Townsend Security Data Privacy Blog

Managed FTP Services on the IBM i – Look for These 8 Features

Posted by Patrick Townsend on Aug 8, 2016 1:03:03 PM

In a previous blog I talked about the security features that you should find in a Managed FTP solution. Of course, we look for the security components first as we want to be very sure that our data is protected in transit and at rest when it arrives at its destination. But with the high volume of FTP transfer activity in the modern organization; we also want to find a number of automation and management features in our Managed FTP solution. That’s the focus of today’s blog.

Secure Managed File Transfer for IBM i Here are the eight main elements of a Managed FTP solution for the IBM i (iSeries, AS/400) platform:

  1. Automation

  2. Scheduling

  3. Application integration

  4. Diagnostic logging

  5. Notification and Exception handling

  6. Resource management

  7. File system support (DB2, IFS, etc.)

  8. Commands and APIs

Let’s take these areas one at a time.

Automation: By its nature FTP is a manual process. This is one of the original protocols of the Internet and it was designed as a command line facility. But our modern IT systems need a solution that is hands-off and lights-out. A good Managed FTP solution should allow you to fully automate both inbound and outbound file transfers. And because our IBM i servers are often located inside the firewall, we need to be able to detect and pull files that are available on remote and external servers. We sometimes call this the automatic scan of remote servers and it is a critical automation component. Your Managed FTP solution should allow you to automate every aspect of sending and receiving files, including encryption of files you are sending and decryption of files that you receive.

Scheduling: Many file transfers have to happen at a certain time of day. This means that your Managed FTP solution should provide for intelligent scheduling of file transfers. Scheduled transfers might happen hourly, once a day, once a week, or once a month. But the scheduling facility should accommodate your transfer needs. Additionally, the ability to schedule a transfer through a third party scheduling application should be fully supported.

Application integration: When you receive a file via FTP it should be possible to automatically decrypt the file and automatically process it into your applications. This level of automation removes the need for human intervention and provides data in a timely fashion to your applications and ultimately to your users. Look for your Managed FTP solution to provide callable exit points, library and IFS directory scan facilities, and plenty of sample programs that you can use to start your automation projects.

Diagnostic logging: It is easy to underestimate the importance of built-in diagnostic logging in a Managed FTP solution. When you are processing many files every day, and when you are processing time critical files (think payroll files), you have to be able to identify the cause of a transfer problem very quickly. A diagnostic log should be available for every transfer and should clearly identify the causes of failures. FTP sessions can fail for a wide variety of reasons including network outages, password changes, remote configuration changes, expired certificates and keys, and many other issues. The presence of diagnostic logging means the difference between a long night hunched over a terminal or a leisurely trip to the pub!

Exception handling: A good Managed FTP solution will tell you when things go wrong. From my point of view this is both a good thing AND a bad thing. We have customers who run our solutions for years and forget that they are there! But this is what you want. A Managed FTP solution should tell you when a transfer failed and give you some clues on the resolution. In our Managed FTP solution notifications are done by email and you have a lot of choices – you can get notified on failure, notified on successful transfer, or notified on all activity. But it is the ability to get notified on failure that is so critical.  Exception handling should also include automatically retrying a failed transfer operation. Look for the ability of your Managed FTP solution to retry a transfer at least three times before reporting a problem!

Resource management: We don’t think of FTP as a CPU or disk intensive operation, and that is generally true. But imagine what it might be like to transfer several thousand files a day!  Those small individual file transfers start to add up in terms of resource utilization pretty fast.  Your IBM i Managed FTP solution should allow you to manage job priorities, schedule transfers during off hours of light usage, manage CPU time slice and pool allocations, and many other aspects of resource management.

File system support: As IBM i users we have a lot of data stored in DB2 files and tables. But we also may have a lot of information stored in the Integrated File System (IFS). A Managed FTP solution should support these file systems for both inbound and outbound transfers. Also consider those special file system requirements. Can you manage file transfers in a Windows network shared folder? Or a Linux/Unix NFS mounted volume? Or in a mounted drive for a remote IBM i server through the File400 folder? These can be important features for an IBM i solution.

Commands and APIs: Last but not least, there are always things we can’t do with the ready-to-use features of a Managed FTP solution. We will want to have access to IBM i commands and APIs to help us handle those special situations. In our Alliance FTP Manager solution we give you access to every single FTP operation directly from your RPG and CL applications. You can perform every aspect of an FTP session under program control, and know if it was success or failed, and why. And of course, command interfaces make it easy to put or get a single file. You might not initially miss the rich set of APIs, but the day will come when you need them!

