Home » Blog


Posts Tagged with "DATA SECURITY"

Linoma Software celebrates 20 Year Anniversary

Linoma Software-20 Year-FINALLinoma Software is celebrating 20 years in helping organizations around the world to automate their IT processes and protect sensitive data. The company will commemorate this milestone anniversary with the much anticipated unveiling of their new corporate headquarters, groundbreaking new software releases and promotional events throughout the next twelve months.

"From the beginning, our goal has been to provide great products at affordable prices that are backed with unparalleled customer support and service," said Linoma Software founder, Bob Luebbe. "We attribute our success over the last 20 years to this simple company philosophy. It encompasses all that we do."

Looking Back: A Modest Beginning

Husband and wife team, Bob and Christy Luebbe, started Linoma out of their home in 1994 to provide IT consulting and contract programming services to area businesses. The concept was simple, in that they offered experienced IT talent for affordable rates.

By late 1995, the Luebbes had hired several consultants to service their expanding customer base which included Fortune 500 companies such as Union Pacific, First Data Resources and Hewlett-Packard. They also officially opened their first office in Omaha, Nebraska to offer offsite programming services to out-of-state customers.

Around 1996, Bob had an idea for a product that addressed the challenge of converting legacy IBM RPG code to the new RPG IV (ILE RPG) language. During his off hours, Luebbe built the Convert to ILE RPG software, named it CVTILERPG and released it on a programming list server as a downloadable file. This proved to be a move that was ahead of its time as most software for IBM systems was distributed by mail and installed using cumbersome tapes.

BobLuebbeLinomaSoftwareCVTILERPG became an overnight success as a convenient-to-install and affordable utility, which paved the way for Linoma to evolve into a software company. Many of the original users of CVTILERPG (now called RPG Toolbox) are still loyal customers today.

Finding ways to make tasks easier and more efficient has always been the core of Linoma Software's approach to software development. From creating graphical interfaces for the AS/400 in 1997 with Surveyor/400, to the debut of Transfer Anywhere in 2002, to encrypting databases with Crypto Complete in 2007, Luebbe and his growing R&D team continued to innovate and streamline processes for the IBM i. As new products were developed and released, Linoma put an emphasis on affordability and five-star support, which the company is known for.

The release of GoAnywhere Director in early 2008 was a turning point for the company. Quickly becoming the flagship product for Managed File Transfer and secure data exchange, the multi-platform software delivered full automation, encryption and detailed audit trails for file transfers. Following shortly after in 2009, the introduction of GoAnywhere Services expanded the product offering to support secure file services using FTP, FTPS, SFTP and HTTP protocols. GoAnywhere Gateway joined the product suite in 2010 with enhanced forward and reverse proxy to protect files in the DMZ.

LinomaSoftware2014 Looking Forward: Success through Innovation

As the GoAnywhere software suite continues to grow and evolve, the company has grown as well. Linoma Software has been named to the Inc. 5000 list of top growing companies in Nebraska for the past two years. Their customer base consists of over 3,000 installations worldwide including government entities, large corporations and mid-sized companies. Boasting over a 98% customer retention rate, Linoma Software continues to win customers over through innovation, affordable product offerings and responsive product enhancements.

According to Luebbe, "Several of our customers have been with us since the beginning. They love the products and rave about our support. We're thrilled to be celebrating 20 years and it's because our customers truly appreciate what we do. Without their trust and support, we wouldn't be here. It's that simple, and we are truly grateful."

Click to Download and Print PDF

Linoma Software products are not affected by Heartbleed bug

Heartbleed bug graphic from heartbleed.comIf you are a Linoma Software customer using any of our products such as the GoAnywhere suite (Director, Services, Gateway, Open PGP Studio), Crypto Complete, Surveyor/400 or the RPG Toolbox, we are pleased to report that our products are NOT vulnerable to the Heartbleed bug.

The CVE-2014-0160 exploit, or Heartbleed bug, has made big headlines over the last 48 hours. The Heartbleed bug exploits vulnerabilities in the popular OpenSSL server software potentially allowing the memory of SSL/TLS encrypted systems to be compromised. The bug essentially allows access to the memory of the SSL/TLS protected systems and attackers can potentially steal and read formerly encrypted information such as usernames and passwords, credit card numbers and other sensitive data. To learn more about the Heartbleed bug please visit Heartbleed.com. Additional resources allow you to check and see if your website or server is affected by the Heartbleed bug: Heartbleed Test and LastPass Heartbleed Checker.

