Is Your Remote Workforce a Top Security Risk?

Kara:

Hello, everyone, and thank you for joining today's webinar to discuss remote workforce security and what you can do to reduce your risk. I'm here today with our presenters, Eduard and Scott. Before we kick things off, I'm going to remind you that the event is scheduled for an hour and we are recording the event and we'll send the link out afterwards so you have it. Feel free to ask questions throughout and we'll try to answer a few verbally at the end as well if we have some time. Finally, a survey will display at the close of the presentation. If you can fill that out, that really helps us understand what parts of the presentation were most helpful and you can feel free to reiterate any questions that weren't answered during the broadcast today. With that, I'm going to introduce you to today's presenters, Eduard and Scott.

So, Eduard is a Solutions Engineer at HelpSystems, specialized on IT automation and cybersecurity solutions. With more than 12 years experience working in the field with companies both as professional services consultant and sales engineer, he's now primarily focused on helping to deal with today's data security challenges. Scott is a senior sales engineer with HelpSystems and is based in New Jersey. He has over 20 years of IT experience working in and managing IT teams in highly regulated industries. In this role, he works with and supports the largest Clearswift and GoAnywhere customers and prospects across North America. Eduard and Scott, thank you for being here and I will let you take it away.

Eduard:

All right. Thank you very much. So, in today's webinar, we're going to just have a quick introduction before getting into the topic of today. We're going to introduce who we are at HelpSystems in case you don't know us. And then we're going to go on and introduce which has been the impact of the COVID crisis, let's say, in our way to work and how employees are now working from home, basically. Which are the common tools that employees are using to do this remote work? Which are the common risk? And which is our HelpSystems position to have a secure collaboration in the way we work with sensitive documents and data. Again, at the end of the session, we'll spend some minutes to answer your questions. So, feel free to post all your questions in the question panel on the GoToWebinar solution. So, with that being said, as I mentioned, in case you don't know us, we're HelpSystems, we're a software vendors, software company, and almost 40 years in the business.

We have a global presence worldwide, but our headquarters are in Minnesota. We have been in the market for many years, but in the last years we've been building a really... we have been working to have two big product lines. So, one growing a lot in last years based on cybersecurity offerings, from a data security suites to the infrastructure protection and the identity and access management solutions. Today, we're going to talk about these particular aspects. But for you to know that we also provide solutions for the automation, not only for the IT team and the infrastructure, but also from the end user perspective with Robotic Process Automation. So with that being said, let's go and talk about today's topic, which is the remote work and the effect and the impact of the COVID-19 pandemic.

Remote Work and COVID-19

Eduard:

So, I will not discover anything by stating that the COVID-19 has been a huge impact in our lives, in the way we live. Not only from the personal perspective, but of course it has had all a huge impact on the way we work. So, from the fact that, since last year, since 2020, most of the employees were still working at the office. So, working fully from home was really strange, but companies had to adapt to this pandemic and the way that we have been confined and working from home, it was a forced, an unexpected situation. And companies, they needed to adapt to the situation. So, we had the need to work from home.

In most of the companies had this need to allow the workforce to work from home. And this has also involved a lot of IT investments, so a lot of investment in new tools, also new tools from the equipment, on the employees, but also from the infrastructure, in training and a lot of... It has a huge impact to prepare all these workforce to tele work.  And this change is here to stay. So, it's going to last for sure during the pandemic but it's going to last way beyond the pandemic, because for, many reasons we figured out that the remote work has a lot of benefits, both from the company side but also from the employee side because of the cost savings on both sides, because it's been proven that productivity is higher while working from home. So probably, less distractions were more effective.

So, also the fact that we, as employees, we can have a better reconciliation of work and the balance between personal life and work. And also it has sustainability benefits. So, we expect to have these remote work situations at least, if not a full-time teleworking, we're going to have this flexible option to work way more from home that we used to do. So, it's a change at that will be here for a lot of years.

The 3 Keys to Remote Work

Eduard:

When we're working from home, we still have, and we're still working with sensitive data, with personal data. From our customers. It's intellectual property recommendation. So, companies still need to guarantee and to make sure that all the data which is now being worked and being managed remotely from the employee's home needs to be protected. In order to do so, companies need to adapt all the proceedings. And here are three main keys to allow this security in the way that we work from home.

So the first, we know that the weakest point on all the security it's always the person. So, we are the weakest point. It's been proven that 99% of the cyber attacks from all of the data breaches comes from a human being having a malicious activity. So, it's an entry point for the cyber attack. So now that employees are working from home without having all the protection from the office, from their private network, with all the firewalls, all the infrastructure security equipment that is protecting the head office let's say, now we're working from home. We have less protection. We are using our routers from home. So, the infrastructure security, it's really compromised. It's really less secure. Also from the fact that in the best case scenario, employees are using corporate equipment. But in other cases, we have employees using personal devices. So this puts the data in a big risk.