In this blog I’ve tried to give you a feel for the basic set of features that you should find in a Managed FTP solution. You can learn more about our Alliance FTP Manager solution for the IBM i platform here.

Patrick

Secure Managed File Transfer for IBM i

Topics: Managed File Transfer, Secure Managed File Transfer, FTP Manager for IBM i

Secure and Managed FTP on the IBM i (AS400) Platform

Posted by Patrick Townsend on Jul 7, 2016 3:39:40 PM

The File Transfer Protocol (FTP) has been with us since the dawn of the Internet. Amazingly it is still a critical component of electronic commerce and all large organizations use FTP for integration with their customers and vendors. As a critical part of your electronic commerce infrastructure you want to make sure that your FTP solution is reliable, secure, automated, and manageable. That’s where Managed FTP solutions come into play. Our Alliance FTP Manager falls into this category and helps IBM i (AS/400, iSeries) customers meet this critical need.

Click to view Secure Managed File Transfer Webinar for IBM i users In this blog I want to look at just the security components of a Managed FTP solution. In a future blog we’ll look at the management components in more detail. But let’s start with security!

Secure Transfer Methods

Of course, we need to be sure that we are securing all of our FTP operations with strong encryption. Older FTP protocols did not encrypt FTP sessions and left organizations exposed to data loss both inside and outside of the corporate network. All of that is changed now. There are two types of secure, encrypted FTP methods in wide use:

  • Secure Sockets Layer FTP (SSL FTP, or sometimes FTPS)

  • Secure Shell FTP (SFTP)

SSL FTP is an extension of the original FTP protocol and is an Internet standard. As the need for secure eCommerce increased in the early 2000s the SSL FTP transfer method gained traction and large organizations transitioned to this secure and encrypted transfer method. Unfortunately, SSL FTP was difficult to implement in typical corporate networks and required modifications to firewall configurations. The complexity of the SSL FTP method made it difficult and expensive to implement and manage.

Secure Shell FTP, or SFTP, is a part of the Unix and Linux Secure Shell set of applications. While originally a Unix application, Secure Shell is now available on a wide set of operating systems and platforms. SFTP provides a secure implementation of file transfer and is much more friendly to the corporate network and network administrators. For this reason most organizations have transitioned to SFTP for their secure and encrypted file transfer needs.

While other open and proprietary solutions exist to transfer files, SSL FTP and SFTP remain the dominant methods of secure file transfer for ecommerce.

Additional Security Requirements

In addition to secure and encrypted transfer of files, a good managed FTP solution provides additional security controls. Let’s take a look at the ones you should find in a managed FTP solution:

File encryption: Many people are surprised to learn that encrypting a file transfer session is not an adequate level of security. When a file arrives at its destination it should also be protected at rest. This means encrypting the file before it is transferred with SFTP or SSL FTP. But doesn’t this mean the data is doubly encrypted? Yes it does. But protecting the file after it is transferred is crucial to a security strategy. Most organizations use Pretty Good Privacy (PGP) to encrypt a file before transfer, and to decrypt files that are received. Your Managed FTP solution should natively integrate PGP encryption into file transfers.

Configuration access control: Configuring managed FTP transfers involves setting local and remote configuration parameters, encryption parameters, and many other aspects of file transfer operation. Your managed FTP solution should implement configuration access controls and notify you of an attempted violation.

Two Factor Authentication (2FA): Control over the administrative functions of a Managed FTP solution should include Two Factor Authentication. This is now a requirement for administrative access to payment card systems by the PCI Data Security Standard (PCI-DSS), but is also a security best practice for any critical system. Be sure your Managed FTP solution provides for 2FA or that you implement 2FA on the IBM i system level.

Compliance audit: Sending and receiving files that contain sensitive data requires that you retain a clear file transfer history. This is a minimal level of audit reporting and you will want to be sure your Managed FTP solution provides clear and easy to read audit trails.

System logging: Actively monitoring your system is a critical security control. On the IBM i server it means monitoring security events and transferring them in real time to a log collection server, or better yet, to a SIEM solution. FTP is often the mechanism by which cyber criminals steal information from your system, so a Managed FTP solution should be logging file transfers to the IBM security audit journal QAUDJRN. The security audit journal provides an un-modifiable repository of security events, and your file transfer information should be recorded there. Look for this feature in your Managed FTP solution.