GoAnywhere Suite (Director, Services, Gateway, Open PGP Studio) GoAnywhere does not use native libraries for SSL/TLS and relies on the JSSE libraries of the JVM that GoAnywhere is running on. This exploit does not exist in the JSSE implementation of SSL/TLS. While Tomcat does, however, have the ability to utilize native SSL/TLS capabilities for its HTTP/S connections with the APR Connectors, GoAnywhere does not employ this functionality. GoAnywhere Secure File Transfer mobile apps: For Apple devices: The GoAnywhere Apple app uses the Secure Transport implementation of SSL/TLS and is not affected by Heartbleed. For Android devices: The GoAnywhere Android app uses the JSSE implementation of SSL/TLS and is not affected by Heartbleed.

Surveyor/400: Surveyor/400 does not use native libraries for SSL/TLS and relies on the JSSE libraries of the JVM that Surveyor/400 is running on. This exploit does not exist in the JSSE implementation of SSL/TLS.

Crypto Complete: Crypto Complete does not use SSL/TLS for Field or Backup encryption and is not affected by Heartbleed.

RPG Toolbox: Our RPG toolbox does not use any encryption and is not affected by Heartbleed.

Data Breaches Threaten Companies Worldwide

As technology staffs contend with ongoing changes to the data distribution landscape, it is important to keep abreast of data security risks and to understand the significant importance of properly managing customer's private data.

data breachThe Ponemon Institute recently released its annual data breach report which provides stats on data security issues and trends. With more than 277 companies involved and 1400 individuals interviewed, this report provides a current and unique perspective of potential security risks associated with even the smallest data breach.

Below are highlights of the report which indicates data breaches remain a difficult challenge.

  • The report identifies three key causes of data breaches worldwide:
    • Malicious Attacks - 37%
    • Negligence - 35%
    • System Errors - 29%
  • The average per capita costs of a data breach increased to $136 per capita over the $130 per capita from the previous year.
  • The US had the highest total per incident cost of $5,403,644.
  • In 2013 the average number of breached records was 23,647
  • Healthcare, Financial and Pharmaceutical industries continue to be the top industries with the highest per capita costs incurred.
Ironically, the report noted that organizations that notified victims too soon following a data breach actually incurred higher costs. This is an indication that an incident management plan should be in place to properly mitigate the data breach event.

It's clear, based on the data in this report, that companies need to look beyond technology solutions that secure systems and communications. It is important that the human factors are considered like employee training and creating an incident management plan to provide a full proof data security strategy.

Take a look at the full 2013 Ponemon Institute Data Breach report for more information on the top reasons that data breaches occurred and ways to decrease the risks and costs associated with them.

For information on how your company can build a better strategy to avoid data breaches, download our free white paper "Defending Against Data Breach: Developing The Right Strategy for Data Encryption."


Linoma Posts Another Year of Record Growth

We've had lots of reasons to celebrate lately at Linoma Software, and here are just a few.

Sales Are Soaring

GoAnywhere, Crypto Complete, Surveyor 400, RPG ToolboxThanks in no small part to having well designed and executed products and a superior support team, our enthusiastic sales team spent 2012 shattering sales records, and have already topped themselves in the first quarter of 2013. We've been able to help customers from virtually every industry, including healthcare, finance and banking, insurance, manufacturing, education, retail, and government, and as we hear back from them about how GoAnywhere or Crypto Complete or Surveyor or RPG Toolbox has made their lives easier and their data more secure, we can share their stories with others seeking an affordable, enterprise-level solution.

Trade Show Season Is In Full Swing

We've already met lots of new people -- and reconnected with old friends -- at the RPG Summit, RSA Conference, COMMON, and InfoSec in Orlando, and this weekend we're exhibiting with HANDD Business Solutions, one of our partners in the UK, at InfoSec Europe. Then, we're first-time exhibitors at the FOSE government conference in Washington D.C. in May and then we're back in Europe for the COMMON-Europe conference in June.