So the first and the key areas to have the awareness of the users to be conscious of the fact that they are managing really sensitive data and to have this awareness of all these security risks from their side. Also, we have to adapt all the procedures, all the policies that have been thought to be working from the office.  So we have to extend it and adapt them from this model or from anywhere, all the times and by any device. So this is something that has to be adjusted. And the third key is, of course, to provide tools to employees to work in an efficient and secure way. And when we talk about toolings and solutions, we're talking about solutions to communicate the teams that are working remotely from home, each one individually, so that they can communicate, also for the team managers to handle all these teams better to coordinate all the work from home with the management solutions. From coordinating the teams.

File Sharing Tools

Eduard:

And also, the last best aspect, it's about all the file management, all the collaboration between employees in files, which is the foundation of every work. In these regards, and this is what today's webinar will be covering, it's which solutions can be used for employees, for the teams are working from tele-working to exchange data files between colleagues. Between the team members, but also maybe from third parties like trading partners, customers, or some providers. So normally, you have different aspects of the way we share data. So one, it's about accessing corporate data, corporate resources and documents which belong to the company.  So, that's one aspect.

Another aspect it's about providing tools for users to have their own personal space to share documents and share files among them. So that they can work on projects or in personal tasks. Or another third need would be to send and share large files especially with third parties. How can we do that in a secure fashion without using the third party tools? We need to use some solutions that are officially supported by the IT team. And also the last one, and this is about how employees, using their favorite channel which is email. So, we all use email all the time to exchange information, but also data and files. So, how can we do that from home in a secure way? So, Scott, I hand it over to you to present a little bit more about our approach and our proposition from the technology perspective.

Why Managed File Transfer?

Scott:

Okay. Thank you very much Eduard. So we're going to talk a little bit more about MFT here, managed file transfer, and we're going to work through GoAnywhere and some of the components that GoAnywhere brings to the table that allows for you to securely transfer data and incorporate some other components such as threat protection. Things along those lines as well. So, as Eduard had mentioned, these managed file transfer environments or GoAnywhere setups could be used for your internal workforce to securely transfer data, which is what we're going to focus on to some extent during today's webinar, but in addition, of course, for trading partners and business purposes. And so, you oftentimes will have requirements where maybe you want to allow certain types of content for internal employees or maybe IT users or something along those lines, or even for people to decide that they want to use your systems or your managed file transfer platforms for their own purposes as well.

And we're going to first start out by getting into talking about GoAnywhere as a listener, or a server, as well as a client. And so, from a listener standpoint we're accepting connections from external parties. We support FTP, Secure FTP, FTPS, AS2/3/4, HTTPS, and EDI as well. And so, we've got a GoFast module and we're going to soon incorporate FileCatalyst, which is a recent HelpSystems acquisition to take large file transfers and international large file transfers and expedite them. And so, we'll be able to incorporate that as well if you've got some enhancements that you're after from a large file transfer requirement.

We also have a centralized administration console using our back for both user management as well as users themselves uploading, downloading files, as well as administrative access. And then, there's some canned roles that we could build for administrative access as well as for users to, for instance, grant access to different directories where they need to upload and download files from administrators, can be set up maybe to administer policies as opposed to maybe a security team administering user accounts.

So, there's canned and you could build custom roles as well. Dashboard view can be customized and give you the ability to display many components that you want to see when you initially sign into GoAnywhere, depending upon who is going to be accessing the console. We've got advanced workflows, which is probably the most sought after module, we're the core, the nuts and bolts of the solution, as I like to say. So within any given project, you could have access to 100 or so tasks within our Advanced Workflow module. And these tasks incorporate everything from SQL queries to data translation, encryption algorithms, outbound connections, advanced reporting, things along these lines.

And then, you have the ability, now, when you incorporate our advanced workflow module to eliminate any custom scripts or maybe ad hoc stuff that you have, where you've kind of piecemealing different areas of a file transfer process together. We can now build all that into a GUI-based platform. Our resources allow for you to connect to external parties. So in other words, someone uploads a file, or maybe at a certain point in time, you just want to maybe monitor a folder if there's any files that are placed there, go ahead and ship those off to someone else. So now we turn GoAnywhere into a client, internal or external connections, file shares, cloud platforms or Cloud Connectors, and other file transfer web services.

We support about a half dozen different database repositories where GoAnywhere can be hosted, which basically stores all of your MFT policies, your logic. We've got more than 40 Cloud Connectors that can tie into everything from storage platforms to business process enablement like something like a CRM, like a Salesforce. So we've got APIs written for roughly 40. Some are different cloud platforms. We're going to actually be demonstrating some of those capabilities today. Triggers, monitors, and schedulers are how files work their way into GoAnywhere. So we can either just scan a share or an FTP server or something along those lines. We can monitor a share or an FTP server, or just as people sign in to upload and download files.

