It’s hard to believe but Ipswitch Innovate Virtual Summit is almost around the corner. Through conference kick-off day (this Wednesday) I’ll wrap up previews of sessions presented by customers, outside experts and folks from Ipswitch. Today, join me for a preview of Stefan Drzazga’s session. Stefan is a senior Java developer at 360 Treasury Systems AG and his talk is called “High Volume of File Transfers between Many End Points.”

Eliminating File Transfer Error with an Automated Process

360 Treasury Systems AG is a provider of Web-based financial trading technology that allows clients to trade with transparency and control. But some time ago, transparency and control was just what the company needed to share confidential financial files with clients through file transfer.

Clients received files via email, preventing 360 Treasury Systems AG from knowing details like whether the proper recipient opened the file or if it was even opened at all. So Stefan and his colleagues searched for a file transfer service that was secure, offered transparency and control and worked with Java.

“With thousands of customers, having a partly-automated process meant someone could have confused things. We could have sent out the wrong report. We wanted to find a solution that would avoid this.” – Stefan Drzazga, a senior Java developer at 360 Treasury Systems AG.

They discovered MOVEit – our automated file transfer system that has an easy-to-understand web interface and integrates easily with existing IT infrastructure, including systems running on Java. Instead of continuing to worry about the errors caused by and the time spent on the manual sharing of files, Stefan and his team now breathe easy because of MOVEit’s automated customer distribution processes.

At Ipswitch Innovate, hear Stefan describe how MOVEit gave 360 Treasury Systems AG a full, clear view of transfer histories, complete control of the process and an opportunity to reduce overhead .

Come see us at Ipswitch Innovate Virtual Summit

Come to Ipswitch Innovate 2015. It’s free to sign up and you’ll get three hours per day of live webcasts and a virtual exhibit hall where you can evaluate network monitoring and data transfer solutions like WhatsUp Gold, WS_FTP and MOVEit. You can even navigate your way to the online Genius Bar for real-time answers to your product questions. Feeling lucky? We have extended the deadline through Tuesday, October 20 at Midnight PST to register for the event using “PWATCH” promo code in order to be entered into a drawing for a chance to win to win a Pebble Smartwatch.

Ipswitch Innovate is a two-day online only event for IT professionals to learn from each other, and our product experts. Click to learn more.

The responsibility for safeguarding sensitive company information and securely transferring it falls on the already stretched thin IT departments. Luckily, there are many options available for IT when it comes to file transfer. Email, FTP, USB drives and EFSS services like Dropbox to name more than a few. Yet none are as secure or cost-effective as managed file transfer (MFT).

Simple & Secure File Transfer: 5 Ways to Make it Work for You
Simple & Secure File Transfer: 5 Ways to Make it Work for You

MFT gives IT teams the agility they need to respond faster to business needs. All this while reducing time and resources required for file transfer operations. Here are five ways MFT makes IT better at their job:

  1. Secure and reliable transfers lift the burden from IT professionals. MFT provides a single-source solution with built-in security and encryption capabilities. This means all file transfers – whether they are process-to-process, person-to-process or process-to-person – are guaranteed to be protected.
  2. Out-of-the-box solutions free up valuable time and space. A MFT system offers out-of-the-box solutions that can easily be integrated into an existing IT infrastructure. Implementing a turn-key solution means that file transfer can be managed by less experienced IT administrators.
  3. Streamlined automation improves IT productivity. Many file transfers are initiated on a recurring basis. IT teams can get bogged down confirming transfers to meet SLAs.  The automation that comes with MFT promptly pushes data to the right person at the right time. This means that the IT team doesn’t have to think twice and can remain focused on other tasks.
  4. It’s IT friendly and eliminates errors. MFT incorporates admin, end-user access, analytics and reporting, and automation and workflow. This helps IT teams avoid tedious manual tasks that can lead to errors. Not to mention protection against a security breach via integration with important things like encryption and data loss prevention.
  5. Predictable reporting improves visibility and offers support for IT professionals. For regulated businesses (banks, hospitals, etc.), in-depth reporting is a critical need for file transfer systems. A MFT system incorporates reporting capabilities that ensure firms adhere to strict compliance regulations and are able to provide accurate data in the case of an audit – and fast.

Since businesses run on data, the transfer of data is the heart of today’s organizations – and with a solid MFT system, IT teams know that all data is protected while in transit and at rest.

>> Check out “Simple & Secure File Transfer: 5 Ways to Make it Work for You” to learn more about how we help IT teams with managed file transfer.


Managed file transfer automation tools, like MOVEit Central, can make automating common tasks related to file transfers in much less time.

