you can see, that document now has a PGP extension on it. And what that means is that the file has been encrypted. The only reason why we triggered that encryption was because there was, I'm going to point that out for you inside of the project, there was a PGP encrypt when we found some PII that was inside of it. So this is basically the logic that's built inside of that particular project. So you could see that we sent the email confirmation as well. We copied the file.

And then the last thing that we've done, we've encrypted is we've got a trading partner that we're working with and we need to make a connection and transfer that file to another location. So you can see here, this is what we've done. This is another FTP server within my environment. It could be external as well, and we've taken that file and we've copied it to another location. So all of that logic can be built into your project once you identify what all your requirements are, where you take a lot of your legacy processes that could be distributed and you want to move them into GoAnywhere.

So finally, we have an encrypted folders use case. And so what encrypted folders are is just giving you the ability to make sure that any content stored in a specific folder, you want it to be encrypted. And so what we can do with this is depending upon what your requirements were around what needed to be encrypted, what we can do is this happens to be my user home shares. So in other words, every user that I create on my MFT system, I want to assign an encrypted home drive. So I'm going to move over to one of my users. And so I'm going to focus on this particular user demo four, and you'll see here that in my folders, I happen to have this home directory under that encrypted folder share.

So now what I'm going to do is, again, I'm going to sign in through the Gateway. This could be an external connection. I am going to upload this document, this loan document again. And so now within this folder, as you can see here, I can take this and I can open this and I can display my content. I did happen to scan this for PII again. I don't necessarily have to have this logic in here, but I left it in here. And so now what I'm going to do is I'm going to move over to the actual encrypted folder structure here. Here's demo four, and you'll see here, here's my document. But when I open it, it's encrypted.

So now anyone trying to navigate to any user or any folder you have in the system, they're trying to circumvent GoAnywhere or the front-end MFT system, and they want to try to access this content, they can't because it's all encrypted. And so the only way that you can gain access to it now is via the GoAnywhere front-end web client. So with that being said, thank you everybody. I'm going to turn this back over to Brooke and we'll go through some Q and A.

Q&A

Brooke: Excellent. Thanks, Scott. If you don't mind pulling up the slide deck real quick, I will just make sure everyone's aware of how to contact us if they have questions and are able to stick around for the Q and A and then we'll jump right into the questions time as well. So just wanted to call out quickly. We'd love to connect with you. Feel free to contact us through any of the channels on the screen. We do have a full 30 day evaluation on our website, as well as a custom demo and the URL on where to book that is on the screen too. And then just a reminder, there will be a survey after we're all wrapped up here and your feedback is really helpful. So if you're able to stick around for questions, we'll walk through a few here. And just a reminder, you can use your control panel to submit any of those. Just use the questions pane and we will watch that now.

So Scott, just a couple to walk through. At the beginning of the webinar, you touched on compliance and the security features of GoAnywhere. Can you talk a little bit more about that and how GoAnywhere can help you be compliant?

Scott: Yep, sure. So, GoAnywhere itself does not make you compliant, but what we do is we give you the controls to configure our products so that you can adhere to your specific compliance requirements. Common Criteria Certification is also on its way. And, yeah, so that's a standard that's been adopted within the federal space. And so that's where we can help you out with your compliance requirements.

Brooke: Perfect. Another one, can you speak a little bit to the training and services that we offer to get people up and running?

Scott: Yep, so from a training and consulting configuration upgrade standpoint, we offer many different options for you to fit your needs. It may be something custom that we have to develop for you. We also offer online or on-site training. Of course, on-site is a little not working out too well right now, but when things get back in order again, of course we'll work on the on-site training. Let us know if there's something you're interested in. We can work with you on your requirements workflows or whatever it is that you're looking for.

Brooke: That's perfect. Another one, can GoAnywhere protect data at rest? And what does it take to encrypt files at rest?

Scott: Yep, so I demonstrated the encrypted folders capability. So we have that. Any documents that gets stored into those folders using GoAnywhere, they will be automatically encrypted using a AES 256-bit encryption. There's a very simple wizard to walk through to set that up. Same thing for decryption. As long as you're using GoAnywhere to download and move the file, it will be decrypted automatically.

Brooke: Great. And I know you mentioned the ease of use with GoAnywhere. Someone wanted to know a little more about the effort to get GoAnywhere set up.

Scott: Yeah, it's fairly straightforward. Typically with our proof of concepts, they don't take much longer than one or two hours to set up and configure. So it's a quick and easy setup to get everything up and running. What makes it simple is that we include an embedded Derby database for the initial installation. So you don't need to worry about externalizing right off the bat. Customer portal is also a great resource from where you can download and install everything so you can reach out to us and we'll help you out with the proof of concept.

Brooke: Perfect. So that is, I think, all we have time for right now, and we will make sure to answer any additional questions that have come in. Either after the webinar, we'll follow up with you, we'll make sure that you have the answers you need. So thanks Scott for walking us through this. Thank you all for attending. We hope you have a great day.

Scott: Thank you.