Archive for category Data Security

How Managed File Transfer Changed My Life

Posted by on Tuesday, 24 January, 2012
In addition to being one of Linoma Software’s expert bloggers, Daniel Cheney is also in the IT trenches, and it was here that he first discovered the impact the switch to a managed file transfer solution had on his daily work life.
_ _ _ _ _ _ _ _ _ _

As a technology administrator at a major healthcare administration company, sending and receiving sensitive files between various systems used to be a daily grind and a consistent source of stress. We were using PC-based freeware FTP tools and the built in FTP functions on the IBM iSeries. The best we could do with scripting was to use CL command scripts to call the FTP function and hard code the login information. RPG programs would then call the CL scripts and retrieve and send the needed files, but there were insufficient logs and alerts for such automated activities.

managed file transfer, secure file transfer, secure ftpThe biggest headache for me was that these scripts, and the resultant sending of files, had to be error-free and reliable! Add to that the pressure of knowing how critical exchanging files is to the operation of the business and the challenge of  having a single person responsible for its success — it all became an unrealistic expectation.  On top of this, because most of these files are sent over the Internet, and because of the inadequate tools we had at hand, the security of our FTP processes was insufficient.

I knew it was time to find a better solution and after doing some evaluation of available managed file transfer products for IBM iSeries, I selected GoAnywhere™ Director from Linoma Software.

Our installation of GoAnywhere Director made a huge difference almost immediately.

First, Director provides me with all the possible security protocols available, including SFTP, FTPS, and standard FTP with PGP encryption.  It also has powerful scripting functions to login to HTTP and HTTPS sessions in order to automate logins to partner sites for file transfers.

Director makes it possible to automate all of the company’s file transfers with a schedule and log so we know the path and time of every transaction.  Alerts are automatically sent to us if there are any problems, or if we wish, every time it succeeds.  Responsibility can be distributed to various departments as needed to receive these alerts and/or to begin the execution of the transfers when ready.

The simple-to-navigate web interface makes it easy for any user to view, verify, change and execute these file transfers.  The scripting is easy for the average user to setup. If there are any challenges that we come up against with our file transfer processes, Linoma support has always been extremely effective at showing me how to do a successful execution.

I know how frustrating it can be to initiate, monitor, and track the ever increasing number of file transfers my company requires, especially without an all-in-one tool like managed file transfer.  It amazes me how many IT people still don’t realize there’s a better way to do things — a way that gives them more control, and more time to devote to all the other projects demanding their attention.  I know managed file transfer — and specifically GoAnywhere Director — changed my life at work.  I hope more of my IT colleagues discover the advantages soon.

Daniel Cheney

Daniel has been the IT Director at a healthcare company for the last 12 years and a longtime beneficiary of GoAnywhere Director and the IBM i platform. He is also a freelance writer for various technical and social media projects.

More Posts - Website

Latin American Bankers to Discuss Data Security

Posted by on Monday, 12 September, 2011

This week, bankers and banking security experts from the U.S. and Latin America will gather at the InterContinental Hotel in Miami for one of the largest annual bank security conferences for senior Latin American bankers. CELAES 2011, the 26th Annual Conference of Banking Safety takes place September 15-16.

Given that Latin America has one of the highest rates of users who access banking online through computers and mobile technology, bankers have plenty of reason to stay on top of the latest cyber threats and security measures.

The Florida International Bankers Association (FIBA) and the Federation of Latin American Banks (La Federación Latinoamericana de Bancos – FELABAN) are hosting this unique joint Spanish/English conference. Attendees can participate in a variety of educational sessions on best practices for banking security, as well as gain access to vendors offering the latest security hardware, software cloud computing strategies for the banking sector.

Cyber crime is not just Latin America’s concern

data security A large portion of this year’s conference is devoted to preventing data breaches through security management of data, cloud services, electronic fraud detection and risk mitigation.