Encryption, digital signatures, certificates, we can encrypt decrypt content. We support a AES 256-bit encryption, PGP S/MIME. We also support file-based keys. We have a file management, excuse me, a key management solution that's built into GoAnywhere as well. If you want to securely store your certificates, alerts, auditing custom reports, single sign on page, branding. So you can customize when people sign in the look and feel of the interface.

Why Isn’t Encryption Enough?

Scott:

We talked a little bit about user access and we can host your users within GoAnywhere where you can offload them into a directory. We've got a cloud-based platform as well. So, just a quick comment around why it's important to add another layer on top of GoAnywhere. So GoAnywhere is responsible for the secure file transfer platform, but there's no content analytics out of the box. So we've got a module that can scan for PCI, PII, maybe threats, antivirus, advanced persistent threats, things along those lines. So just because you've got GoAnywhere, maybe you're a GoAnywhere customer and you feel that you've got a secure means to transfer files for your employees, that doesn't necessarily mean that you're safe, because people could inadvertently upload maybe files that you don't want to allow to be uploaded, or transmit PII or PCI, or viruses, things along these lines. So, we can add that level of protection as well.

If you don't mind, Eduard, if you could move to the next slide. So, a little bit more about our threat protection and DLP module, advanced persistent threat, as well as antivirus support, one to as many as three different antivirus engines we can enable. When we say traditional DLP, referring to either allow or block type scenarios, PII, PCI, or anything that you need to you and your business. But what we do a little bit differently, which we commonly refer to as adaptive DLP, gives you now the ability to allow content minus stuff that's important to you. So for instance, stripping out social security numbers, or maybe even with an image, somebody now, because everything, we're enabling people to work from home. We're building a platform where you can securely transfer documents, but people oftentimes now are snapping pictures of content and uploading.

MFT and ICAP

Scott:

So now we can scan text inside of those images. And so, now we've got an end-media type protection as well. So for instance, someone renames a doc file to an EXE to try to maybe or other way around DXE to a document to try to circumvent the system, upload maybe some source code where you may not want to allow it, we can do file signature-based scanning as well. So now, you've got the ability to protect all of the content itself in addition to the platform that you're using. So, a little bit more about how all this works, fairly straightforward. Someone uploads a file, GoAnywhere takes the file, integrates with our threat protection and DLP module, we scan that content, we send the results back to GoAnywhere, and then within GoAnywhere within our advanced workflows, we can determine from there what we want to do with that content.

We could maybe do use it for logging user awareness. Maybe we want to strip out the sensitive information. Maybe we won't block it. So you can do all of that. And all of that information is logged, and you could either go through the blogs or you can use, like Slog Solution, if you need to offload some of that, maybe to see kind of the content that's being transferred in and what's in there. Next slide?

How MFT Helps with File Sharing

Scott:

Yeah. So, a little bit more about what we're going to be getting into and a little more details as far as the demo was concerned. To begin with, we're going to talk a little bit more about, and we're going to demo secure folders, how secure folders work. This is basically our corporate edition of securely transmitting files, maybe from a web-based interface, but it also supports SFTP and some of the other listeners. We mentioned GoDrive, which is a very similar to secure folders. However, there's some additional functionality such as placing comments on files, file revision history, there's a trash bin. There's, some additional functionality built in to GoDrive on top of secure folders. GoDrive also automatically encrypts everything, whereas secure folders, you can encrypt it if you choose to.

So there's some additional components that are tied in to GoDrive if you need some of those specific use cases. secure forms. So, the ability to securely capture information, maybe use it for a survey or something along those lines, and as we're going to be getting into in a little more detail today, benefits enrollment process. Something along those lines where you want to put something out to your user community, it's time to renew your benefits this upcoming year, or conduct a survey as I mentioned, something along those lines.

So, anyone can sign in either anonymously or via with a user and password, could be drop downs, things along those lines. So, it's basically, we take information that we're publishing on a website, and then we can take that data and use it for other tasks or other processes. So we're going to get into that in a little more detail. And we're going to talk a little bit more about our secure mail module, how to securely transmit attachments via email. And then, we're going also get into in a little more detail, some of our cloud connectors. So I think we'll go back over to you, Eduard.

Securely Accessing Corporate Resources Review

Eduard:

Excellent Scott. So, now we're going to see how we can leverage all these different models that are present in specific use cases when users are, or employees are working from home. So first use case or scenario is how users can securely access corporate data and corporate resources, which are typically based on the office and the head office, how they can exit, and how they normally exit from home.  So, in this particular use case, the common solution to this, it's using VPN.  So VPN to connect from home to the corporate network and then users getting access to all these files, websites, legacy applications, which if not, it would be impossible from home.

