Good business practice dictates data protection for you, your customers,
Although secure protocols
and your business partners – including data in transit. But, even the best
security practices do not alleviate the need to demonstrate
support a secure and compliant
compliance with a variety of regulations and standards that can carry
high contractual, civil, and criminal penalties. Plus, the indirect loss of
file transfer process, they are
faith of your customers or business partners can have an incalculable
impact on your bottom line.
only one component in ensuring
Most organizations require that all file transfers are secured. In addition, your security goals are met.
they may need to comply with mandates, such as SOX (Sarbanes-Oxley
Act), HIPAA (Healthcare Insurance Portability and Accountability Act),
and PCI DSS (Payment Card Industry Data Security Standard).
Often popular secure protocols, such as SSL or SSH, are used when Coviant® Software offers Diplomat® Transaction Manager, a suite of file
data is transmitted outside the corporate firewall to customers, business transfer management products that secure data in transit and improve
partners, or other departments. Although secure protocols support a compliance with industry and government mandates. Diplomat Transaction
secure and compliant file transfer process, they are only one component Manager brings together the security and workflow management features
in ensuring that your security goals are met. Delivering security and that IT and security professionals need in an easy to implement, cost
compliance with your file transfer process requires careful design to effective solution for automating your secure file transfer process.
ensure that your data is protected at all times.
Knowing whether your file transfer process complies with regulations and
standards can be difficult. Many regulations are based on objectives. You
need to interpret these objectives and create an action plan to design a
secure file transfer solution that meets them.
DMZ
Secure File
Transfer Trading Partners
Internet
Secure File
Transfer
Job
Request
Secure File
Job Transfer
Scheduler
File Transfer
Secure FTP
Server with
Repository
Data Source File Transfer
Manager
Secure Datacenter
2 COVIANT SOFTWARE
STEP 2: CONTROL ACCESS STEP 3: AUTOMATE TRANSFERS
Control access to your file transfer solution. Both the FTP server and Automate file transfers to reduce errors and limit access to sensitive
the file transfer management software must be designed and information. A file transfer solution must allow you to run jobs on an
implemented to limit and monitor access when setting up file transfers automated schedule using the job scheduler of your choice. You need
and when file transfer jobs are run. Limiting users, tasks, and data the flexibility to use an internal scheduler that comes with the file trans-
accessibility prevents unintended errors and makes it more difficult for fer solution, a system scheduler (e.g., Windows Scheduler), or a sched-
outsiders to successfully breach your file transfer solution. uler in a separate application to kick off file transfer jobs that integrate
with your business workflow.
Set up access controls during implementation of your file transfer
solution to: Running jobs automatically means that you can eliminate the
hit-and-miss execution of file transfer jobs using a manual process. Jobs
Protect internal communications. Most administrative run on time. Plus, the correct encryption key and logon information
consoles for FTP servers and file transfer management software use eliminate the possible introduction of a variety of security errors into the
client connections to communicate when setting up file transfer file transfer process.
tasks. These client connections should be encrypted with SSL or
other secure protocol.
Encrypt access data. File transfer solutions should always
encrypt sensitive data at rest and only decrypt it as needed, such as
when the application is started or when file transfer jobs are
executed. Encryption of user IDs, accounts, passwords, and Automate file transfers to
encryption pass-phrases prevents unintended use of the access
information. Be careful to avoid file transfer applications that store reduce errors and limit access
data in plaintext, such as batch files or registry entries.
Create unique user accounts. Any user uploading or
to sensitive information.
downloading files from your FTP server needs to be uniquely
identifiable. Anonymous connections should be disabled. Having
individual accounts for each of your business partners or other
internal groups means you can swiftly shut down accounts in the
event of a possible security breach.
Limit privileges on accounts. Each new FTP server account Automated job execution means that no users need to know sensitive
creates a potential point of access to your secure file transfer access information, such as user names, password, and pass-phrases.
solution. When setting up new accounts, strictly limit privileges Each manual intervention required to complete a secure file transfer
based on the precise needs of each user. Restrict access to only creates an opportunity for user error and for capture of sensitive
one default directory for each account. Restrict read, write, and passwords or pass-phrases. Look for file transfer solutions where access
delete privileges based on whether the user will be sending or information can be entered once and accessed as needed at run-time.
receiving files from your server. If possible, restrict access to a
limited set of IP addresses.