In a recent Ipswitch IT Priorities survey of over 371 IT professionals involved in file transfer and sharing administration, about 75% said they already used or had need for file transfer automation.  Their most common scenarios were:

  • Automate batch scheduling
  • Workload automation
  • Integration to backend systems. They include financial, CRM, ERP, cloud storage, ECM, EMR or marketing automation systems.

About half said they use Powershell to upload/download data from applications and databases today. So what should you keep in mind when using Powershell to automate common file transfer activities?

  • Use Windows Managament Instrumentation (WMI) to monitor a folder for newly arriving files.
  • Use Get/Add-Content calls when making changes to a file
  • Automation of file encryption is tricky, but consider using GnuPG.  Ensure you don’t use cleartext passwords.
  • You can use WinSCP client or WS_FTP Professional to transfer the files using secure protocols like SFTP, FTPS or HTTPS.

Managed file transfer automation tools, like MOVEit Central, can make automating common tasks related to file transfers in much less time. They are built to handle commonly overlooked scripting issues. These include error handling, logging, environment changes, and security related issues like encryption key management and password protection.

Adam Bertram, Microsft MVP, shared some “how-to’s” and sample code to automate a common file transfer scenario at last week’s Spiceworks webinar “Automating File Transfers Securely”

  • Monitor a folder for arriving files
  • Make changes to a file
  • Encrypt the file
  • Transfer the file

You can access the sample code at Adam’s blog here.


Internet crime and electronic banking security

The already-infamous Anthem data breach has put personal information belonging to 80 million health insurance customers at risk after hackers gained access to their network. Customer names, birth dates, home addresses and Social Security numbers are reported to be stolen. The sheer reach is astounding. The breach at Anthem is the world’s largest within the healthcare industry. And it now ranks as America’s third largest after Heartland in 2009 (130M records stolen) and TJ Maxx in 2007 (94M records stolen).

There’s no such thing as perfect security and my heart goes out to the IT team at Anthem. They’re working 24/7 to  batten down the hatches. Hackers will always find vulnerabilities to get what they want. They’ve got plenty of motivation. The monetary value of the data stolen from Anthem could be worth hundreds of millions of dollars on the hacker black market.

Anthem responded quickly

A fast response is a good response when you are in crisis mode. Over the course of one day, Anthem:

  • Emailed customers to share the news, pledging support
  • Launched a site called AnthemFacts to address concerns
  • Published an open letter from CEO Joe Swedish apologizing for the incident
  • Offered free credit monitoring services

Anthem is getting praise for being proactive and transparent. But some of the company’s security practices have come under fire.  Security and compliance in healthcare is a journey, not a destination. IT teams need to do their best to manage and protect the high-volume of files related to Protected Health Information (PHI).

Managed file transfer helps healthcare organizations become more secure and compliant

Our healthcare customers have told us that a managed file transfer solution have helped them in the following ways:

  • Manage and control all file transfer activity from a central point of control; automate processes
  • Transfer patient files reliably and securely
  • Enable employees to easily send files using IT approved methods
  • Gain complete control over file transfer activity
  • Guarantee delivery (non-repudiation and file integrity)
  • Integrate with existing IT security systems
  • Reduce cost and time to achieve and maintain HIPAA compliance
  • Improved reliability and availability for data back-up

Additionally, a cloud-based MFT solution uniquely offers the additional benefit (since the facility and systems are directly managed) of being certified HIPAA compliant by a 3rd party auditor.  Always make sure a hosted solution has a signed HIPAA Business Associate Agreement with explicitly defined responsibilities to help achieve HIPAA compliance quickly.

Bottom line; don’t take chances when it comes to your IT security. Make sure your critical information is kept safe. Use tools and technology are put to use when data is on the move or stored within your network.

PS – Check out how our customer VIVA Health successfully and securely transfers healthcare data, demonstrates regulatory compliance, and automates manual tasks with Ipswitch MOVEit managed file transfer.