We've Launched a New Website

If you haven't visited our new GoAnywhere.com website yet, you should check it out. Our team worked very hard to redesign not only the look and feel, but also the navigation to make it easier for visitors to find what they need. We hope you'll take a look and let us know what you think.

GoAnywhere OpenPGP Studio is Now Available

Last month we published a free desktop tool that can encrypt and decrypt files using OpenPGP encryption. It's a great solution for those who need to occasionally encrypt files, and OpenPGP Studio also helps organize and manage keys. You can download OpenPGP Studio for free here.

We've also added some new faces to our team and are working on some pretty cool software enhancements as well as our first mobile app, which should be available very soon.

As always, we welcome your ideas and your feedback, and if you've got a great story to share about how one of our products has helped you work more efficiently or kept your data better protected, let us know. We'd love to hear it!



Upcoming Webinar: Focus on FTP Server Compliance

Get Your FTP Server in Compliance

Revised - Watch the Latest Webinar Recording

With the recently added rules for the Healthcare Insurance Portability and Accountability Act (HIPAA) that now holds trading partners and business associates accountable if they also handle patient data, it's a good time to review whether your FTP server is updated and ready to meet compliance requirements. Learn how to keep your data as well as trading partner files protected within your network and still allow external access without opening inbound network ports. You can also see a demo of Linoma Software's GoAnywhere™, a managed file transfer solution that includes a secure FTP server and a reverse proxy DMZ gateway with clustering and load balancing capabilities to ensure high availability.


IBM i Encryption Made Easy with DB2 Field Procedures

Now Available On Demand

IBM i 7.1 DB2 Field Procedures, data encryptionDuring this recorded webinar, you can learn about how to make the DB2 Field Procedures Tool in IBM version 7.1 work even more efficiently as part of a more comprehensive solution, one that makes it easier to implement encryption, manage keys, and generate auditing reports so important for meeting compliance regulations like HIPAA and PCI DSS,. You can also see a demo of Linoma's popular encryption software Crypto Complete.

Learn more

All of our webinars are recorded, so if you register and are not able to attend live, you'll be able to review the webinar at a more convenient time.

We look forward to having you join us and will be happy to answer any questions you have.



Simplify Field Encryption on IBM i

Now that corporate applications are easier to access via remote and mobile channels, it's even more important to determine which sensitive data is accessible and where possible breaches may occur. Unfortunately, legions of hackers with Wi-Fi and mobile hacking tools make it imperative that organizations prepare for and defend against potential attacks with even more pervasive security procedures.

One step in creating a stronger defense is to employ field or column-level encryption to protect sensitive data at rest.

Implementing a custom field encryption project on IBM i used to be a notoriously long and painful process. Programming code changes for field level encryption required a steep learning curve, costly programming resources, and even more time in testing, validating and updating the changed application source code. Most companies simply could not justify the additional strain on their budgets for this level of project development requirements.

In response to this challenge, IBM released its OS version 7.1 with DB2 field procedure (FieldProcs) in April of 2010 that greatly simplified the field encryption process. With the new FieldProcs technology, encryption projects can be streamlined because the field procedures are invoked at the database level, making it transparent to the applications. The FieldProcs can be coded to automatically encrypt the field on Inserts and Updates, and subsequently decrypt the field only for authorized users on Read operations. Subsequently, FieldProcs have become very important to those businesses that have legacy applications and limited budgets.

FieldProcs are a great step for improving the viability of field level encryption projects. But even with this, many companies don't have the resources to integrate and manage the FieldProcs which is why third-party software solutions, like Linoma Software's Crypto Complete, are valuable. Crypto Complete will generate and manage the FieldProcs on the fields within the files.

Crypto Complete also includes the key management, audit logs and access controls needed for PCI DSS and data privacy compliance. The value of using Crypto Complete for field encryption cannot be understated as it can greatly minimize the learning curve and reduce the implementation resource requirements from weeks to hours.

Tokenization: A Powerful Weapon Against Cyber Attack

Tokenization in the data security world is the process of moving sensitive data from a company network to a separate location or sever, and replacing and referencing that data on the company server with a unique token.

If hackers attempt to access sensitive information like credit card numbers from a server, they'll instead encounter the token which prevents them from finding the original data without a specific encryption key or knowledge of the tokenization system.

