We did a survey almost a year ago of IBM i customers and just about half of them said “yes, we’re transferring data”...
“no, we’re not protecting it”... “yes, we know we have a problem”!
One of the easiest ways for an organization to have a Big Security Win is to secure sensitive data using secure managed file transfers. When unencrypted sensitive data moves off your IBM i to internal servers, public networks, or service providers via the Internet, the data is vulnerable to malware and other attacks. Unencrypted data (also called “data-in-motion”) is extremely vulnerable to a breach. This is a critical issue for companies that must transfer sensitive data such as credit card numbers, financial information, and other personally identifiable information (PII). Sensitive data is covered under industry and many state data security regulations and any organization, no matter the size, collecting and transferring data is required to protect that information.
According to compliance regulations such as the Payment Card Industry (PCI-DSS version 2.0 Section 4), organizations must always encrypt credit card numbers as they are transferred from one location to another. PCI DSS applies to everyone - both public and private companies (large and small) - that accepts credit card payments. PCI-DSS version 3.0 will be released this fall, and we will be talking about that more as that time approaches. While PCI-DSS applies to credit card information, other regulations cover different elements of PII. HIPAA/HITECH Act addresses protected health information (PHI), but while it does not mandate encryption, it does state that the only safe harbor from data breach notification and severe penalties & fines is to protect PHI with encryption. Sarbanes-Oxley (SOX) applies to all publicly traded companies in the US and has a component (section 404) that applies to IT systems and best practices around protecting data. The Federal Trade Commission (FTC) has also been active in the area of data breaches where it applies to published privacy statements. They consider it an aspect of consumer fraud if companies are not following their published guidance around privacy.
So what are the “must-haves” for meeting compliance around securing sensitive data that will stand up to scrutiny in terms of any kind of outside audit, challenge, or data breach? PGP (Pretty Good Privacy) encryption is the industry standard for encrypting data-in-motion. Secure file transfer protocol, also known as SSL FTP or SSH sFTP, is often combined with PGP whole file encryption as part of a core solution to ensure that the data-in-motion is encrypted and remains encrypted after being transferred to trading partners. While data is transferred via secure SSL connection, keep in mind it is important that the sensitive data lands encrypted at its final destination. For a much more technical look at all of these components, I’m sharing a recently recorded webinar on Secure Managed File Transfer with you, and as always, please post any additional questions you may have here in the comment section!
Specifically for IBM i users, the following webinar will cover how easy it can be to meet compliance regulations with a Secure Managed File Transfer solution. You can also learn more about how PCI-DSS, HIPAA, Sarbanes-Oxley, and new state/federal laws affect your company and discover real-life examples of how others are meeting these challenges with Alliance FTP Manager and the PGP solutions.
During this 45-minute webinar, Patrick Townsend will also discuss core components of a total encryption strategy and show you how to:
For the remainder of the month of August, Townsend Security will provide additional help to our new customers, or customers licensing new modules of Alliance FTP Manager, by implementing their first secure FTP project. This means our team of security experts will help you fully implement your first secure transfer. Working with your IT team on your IBM i platform, we will help you do the configurations, do the transfer, set up DCM if that is required, and sFTP and SSL FTP configurations. This full set up will get your first transfer done very quickly and you will be able to see the success right away!
Contact us about how to take advantage of this limited time offer: Just fill in the fields below, click the blue button... and Ken will contact you!