Life throws a lot of really tough decisions at us, but choosing a file transfer technology shouldn’t be one of them. File transfer expert Don Jones offers a checklist of requirements, and today I’d like to share his top 6 that company should consider:  Ipswitch file transfer

  1. Security Requirements: Begin by determining what level of encryption you’ll require, keeping in mind any compliance requirements or industry data legislature. Be sure to consider anti-malware solutions that do well to complement your existing set-up.
  2. High-Availability Requirements: High-availability requires careful research for determining how to go about providing it. In determining that high-availability is a necessary requirement for your organization, the method you employ will greatly influence the type of server set-up you’ll need.
  3. Workflow Requirements: Aside from security, workflow should be your biggest consideration in choosing a transfer system. If your file transfer doesn’t sync with your workflow, it won’t be efficient. More importantly, it won’t be used. Most systems will offer ways to customize your workflow. As you review these, look for ease of customization, limits on number of tasks, canned scripts and macros.
  4. Programmability Requirements: Programmability options offer different levels of integration with external programming. To determine the customizability of your business solutions, take a look at the Application Programming Interface (API) of your managed file transfer system. Understanding the breadth of API languages they support and the complexity of their API will help you to determine if your team has the necessary skills to create an integration—or if you’ll require a custom solution be created for you.
  5. Protocol Requirements: Look for a solution that not only works with the protocols you currently require, but also the proper selection of protocols that you may require as your company scales.  It can also be beneficial to look for file transfer options that offer email as a transport mechanism. While email isn’t the most secure transfer option, it will always be widely used. Having SMTP and POP3 available will keep your company more secure.
  6. Operational Requirements: Audit logging and reporting should be a main concern for organizations deciphering their abilities to handle their own file transfers.  Determine what types of logging are required and evaluate each of the tools on whether or not they’ll be able to meet you own specific needs.  Additionally, be sure you’ll be able to easily monitor and maintain your file transfer solution.

When evaluating which solutions best serve your company, be mindful of their interoperability with existing systems and with each other.  Furthermore, be sure your investments are best suited to serve your organization both now and in the future.

Want to learn more about how to craft a detailed file transfer checklist for your organization?  Download the free Ipswitch File Transfer whitepaper: Investigation Underway: How to Evaluate File Transfer Vendors Who Promise to Solve Your Complex Compliance and Productivity Challenges.

As you’ve likely already heard on Sept 24th a new computer security threat was identified and entered into the National Vulnerability Database as CVE-2014-7169.  This vulnerability does not affect any Ipswitch products.


The vulnerability, called Shellshock, is a bug in the widely-used Bash shell, the Unix command-line shell that has been around for 20 years.  Shellshock affects almost all Linux, UNIX, and Mac OS X operating systems and the US-CERT has given the flaw the maximum CVSS rating of 10/10/10 for severity, impact and exploitability.

Security is a top priority at Ipswitch and as soon as we became aware of the threat we assessed our products and have determined that all supported versions of MOVEit, WS_FTP and MessageWay are not affected by the Shellshock bug.

We strongly recommend you follow the advisories of your respective Operating System provider.

openssl-logoAs you may already know, there was a recent Security Advisory about new vulnerabilities in OpenSSL released in early June. This specific flaw requires a vulnerable OpenSSL library active on both the client and server ends of the transaction. The flaw allows a savvy attacker to sit between the client and server and turn off encryption, silently exposing information exchanged between those two end points. Technologies that only use OpenSSL to accept web-browser (HTTPS) connections will be vulnerable to this flaw only when the browser is using a vulnerable version of OpenSSL. Chrome for Android is the only major browser that is currently susceptible.

Security is a top priority for Ipswitch and our customers. Since this announcement, the Ipswitch Security Team has been working to determine the impact and issue patch fixes where vulnerabilities were found.

Impacted Ipswitch products include:

  • MOVEit Mobile & Cloud
  • WS_FTP Client & Server
  • MessageWay
  • IMail
  • WhatsUpGold

Through your Customer Portal you’ll be able to access instructions to properly implement the Security Update for impacted versions as available.

As with any security advisory, we understand that our customers may have additional concerns. If you should have any questions or concerns, feel free to reach out to the appropriate technical support team:

AgileHow It’s Made is a popular TV show here in the States, where the viewer gets a behind-the-scenes look at how the products they use on an everyday basis are created. Sometimes it’s an episode on yellow mustard, other times it’s toothpicks and sporks, but almost every time it’s a mainstream consumer product.

Since the show’s creators are not going to air an episode on how MOVEit is made (we tried, no luck), I thought I would do the next best thing: Give you a quick look into how our file transfer products are created – and it starts and ends with the Agile methodology Scrum.

For those unfamiliar with the approach, Scrum is commonly defined as “a software development framework  based on iterative development and incremental delivery, where requirements and solutions evolve through close collaboration on self-organizing, cross-functional teams.”

In other words, Scrum is a process that adapts to change – changes in scope, in requirements, in deadlines. Hence the name, Scrum (adapted from the sport of Rugby where teams operate in very close contact.)