The problem here is that with the COVID escalation, everybody working for home, VPNs have been overused.  And in various case, this high usage of VPNs has provoked or represented different challenges like they were not cited for so much load.  There were issues with their performance, so they produced degraded user experience, also low productivity. And of course you have, in order for all users to consume this VPN, or all these different use cases, you had to add additional licenses.

So in the end, what you can do is, in order to avoid all these issues, you can limit the VPN users for what it's really essential. Or what the only means that users actually need to connect to VPN and not for the rest. So you can avoid this congestion of the VPN network. So all these use cases where you can use printers.  In this case, it doesn't make sense, from home. But when users need to access file shares or files in some file servers from home.  Or you can avoid that.

And you can use alternate solutions like what we're going to present today. It's secure folders.  Secure folder, it's a secure way from users to access these corporate data which resides on premise from home.  From multiple ways. We have a web plan, we have also desktop plan, where you can easily share to individuals and also to the group of employees and the members, files which are On-premise. Basically, that's it. You can do it. They can do it from multiple clients as I mentioned. You can also benefit from the fact that GoAnywhere, we have automation engine behind, okay, which you can trigger some particular events or particular actions when somebody uploads a file. So, that's also the benefits from secure folders. You can send alerts when somebody has uploaded a file.

So there are some extra benefits from the fact that you can use secure folders for users to get access to these files from home.  And avoid the usage of VPN for this specific use case which is not advised when you have alternate solutions like secure folders.  We will see that in the demo shortly. So in a very briefly, how does it look, but also for another use case, which is at the users sharing files, collaborating.

So, every single user has his own personal space for storing its personal professional data, or also sometimes some travel data. All the personal information and data and files, which they need some particular space to store them.  So in this case, one typical common solution will be to use cloud storage services.  You may have DVD solutions, okay, so which are very well known, but also there are some solutions which are free,  Without telling any name, but there are some cloud solutions which are free for users to store their own data there, synchronize that personal drive with their own workstation, et cetera.

But here we have some issues: If you're using free or some cloud-based solutions, you may have the [inaudible 00:27:30] force from compliance. Where is all this data stored? So, if you are using Shadow IT or not corporate, so users are using free tools, for sure you will not have control over what's going to happen, what's happening. Which is the management of that file to this personal files in the end that our business data which you stored somewhere?  But you don't have control. So if you have to meet some compliance, some regulations, some specific data security controls, these solutions will not be compliant.

So, for that, we offer a special solution which is called GoDrive. It's an enterprise, a false-sharing and synchronization solution, which users can have their own personal space, personal drive. Which is GoDrive. And as any other solution, they will add documents there.  They can share with colleagues, with their parties. They can grant access to others, to its own personal resources.  It's going to be, you have versioning of each file. You can sync it with your personal workstation, but also with the mobile. Yeah, so applications for iOS and Android. And the big difference is that the physical file storage for all the user data, it's going to be On-prem.  It's not on the cloud,  Not on any many public lime lights.

Live Demo

Eduard:

You will have the control.  So, that's the main differentiation. So with that being said, let's jump to the product very quickly.  So let's have a quick look on how these two models work.  So, to beginning with, I will show the administration console.  So, here there's the admin portal for the GoAnywhere Solution. So I can go login as administrator.  So this administration Solution. From there, we can activate the collaborative platform. All these different models that we're going to see today are based on an HTTPS service.  So this means that all the secure folders, GoDrive, all these files that are going to be shared to these HTTPS protocol, which is an encrypted protocol, through SSL panel. So all the files that are going to be sent back and forth from going to a workstation from the user back and forth are going to be encrypted through this secure channel.

So in order to activate the service, it's really easy. I will not spend time today in this, but we have here a listener you can select, which is the private certificate that is going to be assigned to this HTTPS server. And then, okay, it's up and up and running. Then, we have to define which users would have access to these models. So, in the web user's panel menu, here's where you can manage which modules. We be granted access to each particular web users. You can manage web users individually and of course by groups.

So we have the members by department, so you can define all the permissions also by groups. In this case, of course, all these web users can be synchronized with active directory or through other login methods. We support multiple.  We support from LDAP Managed.  So, we can now authenticate users on Active Directory or other different identity systems. Even we support SAML for Single Sign on. So in any case, once we have the web users that here, then they can access the different modules that we are offering for them for today. Now we're going to show two of them.

So, secure folders and GoDrive.  So from here, from these, when you're editing web user, you can define from all the available models that GoAnywhere is providing, which ones he will access.  So in this case, I grant him, I said the HTPs side, the protocol, with I grant them access to all the different models that we provide.

We have some authentication options. For example, do you want to activate a two-factor authentication?  We support multiple engines or OTPs, that's optional. You can add also some additional security, like I'd be filtering time limits so he can only connect on business hours, business days.  So these are completely optional. But in any case, now we're going to have a look at the secure folders model. This means how we can share corporate data to end users, to employees, so that they can access them from home very securely.  So without using the VPN. So in this case, from the folder's tab, this is where you can define which folders, which resources you're going to share with that particular user or group of users. And from here, we have the benefit of choosing different resources which can be local, GoAnywhere server resources or folders.