Linoma Software GoAnywhere Managed File Transfer SolutionFor example, say a merchant acquires a credit card number by swiping a customer's card with a card reader. If the merchant has implemented tokenization, this card number information is immediately replaced in the merchant's database by a token number while the actual card number is sent and stored (in encrypted form) at a different location, along with the reference from the token.

Because the actual card number is never stored in the merchant's front-end system, hackers have a much more difficult time stealing it. Customers can therefore be assured that it is safe to let that merchant use their card information because the actual credit card numbers are not stored in an easily accessible location.

All organizations that capture credit card data are required by the PCI DSS government regulations to secure and protect this data. Originally, this presented a challenge to the payment industry until Shift4 Corporation presented tokenization solutions at an industry Security Summit in 1995. The adoption of tokenization became a popular solution to meet the PCI DSS compliance regulations.

>>Check out these white papers discussing PCI DSS compliance issues, and data breach threats

Other industries are beginning to adopt tokenization to protect confidential information such as banking transactions, medical records, criminal records, vehicle driver information, loan applications, stock trading and voter registration.

Finding the most efficient way to implement tokenization is challenging, but the growing threat of cyber attack and the expense of data breach have motivated IT shops to research options in earnest.

A variety of third-party software solutions, such as Linoma Software's Crypto Complete, deliver tokenization tools as well as additional options for managing encryption keys, audit logs, message alerts; storing tokenized data; automatically assigning token identifiers; and providing a central management platform for the entire tokenization process.

When a greedy hacker in anticipation of scoring a cache of customer credit card data finds instead a series of tokens, companies win another battle in the war against cyber thieves.

Citigroup Breach Triggers Congressional Response

The data breach at Citigroup in May - a breach which reportedly exposed an estimated 200,000 customer accounts - has motivated members of the U.S. Congress to re-introduce legislation to penalize the very organizations that have been victimized by hackers. What are the next steps your company should take?

New bills to protect consumers' personal data

Linoma Software Managed File Transfer SolutionsTwo bills are proposed by both House and Senate legislators.

First, Sen. Patrick Leahy (D-Vt.) has introduced the Personal Data Privacy and Security Act of 2011. The new bill provides:

  • Tough criminal penalties for individuals who intentionally or willfully conceal a security breach involving personal data;
  • A requirement that companies that maintain personal data establish and implement internal policies to protect data privacy and security; and
  • A requirement that the government ensure sensitive data is protected when the government hires third-party contractors.

This act would also require, under threat of fine or imprisonment, that businesses and agencies notify affected individuals of a security breach by mail, telephone or email "without unreasonable delay." Media notices would be required for breaches involving 5,000 or more people. The FBI and the Secret Service would need to be notified if the breach affects 10,000 or more people, compromises databases containing the information of one million or more people, or impacts federal databases or law enforcement.

But that's not the only security bill that has businesses concerned.

In the House, Rep. Mary Bono Mack (R-Ca) is holding hearings in preparation of a bill she's named The SAFE (Secure and Fortify) Data Act that would also require "reasonable security policies and procedures" to protect consumers and enable disclosures to victims and the Federal Trade Commission within 48 hours of a data breach.

Companies no longer viewed as the victims

All this sounds good from the consumer's point of view. But what about the expense - and potential Linoma Software GoAnywhere Managed File Transfer Solutionpenalties - suffered by the "owners" of the data: the businesses themselves?

While these bills may address the public's interest for notification -- and indeed they would bring some semblance of a national standard - they also represent an interesting shift in the liabilities that companies will face. How is that?

Though we currently have no federal data breach notification law, federal policies now view the companies that experience a data breach as the victims of crime. However, under the proposed legislative bills, companies that do not act quickly to appropriately secure the personal data of customers - or fail to report a data breach in a reasonable amount of time - would not only suffer the theft of data, but also be held liable for its loss.

This is a significant shift. Companies are now being viewed not as the owners of consumer data, but merely guardians and trustees whose job it is to protect that data or face criminal penalties. And the message is clear: if companies won't take adequate precautions to secure the sensitive data of our customers, they'll pay a hefty price.

Where does your company stand?

In a world in which diligent hackers have the power break into seemingly secure networks and systems, what can your company do?

The challenge is first to determine exactly what qualifies as adequate precautions.

GoAnywhere Secure Managed File Transfer A review of the HIPAA HITECH security provisions that took effect last year provides some insight about what the government considers adequate protection.