What makes Latin America’s challenges relevant is that the tactics developed by the cyber criminals that thrive there can be used on any financial system in the world. Conferences like the  CELAES 2011 conference helps educate and present solutions to banking executives in Latin America and help close the doors on cyber criminals.

Cyber crime in Latin America’s financial industry remains a serious concern for a variety of reasons. The developing legal systems in many Latin American countries are adding laws to combat cyber crime, but enforcement is lacking. This is further compounded by the absence of the “personal privacy” notion within many of the governing entities in some Latin American countries. Another issue for the Latin American financial sector, according to Frost & Sullivan, is that 70% of people making online transactions believe that the bank or service provider is responsible for fraud and protecting their online security.

Phishing, fraud and malware are common

Crime organizations and cartels present in Latin America have contributed to or funded cybercrime networks, making Latin America a haven for illegal electronic activity. Not only are these organizations stealing money and account information through online phishing/fraud, Bloomberg reports that one Mexican cartel is openly selling their own pirated versions of Microsoft products. Sold for a fraction of the retail cost, who knows what Trojans and back doors are included as “features.”

The ESET Trends and monthly Threat Reports calculate that 1 in 20 computers in Latin America are infected and the spread of malware is gaining speed as USB devices and now gaming consoles account for 40% of malware propagation. The growing number of infected machines gives the attackers a strong network of resources for both direct and indirect attacks on the financial sector.

The same PCI Data Security Standards required for financial institutions in North America are making an impact in Latin America. Financial institutions are realizing that they are less susceptible to a breach during a cyber attack when they’ve spent the time and resources to implement even a few of the PCI requirements like network monitoring, complex passwords and data encryption of account and payment information (PCI DSS requirements now apply to International payment processing).

Linoma Software is part of the solution

data securityDuring the conference Linoma Software’s partner Green Light Technology, a conference sponsor and a respected solutions provider for  the Latin American banking industry, will present Crypto Complete for database encryption and the GoAnywhere secure managed file transfer solutions. Both products protect and encrypt sensitive data, reduce access to primary systems, provide data workflow automation and detailed audit features.

Thanks to the efforts of FIBA, FELABAN and cooperation among international agencies, Latin American banking and finance representatives have the opportunity to fight back against cyber criminals, and the lessons learned will benefit all of us.

Dirk Zwart

Dirk Zwart writes Linoma Software’s User Guides for the GoAnywhere secure file transfer applications. Dirk’s writing topics have covered everything from hardware manuals, software guides, security policies for compliance projects and reviews of consumer electronics. Follow Dirk and Linoma Software on Linkedin or Facebook/Twitter.

More Posts - Website - Facebook

Crypto provides Swiss bank its backup encryption solution

Posted by on Monday, 1 August, 2011

When you’re an international bank striving to protect your clients’ data, should you rely on new hardware or a data encryption software solution?

Crypto Complete backup encryptionIn Linoma Software’s latest case study, IDB (Swiss) Bank faced this dilemma, and after careful research, chose Crypto Complete to help them serve the privacy needs of their clients while meeting compliance requirements.  Crypto Complete provides both field and file encryption as well as backup and IFS encryption.

Thanks to the cost-effective backup encryption options Crypto Complete delivers for iSeries users, as well as the attentive support both from Linoma Software and the local team from the European Software Business Development (ESBD), IDBS was up and running quickly with a long-term strategy in place.

To learn more about how IDBS made the decision to choose Crypto Complete, please explore our newly released case study.

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing, and you can find out more about her by viewing her LinkedIn profile.

More Posts - Website - Twitter - Facebook

Citigroup Breach Triggers Congressional Response

Posted by on Monday, 11 July, 2011

The data breach at Citigroup in May – a breach which reportedly exposed an estimated 200,000 customer accounts – has motivated members of the U.S. Congress to re-introduce legislation to penalize the very organizations that have been victimized by hackers.  What are the next steps your company should take?