You can pick network shares, resources from other file servers.  You can pick even, storage on the cloud if you want to share, it and be presented to the end users through this web time.  So we have complete flexibility. So in this case here, I selected some resources from the corporate office,  From the bi-network, customer data, EDI, local folder, invoices which are stored in other false server, production data,  So here, you grant them access to these different resources. For each resource, you define which permissions they will have on the files which are there.  So you can define, just read permissions. They can not load, they cannot modify anything, or maybe you can let them have full permissions and modify the lead rename and create different documents in there.

But these are administrators from secret folders. We let and provide access from home to corporate logins or resources. So now, how does it look from the end user perspective?  So, I mean, in the phase now let's jump to the end user working from home. In this case, I have defined an employee.  A username name employee, which will have access to these resources.  So now I jump, now I'm the user, employee, working from home,  And I want to access these different resources.  So I will just log in here, the portal. So the web line. This one client that we support for accessing these data, we log in. Sorry. That's it. And we have access to the resources that have been shared with me that the admins have granted me access to.  If I have permissions, from here I can just download the documents. If I have permissions, I can rename.

So, that's how easy I can. For example, here, I will just download this document. I can click it, then I will download it. That's it. Very easy. We all like another tool or another client for end users to get access to these files without having to browse in the web browser.  So we also shape with the product, what we call a Desktop Client.  So, Desktop Client, it's an app that the employee can install on his personal workstation. And from here, you see you can see the exact same files and folders that I could access from the web line, I can access from Desktop Client very easily. Okay. Now, all the file movement, all the downloads, every single user activity, it's going to be absolutely traced by and audited from the admin perspective.

And so, here on the audit logs, and now I'm back to the admin interface on the HTTPS servers. Look, here I have all the activity from the end users through the secure folders. So I can see which file has been downloaded, uploaded, get deleted, by any user. So these are completely, I mean, filterable views that you can, as an admin, can see,  And send alerts. Also, if you want for these kind of events. Huge advantage is complete trace with full detail.

So these are secure folders. Now, what about GoDrive? So GoDrive, remember, it's the personal space.  It's the usage, it's a drive that each individual employee will have to store its own personal data.  The big difference is that, as you can see here, all the user data is going to be stored On-Premise. So here we can select where all these data is going to be stored, so maybe it's going to be sort of the local GoAnywhere server or maybe in another network share, or even on some private cloud here. So, in any case, how does it look from the end user perspective?

So here, I go back now to the web client. So now I'm the employee from home and I have my GoDrive.  My individual GoDrive. So again, these are my personal files from me.  So these are my projects.  So my documents and I can share with my colleagues, in this case this is a folder Bethany shared with me.  Or I can just share this document, I save it to this folder with a colleague.  Or, I can even generate some download links. I can copy and paste and share it via email to a partner. And I just copy and paste. And then he will have access to that particular resource.

But these are my personal documents or team documents.  You have all the options here, like revisions. I can go back here and to previous versions of the file if I want. This personal GoDrive is going to be synchronized with my local PC if I want. So now, if I go here in my Desktop Client, so instead of the web client, the Desktop Client, and I click on the GoDrive you see here. These are the exact same documents that are going to be synchronized and I'm browsing from here. So now if I pick any file,  So let's take here. I will upload it here.  So here, I will just drag and drop a file.  It's going to be here, so I upload this whole collection. Now, if I go here, you see, it just synchronized.

So it's basically the same, but the big difference is that, as I mentioned, you just have... All these files are going to be stored on On-premise. From the admin perspective, also here on the audit logs, you will have full detail of, we have a dedicated service log GoDrive, so every user activity, every upload, every share file has been shared, every link that has been generated. Everything will be completely traced.  So we'll have here all control from the admin perspective. Okay. So with that being said, let's go back to their presentation and let's go for more. So, Scott.

Scott:

Yeah. Thank you, Eduard. Good overview of secure folders and GoDrive. So we're going to talk a little bit now about secure forms in a little more detail, to provide some context, just go through a couple of basic questions that I'll ask the audience, not looking for feedback, just going to kind of put you in a position where you can understand what we're using secure forms for. So, to begin with, Eduard, did you ever fill out an online survey or completed, like I mentioned before, benefits enrollment process? You can actually see that on the presentation here. Or updated a case, maybe working with a software vendor or an issue that you're working on? Or have you ever completed electronic process to reference for maybe have to up upload some documentation maybe for a credit card application? Something along those lines?