Terminate inactive sessions. Each unattended administrative
logon and each FTP session can create easy access to secure
file transfer management software, as well as to data on FTP
servers. Each logon should be set to automatically terminate after a
specified period of time.
4 COVIANT SOFTWARE
STEP 6: SIGN AND VERIFY FILES
Sign and verify files to ensure integrity and non-repudiation. Sign all
outbound data files and check for valid signatures on all inbound files.
Sign and verify files to ensure
Signing and verification are the best way to guarantee non-repudiation
of origin and to ensure decrypted files are safe to process. Verifying
data integrity and non-repudiation
signatures on every file ensures that the files you receive have not been
altered during transit and confirms the identity of the sender.
of origin.
With an encryption standard like OpenPGP, a signature is created and
affixed to a file before it is encrypted in preparation for outbound
transmission. The private key of the sender is used to create the signature.
Without a signature, a recipient has no way to determine the sender of
the file. When the file is received, the file is decrypted and the signature STEP 7: USE SECURE PROTOCOLS
can be examined before the file is processed. Signatures are used to
determine the sender of the file – as only the public key of the sender Use secure transmission protocols to protect logon data and add an
can successfully verify a signature. If the signature verification fails, extra layer of protection to encrypted files being transferred.
then the file should not be processed.
Secure protocols protect logon data during each user access. File
Signatures verify the integrity of files. Part of the signature contains a encryption protects your data, but does not protect the logon data used
hash of the original file. As part of the signature verification process, the to access an FTP server. Secure protocols establish a secure connection
hash is recalculated using the decrypted file and compared to the hash with an FTP server before sending the logon data used to authenticate a
in the original signature attached to the file. Matching hashes mean that user, such as usernames, passwords, and keys. If attackers capture
the file has not been altered since the signature was attached. In other logon data, they can initiate other file transfer jobs and potentially transmit
words, the integrity of the decrypted file has been confirmed and it is files with malicious content.
safe to be processed.
Without secure transmission protocols, an encrypted file can be
captured intact during transit. Once the encrypted file is in their
possession, attackers can work on decrypting the file at their leisure.
Using a secure protocol provides an additional layer of encryption that
must be penetrated before a file is compromised.
Use audit data stratigically to Capture audit data to demonstrate regulatory and internal audit
compliance. Audit data can be used strategically to demonstrate
demonstrate comprehensive regulatory compliance or tactically to confirm to a business partner the
encryption key and destination location used by a specific file transfer
data security and regulatory job.
Proving that you have a secure file transfer process can be an arduous
compliance. task. Audit data needs to be both comprehensive and easy to analyze.
Your file transfer solution needs to capture extensive data in a standard
format, such as a SQL database. Two types of audit data are critical:
Job and file data. Detailed information on each file transfer job
and each file transferred can demonstrate that secure procedures,
such as encrypting files before transfer and use of secure transmission
protocols, were used for each file transferred.
STEP 8: ARCHIVE ENCRYPTED FILES
User activity data. Data on who accessed your file transfer
Encrypt data files with your own master key before archiving. Archived solution is equally as important. If files were transferred incorrectly,
files can be essential component in providing the business a record of questions of who may have set up or updated the file transfers may
information that has been transferred. These archived files need to be become critical.
equally as secure as the files that were transferred. Archival of encrypted The integrity of audit data must also be ensured. If you capture audit
files provides protection in case of an internal security breach, but you data into files, limit the user identities that are allowed to write, alter, or
must be able to decrypt the archived files when they are needed. delete audit files. If you use database technology, such as SQL, limit
Encrypting archival copies of files to your own master key before storing write access to the audit tables to the identity used by the file transfer
in a secure location creates a repository of secure files that are safe and management software.
meet your business needs.