Those of us here at Ipswitch are strong proponents of Scrum. It provides transparency around the day-to-day activities. It accelerates the development process but not at the expense of quality. It helps us move quickly. But there is another reason why we’re such big fans of Scrum, and it’s not a reason you hear very often…

For us, this approach facilitates an egalitarian approach to software development. So often within software companies, the path of product development is done through a top-down approach, where orders are given by senior members and executed by junior members. Not so at Ipswitch. Rather, our Scrum adoption gives everyone – regardless of title or experience level – an equal say as to how the product is to evolve. Everyone has a voice, in other words (though there are occasional overriding votes as you might expect).

Great ideas can come from everywhere, something every Scrum team can attest. By eliminating the usual hierarchy and command and control culture, we’re able to receive new ideas and insights from our entire team, from the CTO to the QA engineer and everyone in between.

The result? Industry leading file transfer products from Ipswitch. Scrum has played a part in the production of every product – from WS FTP Server to MOVEit. Moreover, it played a part of each new version, as well as products that have yet to be released!

The purpose of this post was two-fold. On the one hand, we wanted to explain why we’re such strong proponents of Scrum, which hopefully we’ve done. The second purpose was to attract like-minded developers and QA engineers. So if you’re interested in this egalitarian approach to software development – if you want to contribute more to a project than just your coding and testing skills – then we’d love to hear from you. Take a look at our current list of career opportunities.

Software security isn’t a sprint; it’s a marathon – a marathon that never ends. That’s why we approach security as an ongoing work-in-progress. Completeness is the ultimate goal, but the journey requires diligence and trusted partnerships.

As a trusted partner to our customers Ipswitch is committed to raising the bar. Recently we announced support for OWASP, and PCI Certification of the MOVEit Cloud offering. In our role as trusted partners to our customers, I’d like to provide some insight into the new security enhancements that we released today.

Check the Ipswitch File Transfer Customer Portal for the Official Announcement

The security architecture of the Ipswitch product line now adheres to the OWASP principles. Best known for their Top 10 List of Security Vulnerabilities, the OWASP organization is the leading authority on all things related to Web App security threats. To help us meet these industry best practices, we’ve introduced continuous security testing into our development process.

On a Wednesday in early February, during our weekly security triage, we were presented with two new likely security vulnerabilities.  We found one during our test-run of a new dynamic scanning tool, and another potential flaw was reported to our technical support team by a customer.

Being PCI compliant means remediating these identified vulnerabilities within 30 days in our Cloud environment.  We did that, and then continued on our path toward the finish line. Today we announce availability of those enhancements in our on-premises product.

What did we learn from this process? More importantly, what could your company learn from it? Here are a few quick lessons to keep in mind:

  • Full Transparency: In politics, they say that it’s not the crime it’s the cover-up. The same is true for security vulnerabilities. We follow an open process to ensure security related bugs get fixed. We make sure it turns into an ex-bug and not into a problem. In addition to this blog post, all MOVEit customers were notified via email, and our product team launched a FAQ site for those who want even more details.
  • Security is a Moving Target: Today, your application might be up-to-date with every industry standard.  Give it a year (or a month…), and that will no longer be the case. Security has to be part of the culture; it cannot be something that’s only considered sporadically. Perhaps without guidance by the OWASP list, this issue would have gone undiscovered for months, or even longer.
  • The Clock is Ticking: Even if you have a fixed window to apply a security patch, get to it ASAP.

The longer you wait, the greater the exposure. Don’t delay. In fact, it’s best to have a plan ready. As soon as we had our code test results, we broke the glass door and kicked in our Response Policy.

Establishing trust with users isn’t about achieving perfection. Rather, it’s about being transparent. It’s about being quick to resolve issues, and it’s about conveying to users that it’s a continuous process to improve security.  And that’s how we approach it with our MOVEit customers.

How does your organization handle patch releases? Be sure to share in the comments section below.

mobile file transferIn my last post, I covered how managed file transfer (MFT) makes sure that files are kept secure and more easily integrate into processes. Specifically, I shared examples of how MFT helps ensure compliance within highly regulated industries when it comes to file transfer. In this post, I share examples of how MFT helps keep processes smooth and secure for distribution and oil & manufacturing organizations.

Distribution: Quickly and Securely Initiating Sales

mobile-iconGenerating new orders is the ultimate measure of a sales reps’ productivity and contribution to the organization. That’s why mobile devices such as cell phones and tablets have been a dream for businesses, making it possible to keep orders flowing no matter where sales reps are located. But a breach of sensitive pricing and customer information can quickly come back to haunt an organization. After all, who wants the publicity, financial penalties, and loss of customer trust and future transactions that often follow on the heels of a data breach?