I think all of us can pretty much say that we've been through some of this before. And so, what's being used for these, the front ends, are what we commonly refer to a secure forms. By definition, basically it's an HTML form designed to securely capture information. This information is typically used for another process. We'll kind of walk through some of those scenarios shortly. We could securely implement these forms either anonymously over the web, or internally, maybe just publish them internally for your internal users. SSL certificates can be used to encrypt the content. This way you can make sure that no one can hijack any personal information or maybe get into banking statements or social security numbers, things along those lines.

Or as we all can probably relate to maybe a secure online voting ballot, something along those lines, to make sure that no one is compromising anything that's being submitted from the person who's filling out the form to the backend. You could build your own forms. GoAnywhere secure forms supports using user using either SOAP or REST. So inbound, they can be pre-populated or auto populated from applications or systems, or we can take content that's submitted into a secure form and make SOAP or RESTful call to populate, maybe another database or another website or another data source.

The input fields themselves can either be statically defined, as you can see here, where they can be configured to reference back in databases. So maybe you need to load some information as you fill out a form or populate some information on a website. One of the items that we're going to go through today is actually, you can actually see this on the screen is a recent enhancement that we put into GoAnywhere, which is a multi-step form process where you select some certain criteria. Like for instance, if you're going to enroll in our benefits package, you click, yes, you'll be rerouted to another form. You click, no, the enrollment process just stops, and then maybe you get a summary email or something along those lines.

And moving right along, as I mentioned, we can, I'm sorry. I'm just going into a couple of other concepts. Yeah, thank you, Eduard. Sorry about that. They can be made public, as I mentioned before, or anonymous. If you want for internal or external use, they could be restricted to a certain group of users if you want, so if you can imagine if you were to publish a Secure Form over the web it could be susceptible to maybe a bot, or a threat, or something that could ingest, for instance, a threat, maybe a virus or something, especially if it's a form that's being used to capture attachments.

And so going back to a little bit more about GoAnywhere and our threat protection, our DLP module, we can inspect all this content as it's being submitted into a Secure Form. You use our advanced workflows, which is this a major differentiator between GoAnywhere and some of our competitors, is now you gain all of those 100 tasks that I briefly mentioned earlier. You can unleash any of those by virtue of someone just submitting a form. So maybe, you need to take an attachment and maybe offload it to another system, or maybe send it to another platform, maybe integrate it with a CRM tool, maybe a Salesforce or something like that, where some information is uploaded, and you need to take that content. You need to move it somewhere else.

We can also, as I mentioned, we can use our advanced workflow module maybe to export that content and populate maybe another, even if it's an internal database or another platform, something along those lines. We've got custom messages that we can present, as you can see here on the screen. And so, you can neatly present people with information as they step through any secure form throughout the form process. And then finally, which I just think Eduard presented a similar webinar yesterday in Spanish, we support up to 11 different languages within our secure forms platform. So, now what we're going to do is we're going to move into a demo. So I'm going to share my screen here shortly. Sorry for the delay. Just had a brief hiccup with my virtual machine. And so, let me...

Okay. So here we have the GoAnywhere management console as Eduard started to briefly show. And what I'm going to do is, I'm going to go ahead and I'm going to sign in here and I'm going to show you a little background into what we're going to be reviewing the Secure Form itself, as well as the cloud connector integration. And so, let me go and just show you a couple of concepts here. So, I'm using a scheduler. I mentioned there was a couple of different ways that we can trigger content within GoAnywhere as files are being uploaded and downloaded. So I'm going to be working in a scheduler today. Eduard was focusing on a trigger. So, if someone signs into a console. In this case, this is more back end processing. We're going to be working with our cloud connectors and Google and OneDrive specifically, as I mentioned, we've got roughly 40 of them that we can integrate with.

And so what we're doing here is, we've maybe got some requirements to capture data within OneDrive and within Google docs. And what we want to make sure is that because those platforms are unrestricted to some extent, because people can upload and download pretty much anything that they want. And so, what we're going to do is, when we synchronize with our platform and we bring some of this content into our environment, we just want to make sure that we scan it to make sure that it meets our requirements from a security standpoint prior to uploading that context, you'd be prior to downloading that content. So maybe we've got PCI or PII controls, or maybe we've got threat protection controls. There are some inherent risks when we use cloud platforms. For instance, as an example, Google, in order to reset your password you don't need to provide a lot of information. It's fairly straightforward a with your platform, maybe you do some form of MFA or something along those lines where your security policies are a little bit more strict.

And so, we can make sure that that content that's coming into our platform adheres to your security requirements. So what we're going to do is, I've got these scheduled tasks that are going to connect to Google or Microsoft, and they're going to download and they're going to upload content. So what I'm going to do here is, I'm just going to take some test content, and I'm going to start maybe with something like an executable as well as a standard text document. And what I'm going to do is, let me just start with a clean slate. So what I'm going to do is, I'm going to first upload an executable as well as a JPEG and a text file.