Software updates and patching: Secure FTP protocols are periodically subject to the need for security patching. A recent security flaw in the SFTP protocol required updates for all systems that implement this Secure Shell protocol. Fortunately, on the IBM i platform IBM provides the SSH implementation as a no-charge licensed product, and updates are available through normal system patching procedures. Be sure that your Managed FTP solution integrates with the IBM solution, or that the Managed FTP vendor has an adequate strategy to provide you with security updates.

Backup and Recovery: As the new EU General Data Protection Regulation (EU GDPR) correctly points out, backup and recovery is a part of your security strategy. If you can’t recover from a system failure in a reasonable period of time you risk losing data that is critical for your customers and employees. We hold that data in trust for them, and protecting it also means resiliency in the event of system failures. Be sure your Managed FTP solution fits into your backup and recovery strategy for the IBM i platform.

These are critical security components of a Managed FTP solution. Some organizations we work with transfer thousands of files every day. I believe we’ve addressed the core security requirements in our own Alliance FTP Manager solution and we continue to invest in R&D to make these features better going forward. I will address other aspects of Managed FTP in future blogs.

Patrick

Webinar: Secure Managed File Transfer on IBM i

Topics: Managed File Transfer, IBM i, Secure Managed File Transfer, FTP Manager for IBM i

Q&A: Secure Managed File Transfer and PGP Encryption

Posted by Michelle Larson on Nov 22, 2013 11:26:00 AM

Great Q&A session from the latest webinar from Townsend Security!

As we discussed in the blog on Secure Managed File Transfer and PGP Encryption, using the core components of a total encryption strategy can help you meet compliance requirements, and improve your data security posture! Click to view Secure Managed File Transfer Webinar for IBM i users

Hopefully you were able to watch the webinar resource provided (if not, you can request it HERE). After the webinar, we had a number of questions asked by attendees and answered by security expert Patrick Townsend.  Here is a recap of that Q&A session:

Q: Is there any reason why I can’t just transfer my file from my IBM i platform to Windows and then PGP encrypt it there.

Patrick: That is a great compliance question.  Transferring unencrypted data from your IBM i to a Windows platform and then encrypting it and moving it from there will put you out of compliance for PCI DSS.  You should not transfer unprotected data to any system or across any network that’s not fully protected.  If you move it from the IBM i platform to Windows platform, it’s going to land in an unencrypted format and that will put you out of compliance.  That kind of unprotected transfer will also put you out of best practices alignment in terms of just pure security.  The security principle here that comes into play is always encrypt at the source, decrypt at the target or the destination, and don’t let the data be unprotected in-between.  Remember, data should never be moved “in the clear”.

Q: Can manage file transfer software be used on just one side, or do all sides of the transfer have to have the same software?

Patrick:  Partners/customers would certainly want a managed file transfer solution to be based on open standards.  You would not want to install proprietary software to process file transfers and then expect your partners to have to install it as well.  We base all of our secure transfer encryption components on open standards like a SSL FTP and Secure Shell sFTP and PGP encryption.  This means is that right out-of-the-box you will interoperate with all the major financial institutions and insurance agencies.  

Q: Does the Alliance FTP Manager solution run on the IBM i or Windows server?

Patrick:  Alliance FTP Manager is a fully native IBM i application.  It runs strictly on the IBM i platform and uses industry standard protocols. So there is no proprietary component on Alliance FTP Manager where you would have to distribute special software to someone who is receiving the files in order to process them.  We use industry standard pipeline encryption SSL FTP and Secure Shell sFTP.  No matter who you’re transferring data to, whether its Windows, Linux, UNIX ,or IBM Mainframe, there are multiple readily available solutions that support those secure file transfer protocols.  The commercial PGP that we provide is fully compatible with industry standards, it interoperates seamlessly, and we test it against multiple other PGP solutions as well as open PGP solutions.  Your customers and vendors (the people you’re transferring the data to) will appreciate that they do not need special software to process PGP encrypted files or your Alliance FTP Manager transfers.

Q: We occasionally need to create encrypted zip files to transfer files to our customers, can FTP manager do this?