New bills to protect consumers’ personal dataLinoma Software Managed File Transfer Solutions

Two bills are proposed by both House and Senate legislators.

First, Sen. Patrick Leahy (D-Vt.) has introduced the Personal Data Privacy and Security Act of 2011.  The new bill provides:

  • Tough criminal penalties for individuals who intentionally or willfully conceal a security breach involving personal data;
  • A requirement that companies that maintain personal data establish and implement internal policies to protect data privacy and security; and
  • A requirement that the government ensure sensitive data is protected when the government hires  third-party contractors.

This act would also require, under threat of fine or imprisonment, that businesses and agencies notify affected individuals of a security breach by mail, telephone or email  “without unreasonable delay.” Media notices would be required for breaches involving 5,000 or more people.  The FBI and the Secret Service would need to be notified if the breach affects 10,000 or more people, compromises databases containing the information of one million or more people, or impacts federal databases or law enforcement.

But that’s not the only security bill that has businesses concerned.

In the House, Rep. Mary Bono Mack (R-Ca) is holding hearings in preparation of a bill she’s named The SAFE (Secure and Fortify) Data Act that would also require “reasonable security policies and procedures” to protect consumers and enable disclosures to victims and the Federal Trade Commission within 48 hours of a data breach.

Companies no longer viewed as the victims

All this sounds good from the consumer’s point of view. But what about the expense – and potential Linoma Software GoAnywhere Managed File Transfer Solutionpenalties – suffered by the “owners” of the data: the businesses themselves?

While these bills may address the public’s interest for notification — and indeed they would bring some semblance of a national standard – they also represent an interesting shift in the liabilities that companies will face.  How is that?

Though we currently have no federal data breach notification law, federal policies now view the companies that experience a data breach as the victims of crime. However, under the proposed legislative bills, companies that do not act quickly to appropriately secure the personal data of customers – or fail to report a data breach in a reasonable amount of time – would not only suffer the theft of data, but also be held liable for its loss.

This is a significant shift. Companies are now being viewed not as the owners of consumer data, but merely guardians and trustees whose job it is to protect that data or face criminal penalties. And the message is clear: if companies won’t take adequate precautions to secure the sensitive data of our customers, they’ll pay a hefty price.

Where does your company stand?

In a world in which diligent hackers have the power break into seemingly secure networks and systems, what can your company do?

The challenge is first to determine exactly what qualifies as adequate precautions.

GoAnywhere Secure Managed File Transfer A review of the HIPAA HITECH security provisions that took effect last year provides some insight about what the government considers adequate protection.

HITECH strongly recommends the use of encryption technology. Encryption is a good place for your company to start, especially when dealing with the data your company stores on its servers.  If sensitive data itself is kept securely encrypted, a data breach doesn’t expose the content of the information itself.

Secure managed file transfer protocols – which send data using encryption – is the second place to focus attention.

If data is encrypted when it is being securely transmitted between business partners, the value of that data should it be breached – through hacking, theft, or other malicious actions – is worthless.  Encryption and secure managed file transfers can dramatically minimize the holes of technical breaches, significantly reducing an organization’s liability.

Preventing exposure

The Citigroup data breach has rekindled the momentum for a nationwide, cross-industry data breach reporting standard. This standard will not to eliminate the physical breaches themselves. What’s needed is legislation to encourage companies secure the underlying data that is the target of the hackers.

Isn’t it time for your company to take a serious look at its liabilities and to investigate how encryption and managed file transfers can close these important security holes?

Thomas Stockwell

Thomas M. Stockwell is one of Linoma Software's subject matter experts and a top blogger in the industry. He is Principle Analyst at IT Incendiary, with more than 20 years of experience in IT as a Systems Analyst, Engineer, and IS Director.

More Posts - Website

1.800.949.4696  |  sales@linomasoftware.com  |  privacy policy
Copyright ©1994 - 2012 Linoma Software  |  All rights reserved