HITECH strongly recommends the use of encryption technology. Encryption is a good place for your company to start, especially when dealing with the data your company stores on its servers. If sensitive data itself is kept securely encrypted, a data breach doesn't expose the content of the information itself.

Secure managed file transfer protocols - which send data using encryption - is the second place to focus attention.

If data is encrypted when it is being securely transmitted between business partners, the value of that data should it be breached - through hacking, theft, or other malicious actions - is worthless. Encryption and secure managed file transfers can dramatically minimize the holes of technical breaches, significantly reducing an organization's liability.

Preventing exposure

The Citigroup data breach has rekindled the momentum for a nationwide, cross-industry data breach reporting standard. This standard will not to eliminate the physical breaches themselves. What's needed is legislation to encourage companies secure the underlying data that is the target of the hackers.

Isn't it time for your company to take a serious look at its liabilities and to investigate how encryption and managed file transfers can close these important security holes?

Data Breach: Are You Next (or Again)?

A data breach is closer than you think. As the percentage of data breaches increase, the risk of organizations losing your sensitive data also increases. No one wants to receive the news that some or all of their personally identifiable information (PII) was stolen. There are people who are victims of various phishing scams, but it is more likely that your information will be leaked or stolen from an organization.

The health care industry is currently in the spotlight, as they are moving to mandated Electronic Health Records (EHR) and the American National Standards Institute (ANSI) is investigating the two main health care related data privacy concerns today: how to protect patient information and what is the financial harm or cost per record if it is stolen.

The numbers are staggering. According to the Privacy Rights Clearinghouse (www.privacyrights.org), there have already been 47 reported leaks or breaches in the health care realm this year. That is about one every other day (102 additional reported breaches if counting business and government).

In the world of data security; breaches are no longer thought of in terms of "if," but "when." Fortunately, there are easy steps companies and health care organizations can take to protect the PII that they maintain from direct hacking attempts. The procedures data security companies recommend you acquire begin with the following:

  • Require strong passwords
  • Use encryption to protect files in motion and at rest
  • Reduce the number of computers that process sensitive information
  • Audit every transaction
  • Limit the number of accounts that can access the critical data
The organization you own or work for doesn't have to be the next headline, start researching different options to protect your customer's sensitive data and keep your organization from a possible breach. The fines and surcharges are exponentially higher than purchasing a secure managed file transfer solution or a database encryption tool. Not sure where to start? Read the Top 10 Managed File Transfer Considerations.

The Culture of Data Security

Data SecurityWe hear a lot of buzz about protecting both customer and company data, but it is alarming how few IT departments and enterprise users are protecting their data correctly. A recent survey conducted for Oracle reveals that fewer than 30 percent of their respondents are encrypting personally identifiable information.

Data and network security should be the basis for every IT decision, but it is typically an afterthought. The Oracle report also concludes that half of companies surveyed profess a strong commitment to data security, but only 17 percent of them have begun to scratch the surface.

Lack of data security is often due to corporate culture and the fear of change. Most companies at the corporate level agree they are committed to data security and protecting customer records. If a company's official stance is to protect their data, where are the security holes?

In my experience, the largest security holes exist in the departments outside the core IT organization. They don't place the same value on the data as the IT Security team. Many companies still allow their employees to perform file transfers directly from their desktops and laptops using FTP or other unsecure tools. Not only are these ad-hoc methods unsecure and capable of exposing passwords or entire databases, they do not all function alike and do not provide centralized logs.

Educating employees about the dangers of unsecured and/or unnecessary data transfer is more business-friendly than preventing it altogether. Part of this process should be moving everyone to a managed file transfer methodology, like Linoma Software's GoAnywhere Director. This not only secures your data transfers, but it creates a digital paper trail showing where assets are going - something which is of particular importance when you consider all the data security compliance regulations in effect today.

Data security for the millions of files sent over the Internet or within "the cloud" is of great importance to all industries, including health care, retail, banking and finance. Internet transfers include the critical data needed to conduct business, such as customer and order information, EDI documents, financial data, payment information, and employee- and health-related information. Many of these information transfers relate to compliance regulations such as PCI, SOX, HIPAA and HITECH, state privacy laws, or other mandates.

We need to grow a data security culture that includes securing file transfers.