Patrick:  We certainly do provide a command based zip file encryption and zip file decryption (compression and decompression) that implements 256-bit AES encryption.  It will process with wildcards and so if you have multiple files in an IFS directory you can compress all those into one zip archive.  Our directory scan automation component will automatically process data right into your application. So yes, there is an implementation of secure encrypted zip in FTP Manager.  

Q: A public/private key pair is needed for SSH and sFTP transfers. Does FTP Manager exchange keys with the destination server?

Patrick:  Secure Shell sFTP supports a number of authentication and privacy mechanisms, the most common is using a public and private key pair.  You do have to execute a key exchange with your training partner/bank before exchanging encrypted data. We have developed utilities and interactive options to help you load your trading partners public key on the IBM i platform.  For example, a menu option will allow you to put in the DNS name for that particular server, then it will find, retrieve, and install that key in your system.  Normally these steps are time and labor intensive, but we have automated the exchange to simplify that particular administrative setup function.
Very important: Typically sFTP transfers use public and private keys, just be sure that the solution you choose can also handle password authentication. Alliance FTP Manager CAN do that!

To learn more, view the complete webinar - Secure Managed File Transfer on the IBM I -which examines the security principles, compliance requirements, and technical challenges for secure FTP transfers on the IBM i platform with the following objectives:

  • Automatically transfer files using Secure Shell sFTP or Secure SSL FTP
  • Protect data using strong PGP encryption
  • Review your total encryption strategy
Webinar: Secure Managed File Transfer on IBM i

 

If you have further questions, please list them here in the comment section and we will be sure to get you an answer!

Topics: Encryption, Alliance FTP Manager, Key Management, Secure Managed File Transfer, FTP Manager for IBM i, SFTP

Secure Managed File Transfer on the IBM i webinar - Part 2

Posted by Michelle Larson on Sep 13, 2013 10:21:00 AM

As we discussed in the blog Secure Managed File Transfer on the IBM I – Part 1 protecting sensitive data on the IBM i (AS/400) can help you meet compliance requirements, and it can help you stop a data breach before it happens! Click to view Secure Managed File Transfer Webinar for IBM i users  Hopefully you were able to watch the webinar resource provided (if not, you can request it HERE).  After the webinar, we had a number of questions asked by attendees and answered by security expert Patrick Townsend.  
Here is a recap of that Q&A session:

Q: Is there any reason why I shouldn’t use PGP on Windows? I can just transfer the file from my IBM i to Windows and then PGP encrypt it there.

Patrick: That is a great compliance question. Transferring unencrypted data to a Windows platform and then encrypting it and moving it from there will put you out of compliance for PCI DSS. You should not transfer unprotected data to any system or across any network that’s not fully protected. If you move it from the IBM i platform to Windows platform, it’s going to land in an unencrypted format and that will put you out of compliance. That kind of unprotected transfer will also put you out of best practices alignment in terms of just pure security. The security principle here that comes into play is always encrypt at the source, decrypt at the target or the destination, and don’t let the data be unprotected in-between.

Q: Does the FTP Manager solution run on the IBM i  or Windows server?

Patrick: FTP Manager is a fully native IBM i application. It runs strictly on the IBM i platform and uses industry standard protocols. So there is no proprietary component on FTP Manager where you would have to distribute special software to someone who is receiving the files in order to process them. We use industry standard pipeline encryption SSL FTP and Secure Shell sFTP. No matter who you’re transferring this to, whether its Windows, Linux, UNIX ,or IBM Mainframe, there are multiple readily available solutions that support those file transfer secure protocols. The PGP that we provide is fully compatible with industry standards, it interoperates seamlessly, and we test it against multiple other PGP solutions as well as open PGP solutions.  Your customers and vendors (the people you’re transferring the data to) will appreciate that they do not need special software to process PGP encrypted files or your FTP Manager transfers.

Q: We occasionally need to create encrypted zip files on our IBM i and then transfer the files to our customers. Can FTP Manager do this?

Patrick:  There are commands in the product to zip with or without 256-bit AES encryption and unzip the same way. It can handle multiple files and multiple directories and it is all command based if you want to do that via commands. So yes, there is an implementation of secure encrypted zip in FTP Manager.

Q: A public/private key pair is needed for SSH and sFTP transfers. Does FTP Manager exchange keys with the destination server?