By using a tablet with MFT installed, a sales rep at a customer site can securely generate and deliver an approved price quote document, initiating the process from his tablet. Once approved, the price quote is automatically and securely delivered to the customer and internal business systems are updated with information from the quote – all because of MFT. The automated process streamlines quote generation and approval, and ensures that sensitive pricing and customer information is protected during every step of the process.

Oil and Manufacturing: Bringing Processes into the 21st Century

oil-and-gasIn the past, oil and manufacturing engineers didn’t have many good choices when it came to managing their daily processes. Often working in the field, they had to carry paper copies of documents, anticipate before they departed their office which electronic documents they might need, or make a second expensive return trip to the field. And, if files needed to be modified based on information collected in the field, engineers had to wait until they returned to the office to make the updates.

With MFT in place, engineers can be anywhere in the world and securely access and edit shared large unstructured data files such as geo-physical information, equipment specifications or designs remotely on their tablets. And with advanced MFT solutions, organizations can even make sure that files automatically delete on a pre-determined expiration date.

For more information on how Ipswitch File Transfer removes critical mobile work obstacles, check out this earlier post  on MOVEit 8.0 support for mobile security.

file transfer options‘Tis the season for Holiday decorating—from wreaths to reindeers to those pesky strings of Christmas lights. You know the ones I’m talking about—multiple strings connected to each other and wrapped across each other in a hodge-podge way. Difficult to untangle, to say the least. Imagine being asked to troubleshoot that tangled mess, if a single light goes out amongst the hundreds of lights.

Now picture the ways files transfer in, out and within your organization. What would it take to pinpoint why a single critical file didn’t arrive at its intended destination, when it was supposed to, amongst the tens or hundreds of thousands of transfers?

We can’t help bring order to your holiday decorations, but in the file transfer world we can offer this timely webinar: “Move Away from the Tangled, Digital “Do-It-Yourself” Approach to File Transfer.”

Tune in to hear three IT professionals from the Florida Department of Health and NHS Wales, along with Derek Brink – Vice President, Research Fellow, IT Security at Aberdeen Group – discuss the steps IT departments are taking to prevent their file transfer processes from turning into unmanageable messes. Our panel will also discuss how the world of file transfer is changing based on heightened audit, compliance and business process requirements across industries.

Click below for a preview of the topic:

Every day, files are exchanged between your systems, employees, and business partners on a global scale. It’s no secret that with each file transfer, your organization faces potential exposure to viruses, worms, Trojan horses and other malware – and the damaged files, corrupted applications, reduced performance and other adverse business effects that come with them.

Are your file transfers as safe as they can be? Specifically, when you receive inbound files, are you doing all you can to protect your IT infrastructure from the risk of viruses and malware?? Are your outbound data and file transfers “clean,” so you don’t expose your trading partners to any viruses that might be undetected in your systems???

Ipswitch MOVEit offers the ability to integrate with specific antivirus (AV)  solutions. MOVEit supports ICAP integration with Symantec, Sophos and McAfee anti-virus, including server-based solutions, appliances and solutions using ICAP RFC 3507 and headers specific to AV vendors.  The AV implementation works by streaming files over an IPSec secured channel to the AV box, appliance, or service.  Note – with MOVEit, your files will be streamed to the file transfer antivirus solution for scanning prior to entering your internal network, which raises two critically important points:

  1. Be certain the specified AV scanning destination is protected and secured – your potentially sensitive (encrypted) data will be flowing to and from this destination.
  2. MOVEit scans payloads for virus before they enter you internal network, drastically reducing the liability assumed with the majority of other premise-based MFT implementations on the market today.  This means a dirty payload doesn’t get past your gate, whereas most MFT solutions will have to ‘lower the drawbridge’ in order to disposition a file.

The end user view of an AV scan is simple – any file upload to a MOVEit server has to pass the AV scan to appear in your folders or be sent as a package.  This includes a simple manual upload to a folder, a mobile file send, or system- to-system automation via DMZ folders and MOVEit Central.  Files are scanned and validated to ensure that they are free of viruses, trojans, malware and other malicious threats. If an infected file is detected MOVEit will immediately:

  1. Reject the transfer of the infected file
  2. Alert the end user that the upload failed due to virus detection
  3. Log the virus, timestamp, the scan engine, version and definition tag
  4. Report the list of infected files that have been detected during a specified time period

By integrating your antivirus solution with your managed file transfer solution, you ensure that all the files you receive are scanned before they enter your network. Not only does this protect your applications, data and valuable IT assets, but it prevents you from accidentally passing on any viruses that may exist in your systems.