So, let me just move back over quickly. My text file just has some basic text in it. This is clearly an executable here. It's a piece of software we're trying to run, which we don't want to execute. And then I've got a JPEG, which has had some PCI in it. So I've got loan account numbers and things along those lines. So what I'm going to do is, these are all uploaded into OneDrive. What I'm going to do is, I'm going to actually take that content via my OneDrive API, and I'm going to pull that information down into my environment. And so again, this might be a partner that I'm working with, or maybe some of your employees are using it, and now we just need to take that content and sync it to bring it into our environment. Maybe we're managing that OneDrive portal. And so, what winds up happening here now is, if I give this a moment and I refresh this, we're scanning the content that's up there, and we're just going to make sure that we want to allow for that content to come into our environment.

So I went ahead, just takes a few more moments to synchronize. I'm going to swing back over into my management console. I could see here that my job successfully ran. And then, what winds up happening here is, I'm going to delete files if they don't fall into my allowed media types. And I'm going to allow files that do fall in. So, here's my executable. There's my block. So, what I'm going to do is, I'm going to do is, I'm going to move into my folder structure really quickly. It's got the files that I just downloaded. And so, what we should see is that, that content hasn't been transferred into my environment. Let me just move back over here. So you could see a couple of things happened. The executable is gone, the text file is allowed, and the JPEG is here.

And now when I opened that file, what I should see is that once I bring it down into my environment, what I should see is that the sensitive information has been masked. So here's my OneDrive download, go ahead and open up this file. And here is the content that I've stripped out. So I haven't actually modified any of the content in the OneDrive portal, except for the fact that I took the executable away. And so now what we're doing is, we're applying our security policies to the content that's published within Microsoft OneDrive.

I've got similar controls that I can place within our Google environment as well. So here's a couple of files. I know we're running short on time here. So I'm going to go ahead and I'm just going to move these here. So what I'm going to do now is, I'm going actually just place a couple of those files. Instead of uploading them, what I'm going to do is, I'm going to actually place a couple of files, instead of downloading from Microsoft, and scanning content, I'm just going to place those same three files in my local environment. And what I'm going to do is I have a task where I need to sync with Google OneDrive, or it could be, excuse me Google drive.

So I'm going to go ahead. I've got a folder here where I put this content. So what I'm going to do is, I'm going to go ahead and I'm going to scan that content. And what we should see is that content should work its way up into Google. However, we're going to apply our security policies with that content. So very quickly, I go in here, I'm going to take this Google and drive, and I'm going to go ahead and I'm going to upload that content. While that's running., I'm going to quickly move over to my Secure Form and just show you that benefits survey, because I know we're short on time and we got to get back to Eduard. I believe he has one more item that he needs to share.

And so, here's my landing page. So here's my multi-step process. I go ahead, I send this email out to all of my employees. Let's just, I put in my employee ID number, I put in my name, and I'm going to say, I am going to enroll in our benefits process. I'm going to go ahead. If I were to choose no, an email via our advanced workflow is going to be triggered, sent to this email address, and it's basically going to have the information saying, I opted out of our benefits package. If I click yes, what should happen, I should move to another step within our enrollment process. And so, this is the multi-step process. Now, all these are pre-populated, but as I had mentioned, I can pull this information down from a database or another source as well. So that's the presentation of how we integrate with our threat protection DLP and how we tie into our cloud connectors as well as a little bit more about how we use our secure forms. Thank you very much. Let me turn you back to Eduard.

Eduard:

Thank you, Scott. It was very interesting. I will take back the control.

Scott:

Yeah, of course. So let me get you back the controls and you should have it. Sorry about that.

Eduard:

There we go. Yes. So, we're going to spend the last minutes of today's webinar talking about the last use case, which is probably the most complaints about employees exchanging files on data through the email channel.  So in this regards, you must know that standard email solution is not encrypted, so users are going to be exchanging files with the environment, with the customers, with the non-encrypted emails.  So, this is either managing the sensitive information so that is obviously a vulnerable situation from the security standpoint, but also consider that employees, by using email by default, as a channel to change data, they will sometimes have the need to change large files.  And standard email solutions will, and the mail servers will curb this, I'll say attachment limit to some 50 megabytes, for example. So, once they cannot use this corporate solution, they will look for alternatives there.

So, we transfer another kind of cloud solutions with a Shadow IT. There are not compliant.  And you lose control and lose track of what has happened with all these files. So because of your employee's exchanging data through a non-secure email channel, and because they sometimes use other solutions which are not compliant to send huge files, this is a problem.  So for that, we have a secure email solution. It's like a mail model, which are very simple, very easy to implement solution, which basically converts the file attachment in an HTTPS download link for the recipient. So the recipient will be sent, then we'll link to the attached file.  The benefit is that, the file is going to be downloaded through an HTTPS channel with encryption.  So nobody in the middle will intercept the communication and read the content of the file.