Patrick: SSH and sFTP implement a number of authentication mechanisms for transferring files. Public/private key structure is typical for secure sFTP transfers. We add utilities into FTP Manager to make the generation and exchange of those keys very easy to do. For example: as you’re setting up a new sFTP transfer we have utilities that will go out and pull the public key for that remote server down into your IBM i platform and add it to the appropriate key file. Additionally, Secure Shell sFTP does support a password type of authentication. It’s not used a lot, most people feel that public private key authentication and protection is the best mechanism. We know at least one major commercial bank that uses passwords as an authentication mechanism with sFTP. This is a real challenge for a command line facility that is being automated in batch, and we’ve solved that problem for our customers. There is architecture within sFTP that allows for password authentication. We found a way to make this fully work with these large commercial banks so that you can use password authentication with our sFTP product. It’s a big challenge. Very important: your first sFTP transfer may use public and private keys, which is probably more typical. But be sure that the solution can also handle password authentication. FTP Manager CAN do that.

To learn more, view the complete webinar "Secure Managed File Transfer on the IBM I" which examines the security principles, compliance requirements, and technical challenges for secure sFTP transfers on the IBM i platform with the following objectives:

  • Automatically transfer files using Secure Shell sFTP or Secure SSL FTP
  • Send your first encrypted file in an hour
  • Review detailed audit trails of all transfer activity
     
REQUEST WEBINAR DOWNLOAD: Secure Managed File Transfer

If you have further questions, please list them here in the comment section and we will be sure to get you an answer!

Topics: Alliance FTP Manager, Secure Managed File Transfer, FTP Manager for IBM i, SFTP, Webinar

Secure Managed File Transfer on the IBM i - Part 1

Posted by Michelle Larson on Aug 15, 2013 6:00:00 AM

Easily Meet Compliance Requirements...
...with Secure Managed File Transfer

We did a survey almost a year ago of IBM i customers and just about half of them said “yes, we’re transferring data”...
“no, we’re not protecting it”... “yes, we know we have a problem”! Click to view Secure Managed File Transfer Webinar for IBM i users

One of the easiest ways for an organization to have a Big Security Win is to secure sensitive data using secure managed file transfers. When unencrypted sensitive data moves off your IBM i to internal servers, public networks, or service providers via the Internet, the data is vulnerable to malware and other attacks. Unencrypted data (also called “data-in-motion”) is extremely vulnerable to a breach. This is a critical issue for companies that must transfer sensitive data such as credit card numbers, financial information, and other personally identifiable information (PII). Sensitive data is covered under industry and many state data security regulations and any organization, no matter the size, collecting and transferring data is required to protect that information.

According to compliance regulations such as the Payment Card Industry (PCI-DSS version 2.0 Section 4), organizations must always encrypt credit card numbers as they are transferred from one location to another. PCI DSS applies to everyone - both public and private companies (large and small) - that accepts credit card payments.  PCI-DSS version 3.0 will be released this fall, and we will be talking about that more as that time approaches. While PCI-DSS applies to credit card information, other regulations cover different elements of PII.  HIPAA/HITECH Act addresses protected health information (PHI), but while it does not mandate encryption, it does state that the only safe harbor from data breach notification and severe penalties & fines is to protect PHI with encryption. Sarbanes-Oxley (SOX) applies to all publicly traded companies in the US and has a component (section 404) that applies to IT systems and best practices around protecting data. The Federal Trade Commission (FTC) has also been active in the area of data breaches where it applies to published privacy statements. They consider it an aspect of consumer fraud if companies are not following their published guidance around privacy.

So what are the “must-haves” for meeting compliance around securing sensitive data that will stand up to scrutiny in terms of any kind of outside audit, challenge, or data breach?  PGP (Pretty Good Privacy) encryption is the industry standard for encrypting data-in-motion. Secure file transfer protocol, also known as SSL FTP or SSH sFTP, is often combined with PGP whole file encryption as part of a core solution to ensure that the data-in-motion is encrypted and remains encrypted after being transferred to trading partners. While data is transferred via secure SSL connection, keep in mind it is important that the sensitive data lands encrypted at its final destination. For a much more technical look at all of these components, I’m sharing a recently recorded webinar on Secure Managed File Transfer with you, and as always, please post any additional questions you may have here in the comment section!

