Archive for category Data Security

How to keep your IBM i data and file transfers secure while maintaining compliance

Posted by on Wednesday, 30 April, 2014

IBM i It seems commonplace to hear about data or security breaches on the news these days. With the threat of steep fines and loss of trust in your brand, the impact a breach can have on a business of any size could be devastating. If your organization utilizes IBM i systems for transferring files and sensitive data, you need to understand the risks involved and know how to proactively reduce those risks.

At the COMMON 2014 Annual Meeting and Exposition in Orlando, Florida, Linoma Software’s Bob Luebbe and Ron Byrd will be presenting two sessions targeting IBM i data encryption issues and how you can protect yourself.

EncryptionSessionQR

Is Your Sensitive Data Secure? Are You Compliant?
If you are responsible for the security of your organization’s sensitive data (credit card numbers, social security numbers, etc.) and maintaining compliance with IBM i 7.1, you can’t afford to miss this afternoon session.  Bob Luebbe and Ron Byrd will explore Encryption with DB2 Field Procedures in V7R1. You will learn how the new DB2 Field Procedures in IBM i 7.1 can be used to provide transparent database column (field) encryption along with useful tips and techniques you can apply in the workplace.

Encryption with DB2 Field Procedures in V7R1
When: Wednesday, May 7, 2014 •  2:00pm – 3:15pm
Where: Pacifica Ballroom 5 – Loews Royal Pacific Resort
Scan the QR code above to add this event to your calendar.

 

Using FTP for transmitting data can get the job done but what are the security risks? If you understand the pros and cons of secure protocols, using keys and certificates and the ins and outs of dual factor authentication, you can reduce company risk and secure files transmitted with IBM i systems.

 

BeyondFTPsessionQRAre You Using Standard FTP or PC Tools to Transmit?
If You Are, Your Sensitive Data Is At Risk.
Your sensitive data is at risk of being exposed if you use standard FTP or PC tools to transmit data to or from the IBM i. Don’t miss Beyond FTP: Securing File Transfers. In this information packed 75 minute session,  Bob Luebbe and Ron Byrd will show how to use certificates and keys to authenticate trade partners. Plus, learn about popular encryption methods including OpenPGP, SFTP, FTPS, HTTPS, and ZIP/AES to keep your data safe.

 

Beyond FTP: Securing File Transfers
When: Wednesday, May 7, 2014 •  5:00pm – 6:15pm
Where: Pacifica Ballroom 9 – Loews Royal Pacific Resort
Scan the QR code above to add this event to your calendar.

 

Even if you can’t make it to the sessions,  we hope you’ll stop by the Common 2014 Exposition on May 5th and 6th and visit with the Linoma Software team in booth 405. Our team is ready to answer your questions about keeping your file transfers secure on the IBM i with our software solutions. We have a limited number of Expo passes we’d be happy to share. If you are interested in attending, please contact us at 800-949-4696 and mention this article or send us a tweet on twitter @LinomaSoftware.

Linoma Software products are not affected by Heartbleed bug

Posted by on Wednesday, 9 April, 2014

Heartbleed bug graphic from heartbleed.comIf you are a Linoma Software customer using any of our products such as the GoAnywhere suite (Director, Services, Gateway, Open PGP Studio), Crypto Complete, Surveyor/400 or the RPG Toolbox, we are pleased to report that our products are NOT vulnerable to the Heartbleed bug.  

The CVE-2014-0160 exploit, or Heartbleed bug, has made big headlines over the last 48 hours. The Heartbleed bug exploits vulnerabilities in the popular OpenSSL server software potentially allowing the memory of SSL/TLS encrypted systems to be compromised. The bug essentially allows access to the memory of the SSL/TLS protected systems and attackers can potentially steal and read formerly encrypted information such as usernames and passwords, credit card numbers and other sensitive data.  To learn more about the Heartbleed bug please visit Heartbleed.com.  Additional resources allow you to check and see if your website or server is affected by the Heartbleed bug:  Heartbleed Test and LastPass Heartbleed Checker.