Second benefit, as we convert the attachment to a download file, then we'll link, you can send unlimited file sizes.  So, the employees will not have to access to the third parties on Shadow IT solutions for that.  We have other benefits for sure, but these are the main reasons why. Also, you will have full track and full view with the other administration from the admin's perspective of which files are being shared to whom, through the secure email. So with that being said, let's have a glance with demo. Okay. So now I will jump to the product.  So, these are the interface, just for you to know that here we have the secure mail option that can be an enabled. And from the end user perspective, they can access multiple ways to send secure emails.

One client, one option would be from the web line.  So here, end users can go and write their own personal secure emails.  With a subject, it's like a standard email.  You just have to browse here and select the file we want to upload. Okay, so this one. And what happens behind, if you compose an email from here that this file will be converted in an[inaudible 00:56:11] link that will be delivered to this eduard.seseras through email and eduard.seseras will download the file. You have some security options like how long it's going to be the link available. So how long it's going to offer which... For how many days it's going to be available.

You can limit the amount of downloads that this packet will have. You can add high sensitive data password, so the link is not enough to get and download the data or the file. You need a password to type a password. So, the user is going to be found from password, and you can send that password through a separate mail, or even an SMS message.  In this case, I would just send it without password. And you will see, I will show you how eduard.seseras will receive that file through email.  So GoAnywhere will send an email to eduard.seseras, will be HTTPS on the link to the file that has been attached.

Now, this is one option, so using the web line. Another popular option would be to use, we have an outlook plugin, where users, so the same way I was composing here a message through the web client, here I will do it from the outlook plugin. So yeah, I add the file, whatever file it is.  And you can type the body of the message instead of clicking the non-secure standard email, you just click on the send secure email. Very easy from the user perspective. It's not complicated. And we will see now how eduard.seseras will receive that particular email.

So now, I received. I will show you the recipient's perspective. So this is the secure email that has been delivered to me. You see employees that are working has sent, eduard.seseras', myself an email. So this is a secure email. And now, as a recipient, I just have to click here, download the file.  And this is going to be sent to work station with security, then I should... Yes. Very easy. Okay. Now, we have another option.  The third option that we propose to end user is to actually send emails from their mobile phone.  It's another option.

So we have an app where can users actually can send also emails. So I will show it the very quickly to you. So actually, this is my cell phone.  So here, I have an app, which is to GoAnywhere on the middle you see here. From here, users can go and we have an app which allows you to, I'm pleased to access to some of the models that we saw today. So, one is GoDrive. They can access their personal file server or which files have been shared with them through GoDrive. But also if I click on email from here, I can just also compose secure emails from my telephone.  So from my cell phone. So very easy. Here I compose. I can send an email to myself, the same way we did before.

You can add here a file if you want. So you just have to click on here. You can attach file and that's it. So, we don't have time here to simulate, but just for you to know that this interface and these are also exist on both for iOS and for Android. So now getting back to the admin interface and to end the demo for today. From the admin perspective you will have access on the admin and the management console on the package manager here for secure email.

Every single package or secure email that has been sent, okay, by employees. You will have full control of who has sent which file to whom.  You can click on any particular, let's say here this one,  You can click on a particular package of secure email and check and browse all the activity that has been done from the recipients. In this case I have here, one people. So, the eduard.seseras has downloaded directly the attached file. Okay, so I have full control of what happens with the file. So, with that being said,  So we are done from the demo's perspective. So, we will have some time here for answering your questions.

Q&A

Kara:

Yeah. And great. Thank you so much, Eduard and Scott. You both covered a lot of great use cases, including the collaboration features like secure mail that can ultimately help organizations reduce their risk no matter where their workforce is physically located. So, I also want to thank everyone else for joining today. I know we are at the end of time, but if you do have some questions, you can submit those in the questions pane in the bottom right of your screen, and we'll watch those to come through. We did have one come through. Great question here is, when the user is utilizing the web client from home, do they need to be connected to VPN to access those features like secure mail or GoDrive? Or is that requirement not enforced?

Eduard:

Okay, so I can pick this one. So, no. Absolutely not. They don't need VPN to access the secure folders or GoDrive or any module that we showed today. So, they don't need to use VPN and precisely that's the benefit.  So that they can free the VPN usage for these kinds of use cases and only use VPN for accessing these web applications or legacy apps. They really need to connect to the corporate network and exit. But for using secure folders, GoDrive, Secure Mail, no need for VPN.  Only through the web client, the web browser, through the desktop client or the app from the cell phone, they can directly use and consume our modules.

Kara:

Great. Thank you. I don't see any other questions that have come through, but if you do close out of the webinar today, there is a survey option. If you have additional questions, feel free to submit them there or through the questions pane or contact Eduard and Scott. I know they'd be happy to answer any additional questions for you. Our sales team is also happy to show you a custom demo. I can also put a link into the chat. With a link just to some other resources or where you can kind of see more features in action. But again, thank you all for joining us today. And with that, we'll close today's session.