Specifically for IBM i users, the following webinar will cover how easy it can be to meet compliance regulations with a Secure Managed File Transfer solution. You can also learn more about how PCI-DSS, HIPAA, Sarbanes-Oxley, and new state/federal laws affect your company and discover real-life examples of how others are meeting these challenges with Alliance FTP Manager and the PGP solutions.

During this 45-minute webinar, Patrick Townsend will also discuss core components of a total encryption strategy and show you how to:

  • Automatically transfer files using Secure Shell sFTP or Secure SSL FTP
  • Send your first encrypted file in an hour
  • Review detailed audit trails of all transfer activity

REQUEST WEBINAR DOWNLOAD: Secure Managed File Transfer  

… just a reminder on our special offer in August:

For the remainder of the month of August, Townsend Security will provide additional help to our new customers, or customers licensing new modules of Alliance FTP Manager, by implementing their first secure FTP project.  This means our team of security experts will help you fully implement your first secure transfer.  Working with your IT team on your IBM i platform, we will help you do the configurations, do the transfer, set up DCM if that is required, and sFTP and SSL FTP configurations. This full set up will get your first transfer done very quickly and you will be able to see the success right away!

Contact us about how to take advantage of this limited time offer: Just fill in the fields below, click the blue button... and Ken will contact you!


Topics: Alliance FTP Manager, Secure Managed File Transfer, FTP Manager for IBM i, Webinar

Secure Managed File Transfer: Selecting a Vendor

Posted by Luke Probasco on Apr 9, 2012 1:23:00 PM

Download Podcast

Podcast

Download podcast "Secure Managed File Transfer - An Introduction"

Click Here to Download Now

Your CIO told you that you need to meet compliance regulations around data in motion on your IBM i (AS/400).  It’s not just a good idea, but customers and trading partners are starting to demand it.  So what do you look for when selecting which Managed File Transfer vendor to trust your sensitive data to?  What separates one solution from another?  I recently sat down with Patrick Townsend, Founder & CEO, to discuss what to look for when selecting a Managed File Transfer vendor.  Here is what he had to say:

There are some common business issues that I would look at when selecting a Managed File Transfer product. First, look at the providence of the vendor you are buying from. Have they been around for a substantial amount of time? Are they committed to security? If security is not their core mission, it’s very likely that they are NOT going to get it right, and a Managed File Transfer solution really has to get security right.

I think that looking for solutions that are committed to independent certification of their products is paramount. For example, our commercial PGP product, which in partnership with Symantec, has been through multiple certifications. As a company, we have been through NIST certifications many times. We have a FIPS 140-2 certified encryption key manager as well. If I were looking for a Managed File Transfer solution, I would really want the confidence of knowing that the vendor knows security, is committed to security, and is comfortable with putting their product out there for independent review. That is how I would look at this from a business point of view.

Managed File Transfer and security in general is about building confidence so that your company can move forward, start new initiatives and build confidence with new customers and trading partners. You want to be sure you are deploying a solution from an established security company committed to NIST standards. Looking at a vendor or a solution, I would look deeper than the feature set of the particular Managed File Transfer product and ask myself, am I comfortable with this companies’ security posture and their mission, and do their actions really support what they say is their mission.

Download our podcast “Secure Managed File Transfer on the IBM i – An Introduction” for more information on how your organization can save time and money by securely automating file transfers.

Click me

Topics: Alliance FTP Manager, Managed File Transfer, Secure Managed File Transfer, FTP Manager for IBM i, Podcast

Meeting Compliance Regulations with Secure Managed File Transfer

Posted by Luke Probasco on Mar 29, 2012 9:46:00 AM

managed file transfer complianceIn today’s environment, most organizations fall under multiple compliance regulations. If you are taking credit cards, you need to meet PCI data security standards. If you are in the health care industry, you have HIPAA and HITECH to work on. If you are in the banking industry or any financial segment, you have the Graham Leech Bliley Act (GLBA) and FFIEC requirements to meet. All of us have to deal with state and federal privacy regulations about protecting data.

A secure Managed File Transfer solution with NIST validated PGP encryption can help meet compliance regulations for securing data in motion.

Compliance regulations come full bore on all of us - whether you are in the business, Federal, or non-profit world. PCI DSS and a number of other regulations require encryption of data in motion. Townsend Security has partnered with Symantec to offer the only commercial and fully supported version of PGP encryption on the IBM i (AS/400).