GoAnywhere Suite (Director, Services, Gateway, Open PGP Studio)
GoAnywhere does not use native libraries for SSL/TLS and relies on the JSSE libraries of the JVM that GoAnywhere is running on. This exploit does not exist in the JSSE implementation of SSL/TLS.  While Tomcat does, however, have the ability to utilize native SSL/TLS capabilities for its HTTP/S connections with the APR Connectors, GoAnywhere does not employ this functionality.
GoAnywhere Secure File Transfer mobile apps:
For Apple devices: The GoAnywhere Apple app uses the Secure Transport implementation of SSL/TLS and is not affected by Heartbleed.
For Android devices:  The GoAnywhere Android app uses the JSSE implementation of SSL/TLS and is not affected by Heartbleed.

Surveyor/400:
Surveyor/400 does not use native libraries for SSL/TLS and relies on the JSSE libraries of the JVM that Surveyor/400 is running on. This exploit does not exist in the JSSE implementation of SSL/TLS.

Crypto Complete:
Crypto Complete does not use SSL/TLS for Field or Backup encryption and is not affected by Heartbleed.

RPG Toolbox:  Our RPG toolbox does not use any encryption and is not affected by Heartbleed. 

Linoma Software and HealthIT Security Partner on HIPAA Best Practices Guide

Posted by on Friday, 4 April, 2014

At Linoma Software we understand the importance and challenges of HIPAA compliance. Whether your organization has been compliant with the HIPAA Omnibus Rule for months or it’s still shoring up some compliance gaps, there are likely tips you’ve picked up along the way.

SystemiDeveloper_logoOur partnership with HealthIT Security allows us to bring timely and actionable information to healthcare IT professionals and executives. This HIPAA Best Practices Guide uses expert analysis and industry expertise to focus on exactly what will be expected technically, administratively and policy-wise among HIPAA covered entities and business associates (BAs) during potential audit scenarios.

With the estimated cost of compliance falling around $14.5 million annually, regulated healthcare businesses can’t afford HIPAA non-compliance with PHI.

If you have a regulated healthcare business, learn how the HIPAA Onmibus Rule could affect you and how to protect your company by ensuring your forms, files, policies and procedures are 100% HIPAA compliant.

Click here to download the HIPAA Best Practices Guide today.

Justin Phipps

Justin is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions.

More Posts

Data Breaches Threaten Companies Worldwide

Posted by on Monday, 15 July, 2013

As technology staffs contend with ongoing changes to the data distribution landscape, it is important to keep abreast of data security risks and to understand the significant importance of properly managing customer’s private data.

data breachThe Ponemon Institute recently released its annual data breach report which provides stats on data security issues and trends.  With more than 277 companies involved and 1400 individuals interviewed, this report provides a current and unique perspective of potential security risks associated with even the smallest data breach.

Below are highlights of the report which indicates data breaches remain a difficult challenge.

  • The report identifies three key causes of data breaches worldwide:
    • Malicious Attacks – 37%
    • Negligence – 35%
    • System Errors – 29%
  • The average per capita costs of a data breach increased to $136 per capita over the $130 per capita from the previous year.
  • The US had the highest total per incident cost of $5,403,644.
  • In 2013 the average number of breached records was 23,647
  • Healthcare, Financial and Pharmaceutical industries continue to be the top industries with the highest per capita costs incurred.

Ironically, the report noted that organizations that notified victims too soon following a data breach actually incurred higher costs. This is an indication that an incident management plan should be in place to properly mitigate the data breach event.

It’s clear, based on the data in this report, that companies need to look beyond technology solutions that secure systems and communications.  It is important that the human factors are considered like employee training and creating an incident management plan to provide a full proof data security strategy.

Take a look at the full 2013 Ponemon Institute Data Breach report for more information on the top reasons that data breaches occurred and ways to decrease the risks and costs associated with them.

For information on how your company can build a better strategy to avoid data breaches, download our free white paper “Defending Against Data Breach: Developing The Right Strategy for Data Encryption.”

 

Daniel Cheney

Daniel has been the IT Director at a healthcare company for the last 12 years and a longtime beneficiary of GoAnywhere Director and the IBM i platform. He is also a freelance writer for various technical and social media projects.

More Posts - Website

1.800.949.4696  |  sales@linomasoftware.com  |  privacy policy
Copyright ©1994 - 2012 Linoma Software  |  All rights reserved