If you’d like to learn more about how you could benefit from simplifying, automating, and securing your file transfers, join us on Thursday, June 14 from 12:00-1:00 pm CDT for a free webinar that will outline the dangers of traditional FTP, and then focus on alternatives that not only keep your sensitive data more secure, but give you more control and better tracking of the entire file transfer process.

Beyond FTP: Automating and Securing File Transfers
Thursday, June 14, 2012
12:00-1:00 CDT

For more information or to register for this event,
please visit our webinar registration page.

For a real life example of the benefits of managed file transfer, check out this System i manager’s story.

Ernie Iannucci from AF&L Insurance Company describes how much time and headache his IT team saved when they transitioned from doing each transfer manually to implementing a managed file transfer solution.

Watch Ernie’s story now

Disk encryption was introduced as a solution for simplifying the encryption requirements that most companies face for protecting sensitive data.  Now that the IT industry has gained a few years of experience, however, many have discovered that disk encryption is not an all-encompassing security solution.

Laptops are one of the most popular targets for disk encryption.

However, companies have discovered that it requires a lot of planning and time to implement laptop encryption properly.

First of all, disk drives must be in good condition with no disk errors, and experts recommend that they be de-fragmented before installing the encryption software.

Once the time-consuming de-fragmentation task is completed, encrypting the drive will take an additional 2- 4 hours depending on the size of the drive.  Employing disk encryption for a large number of laptops in the organization will therefore result in some significant downtime for their users.

Some companies are touting disk encryption as their “end all” for meeting compliance requirements.  But it is not a silver bullet.  For instance, once a laptop is placed on the network, the data on the encrypted disks could potentially be accessed by savvy online hackers.  Once access is gained, all information on the compromised laptop could then be easily downloaded from the laptop by the hacker.

For those companies that deal with credit cards, PCI DSS compliance standards involve a complex series of requirements that disk encryption cannot solve on its own. Here are just two items from the PCI checklist:

• A user’s access to protected data must be managed separately from his or her access to the operating system that the data resides on.  Therefore, if the secure data is stored on an MS Windows server, access control to the sensitive data must be managed by an application other than in Active Directory.

• Cryptographic keys and cardholder data must be encrypted wherever it may be stored, including removable media such as USB drives, CDs, DVDs, or tape backups.  However, disk encryption does not encrypt data if it’s moved to other devices.

IT professionals are discovering that the best way to meet PCI DSS and other similar regulations is to keep sensitive data off of laptops whenever possible. Sensitive data can be more easily secured and controlled by IT professionals within centralized corporate database systems. The data can then be encrypted at the field level within these database systems.  Along with effective key management and audit trails, an effective database encryption solution will provide a much higher level of protection for this sensitive data.

To maximize their time and resources, many companies are turning to third party vendors, such as Linoma Software’s Crypto Complete, which provide an effective solution for field encryption without the need to make programming or database changes.

Keeping data secure is a constant battle, and given the high cost of data breach, it could be one of the most critical tasks a company tackles.  As hackers get more creative, relying on encryption best practices may be the best defense IT has.

Like many in our industry, we do our fair share of trade shows, and as anyone who has ever exhibited will tell you, it’s a lot of work.

In our company, Lu Ann handles all of the arrangements.  She books the plane tickets, reserves the rooms, secures the exhibition space, orders the exhibitor badges, organizes and ships the collateral, and coordinates a thousand other details to ensure everything goes smoothly for the team when they arrive.

The sales team does all of the manual labor, including packing and repacking the booth displays and equipment, helping load and unload the heavy boxes onto the shipping company’s truck, and of course setting up and tearing down the booth.  Again, so many details to manage to make sure everything is perfect for the opening of the show.

Months in advance, our marketing team is planning giveaways and prizes, updating collateral, and trying to add new ways to catch visitors’ attention.

Throughout the show, we’re working hard to connect, meeting new trade show participants and vendors, and reconnecting with long-time customers and partners.  We’re striking up conversations with people who pass our booth, and we’re walking the floor saying hi to old friends and introducing ourselves to new ones.  It’s an energizing, exhausting, rewarding process.

And of all of the trade shows that we attend and/or where we exhibit, COMMON holds a special place for us.  The COMMON community is tightly knit and loyal, and every show is like a family reunion.    New deals are forged, partnerships are discovered, and all the while relationships are built and nurtured.  When we reconnect with customers or friends, it’s as if we’re just picking up the conversation right where we left off from last year’s COMMON conference.

As I approach my one-year anniversary as marketing manager at Linoma Software, I’m fortunate to have been invited to attended my first COMMON conference. When our president Bob Luebbe toured me around from booth to booth introducing me to people, I quickly realized the level of connection Linoma has with the IBM i community.

It was wonderful to finally meet in person all of the folks I’d been working with all year:  Jennifer and Megan from iPro Developer; Chris, Kara, David and Jeff from MC Press; Tami and Darryl from IBM Systems Magazine; Dan,Timothy, Kim and Jenny with IT Jungle; and Dan Cheney, our most prolific blogger on this and the GoAnywhere Managed File Transfer blog whom I finally got to hug.  It was especially amazing to spend quality time with my friend and mentor Bill Rice, with Humanized Communication.

Today, as we’re breaking down the booth, saying goodbye to friends, and anticipating the long flights home, it’s clear that the IBM i community is thriving.  We are proud to be a part of it all, and are already planning for next spring’s COMMON conference.

Tokenization in the data security world is the process of moving sensitive data from a company network to a separate location or sever, and replacing and referencing that data on the company server with a unique token.

If hackers attempt to access sensitive information like credit card numbers from a server, they’ll instead encounter the token which prevents them from finding the original data without a specific encryption key or knowledge of the tokenization system.

For example, say a merchant acquires a credit card number by swiping a customer’s card with a card reader.  If the merchant has implemented tokenization, this card number information is immediately replaced in the merchant’s database by a token number while the actual card number is sent and stored (in encrypted form) at a different location, along with the reference from the token.

Because the actual card number is never stored in the merchant’s front-end system, hackers have a much more difficult time stealing it. Customers can therefore be assured that it is safe to let that merchant use their card information because the actual credit card numbers are not stored in an easily accessible location.

All organizations that capture credit card data are required by the PCI DSS government regulations to secure and protect this data.  Originally, this presented a challenge to the payment industry until Shift4 Corporation presented tokenization solutions at an industry Security Summit in 1995.  The adoption of tokenization became a popular solution to meet the PCI DSS compliance regulations.

>>Check out these white papers discussing PCI DSS compliance issues, and data breach threats

Other industries are beginning to adopt tokenization to protect confidential information such as banking transactions, medical records, criminal records, vehicle driver information, loan applications, stock trading and voter registration.

Finding the most efficient way to implement tokenization is challenging, but the growing threat of cyber attack and the expense of data breach have motivated IT shops to research options in earnest.

A variety of third-party software solutions, such as Linoma Software’s Crypto Complete, deliver tokenization tools as well as additional options for managing encryption keys, audit logs, message alerts; storing tokenized data; automatically assigning token identifiers; and providing a central management platform for the entire tokenization process.

When a greedy hacker in anticipation of scoring a cache of customer credit card data finds instead a series of tokens, companies win another battle in the war against cyber thieves.