Maintaining proper audit trails is also a very clearly defined requirement of compliance regulations. I think as we see compliance regulations evolve, making sure that your Managed File Transfer solution is based on well accepted standards is very important. For example, the commercial version of PGP encryption that we offer has been through multiple certifications with the National Institute of Standards and Technology (NIST). We have seen fines given to companies using non-standard implementations, so having those certifications and having the confidence that you’re using a solution that provably meets industry standard is really important.

Compliance regulations are still evolving and we continue to see new regulations being brought forward. For example there is a new federal data privacy regulation coming through Congress. There is also a clear evolution of compliance regulations requiring solutions to meet defined industry standards (such as NIST). I know our certifications give our customers confidence that they are meeting compliance regulations and that they are using the right kind of encryption.

Townsend Security’s FTP Manager has been helping IBM i (AS/400) users meet compliance regulations by securing and automating their data in motion to trading partners, customers, employees, and internal systems. Download our podcast “Secure Managed File Transfer on the IBM i – An Introduction” for more information on how we can help your organization save time and money by securely automating your file transfers.


Click me

Topics: Alliance FTP Manager, IBM i, Secure Managed File Transfer, FTP Manager for IBM i, Podcast

Secure Managed File Transfer on IBM i (AS/400): 4 Core Components

Posted by Luke Probasco on Mar 16, 2012 8:26:00 AM

secure managed file transferAs more and more organizations are falling under compliance regulations, IT managers are being tasked with finding a secure Managed File Transfer solution to secure and automate data in motion with their trading partners, customers, employees and internal systems.  There are a few out there, but how do you decide which is the best for your organization?  I recently sat down with Patrick Townsend, Founder & CEO to learn more about the core components of a Managed File Transfer solution.  Here is what he has to say:

First, you must have security built-in with your solution. Our Alliance FTP Manager uses a number of secure encrypted mechanisms for transferring files. We use SSL FTP, Secure Shell sFTP, PGP encryption and decryption. That security component is absolutely crucial to the product. I’m really happy with our security, and we have a great partnership with Symantec around their PGP product. Our enterprise customers really expect the highest level of solution when it comes to encryption. We have partnered with Symantec on the PGP product and it carries the proper certification and the depth of support that customers want.

Automation is another core component. If you are dealing with a lot of files, you need to have automation to be efficient. You don’t want to have to do a lot of manual intervention. There should also be a centralized management environment so that configurations can be set up and managed from a central location.

Additionally, notification is another core component. For example you may have files that you’re sending to a customer or your bank. You may only do that transfer once a month, but wouldn’t it be nice if after you transferred the file you sent the customer an email telling them your file is transferred and is ready for processing. With Alliance FTP Manager, we can notify your customer or an entire email list of recipients when a file transfer is complete. Or if there is a failure in a transfer, maybe a customer turned off their FTP server, we can notify that too.  We can do both success and failure notifications in our Managed File Transfer product.

Finally, to meet compliance regulations, you need to have full audit capabilities. We can create audit trails of all the transfers, which is really important from a compliance point of view.

View a recording of our webinar Secure Managed File Transfers: Meeting Compliance Regulations for more information on meeting data in motion requirements of PCI DSS, HIPAA/HITECH, and other compliance requirements on your IBM i.

Click me

Topics: Alliance FTP Manager, Managed File Transfer, IBM i, Secure Managed File Transfer, FTP Manager for IBM i, Webinar

Secure Managed File Transfer: Meeting Business Needs

Posted by Luke Probasco on Mar 14, 2012 9:48:00 AM

Download Podcast

Podcast

Download podcast "Secure Managed File Transfer - An Introduction"

Click Here to Download Now

Managed File Transfer is an easy way to meet business requirements and comply with data privacy regulations.  With a solution like Alliance FTP Manager, businesses can meet compliance regulations by securely transmitting files from their IBM i (AS/400) to their trading partners and customers. Additionally, a Managed File Transfer solution can help your organization save time and money by automating processes that traditionally have eaten into IT manpower. I recently sat down with Founder & CEO Patrick Townsend to discuss how Managed File Transfer can help businesses assure their customers and partners that their sensitive data is secure and in compliance with data privacy requirements such as PCI DSS, HIPAA/HITECH, FFIEC and other regulations.

Can you walk us through a typical business problem that Managed File Transfer Solves?

If you’re a mid-sized or large company, security is absolutely crucial in today’s environment. We all hear over and over again about data losses by large companies and the damage that causes to both the business and the reputation of those companies. Business executives around the world are trying to protect their data, their customer data, and supplier information so they can have the confidence to go forward with their business plans. A managed file transfer solution provides a start-to-finish mechanism for securing data in motion.

If you are using a Managed File Transfer solution like our Alliance FTP Manager, you can have the confidence that you are doing things right, that you are meeting best practices in the industry and that you are less likely to  wake up one day and find yourself in a headline in the New York Times about some large data loss.

Can you explain how a Managed File Transfer works?

Managed File Transfer solutions, like our Alliance FTP Manager, need to meet a number of core requirements. Obviously, they need to protect data in motion and we use SSL session encryption and PGP encryption, which are the industry standards. Automation is also very important. Most of our customers are transferring multiple files everyday to banks, trading partners and suppliers. You don’t want to burn resources by having someone manually transfer files any time it needs to be done.

Additionally, policy driven configuration and reporting by exception are extremely important. Some of our customers are sending tens of thousands of files every day to their trading partners, which can be a lot to manage. You need to be sure that you can manage by exception if there is a problem.

Finally, a Managed File Transfer Solution not only automatically picks up and transfer files, but provides additional controls to make the process efficient - not only from a human resource point of view, but also from a cost point of view. You don’t want to be spending valuable human resources, picking up files and processing them. This should all be an automatic process and that is really the core idea behind Managed File Transfer – automation and security. 

Download our podcast “Secure Managed File Transfer on the IBM i – An Introduction” for more information on how we can help your organization save time and money by securely automating your file transfers.

Click me

Topics: Alliance FTP Manager, Managed File Transfer, IBM i, Secure Managed File Transfer, FTP Manager for IBM i, Podcast

Encrypted PDF & ZIP with Managed File Transfer

Posted by Patrick Townsend on Nov 4, 2011 8:22:00 AM

Encrypted ZipIBM i (AS/400, iSeries) users send a lot of sensitive information to their customers, vendors, and employees which needs to be protected with strong encryption.  Our customers today are using our PGP encryption solution to protect files. But there has been a big need to generate and protect information in common PC formats. With our managed file transfer solution, Alliance FTP Manager for IBM i, we stepped up our support with encrypted Zip files and encrypted PDF files.

Zip compression is very commonly used to send files via email. Not only does Zip compression make our email attachments smaller, but the most popular Zip compression programs now support 256-bit AES encryption of the contents. The ability to encrypt Zip files with AES provides a much better level of security than older Zip protection methods.  Alliance FTP File Manager for IBM i fully supports Zip encryption to the WinZip standard. This means that you can create and protect Zip files on your IBM i platform, and then use a variety of delivery methods to get the Zip files in the hands of your customers, vendors, and employees. This functionality gives IBM i customers a powerful tool to meet compliance regulations.

Encrypted Zip support in Alliance FTP Manager provides rich capabilities to IBM i users. You can create encrypted or un-encrypted Zip archives, include sub-directories, and use wild cards to select files.  When uncompressing and decrypting, you can specify any directory as the target for the files. This capability integrates with our automation facilities for processing received files. Lastly, we provide a Windows command line Zip application to help our customers who don’t already have a Zip application.  I’m confident that this capability will help customers achieve a better level of security.

Another security technology in FTP Manager for IBM i is our encrypted PDF support. In this implementation, our customers are able to create encrypted PDFs with their own content, and then use the automation facilities to distribute the PDFs via email, FTP, and other distribution methods. Encrypted PDF support includes the ability to set fonts and colors, embed watermark and graphic images, set headers and footers, and create tables and lists. The resulting encrypted PDF file is compatible with any PDF reader that supports the AES encryption standard for PDF. We’ve tested with a wide variety of PDF readers on PCs, Apple Macs, Blackberry, Linux desktops, and so forth. This gives our customers an additional tool to secure their sensitive data.

These technologies for the IBM i customer increases their abilities to meet compliance regulations and secure sensitive data. I hope you get the idea that we are dedicated to helping you protect your sensitive data and corporate assets. You are going to see a lot more of these types of capabilities as we go forward.  For more information on our managed file transfer solution, view our webcast "Secure Managed File Transfers on the IBM i."


Click me

Topics: Alliance FTP Manager, Managed File Transfer, Secure Managed File Transfer, ZIP, FTP Manager for IBM i, secure communications, Webinar