Don’t keep archive files that you can't decrypt. When you are encrypting
files to be sent to your business partners, you use their public key. You
will not be able to decrypt these encrypted files unless you also encrypt
them with your own master key.
6 COVIANT SOFTWARE
STEP 10: MONITOR FILE TRANSFERS
Monitor file transfer jobs to rapidly identify potential security problems.
Automating file transfer jobs does not guarantee that no issues will
Creating a secure file transfer
arise at run-time. Your file transfer solution needs to provide real-time
information. A job not running on schedule or taking too long to
process does not always
complete may signal a security problem.
guarantee that all regulations
When a file transfer job fails, the support person responsible for
the job needs to be alerted as soon as possible. Email and/or paging and standards will be met.
notifications need to be sent, including the information (e.g., log entries)
needed to diagnose and correct the problem.
SECURITY STANDARDS
3. AND REGULATIONS
Creating a secure file transfer process does not always guarantee that
all regulations and standards will be met. Mandates, like SOX, HIPAA,
and PCI DSS, are intended to protect the privacy and security of data.
Each covers a wide range of control objectives. Only some of which are
pertinent when designing and implementing a secure file transfer
solution. The next sections identify the portions of each mandate that
affect file transfer security and how the 10 Steps to Secure File Transfer
can meet those mandates.
Ensure that all users Test and monitor Clearly define and Make security- Determine that Use security Exchange sensitive
and their activity on the IT security communicate the related technology policies and techniques and transaction data
IT systems are implementation in characteristics of resistant to procedures are in related only over a trusted
uniquely identifiable. a proactive way potential security tampering, and place to organize management path or medium
Enable user …A logging and incidents so they do not disclose the generation, procedures (e.g., with controls to
identities via monitoring function can be properly security change, revocation, firewalls, security provide authenticity
authentication will enable the early classified and documentation destruction, appliances, network of content, proof
mechanisms … prevention and/ treated by the unnecessarily. distribution, segmentation, of submission,
Maintain user or detection and incident and certification, intrusion detection) proof of receipt
identities and subsequent timely problem storage, entry, use to authorize access and non-repudiation
access rights in a reporting of unusual management and archiving of and control of origin.
central repository … and/or abnormal process. cryptographic information flows
Establish user activities that may keys to ensure the from and to
identification, need to be protection of keys networks.
10 STEPS TO implement addressed. against modification
SECURE FILE authentication and unauthorized
TRANSFER and enforce disclosure.
IMPLEMENTATION access rights.
1. Secure configuration
• •
2. Control access
• • •
3. Automate transfers
• •
4. Authenticate users/
processes •
5. Encrypt files
• •
6. Sign and verify files
•
7. Use secure protocols
•
8. Archive encrypted files
8 COVIANT SOFTWARE
FIG. 3 – HIPAA §164.312 TECHNICAL SAFEGUARDS
(c)(2)
Authenticate
(a)(2)(i) (a)(2)(iv) Electronic (d)
(a)(1) Unique (a)(2)(iii) Encryption Protected Person or (e)(1) (e)(2)(i)
Access User Automatic And (b)(1) Audit (c)(1) Health Entity Transmission Integrity (e)(2)(ii)
Control Identification Logoff Decryption Controls Integrity Information Authentication Security Controls Encryption
Allow access Assign a Implement Implement a Implement Property that Implement Implement Implement Implement Implement
only to those unique name electronic mechanism to hardware, data or electronic procedures to technical security a mechanism
persons or and/or procedures encrypt and software, information mechanisms verify that a security measures to to encrypt
software number for that terminate decrypt and/or have not to corroborate person or measures to ensure that electronic
programs identifying an electronic electronic procedural been altered that electronic entity seeking guard against electronically protected
that have and tracking session after a protected mechanisms or destroyed protected access to unauthorized transmitted health
been granted user identity. predetermined health that record in an health electronic access to electronic information
access rights. time of information. and examine unauthorized information protected electronic protected whenever
inactivity. activity in manner. has not been health protected health deemed
information altered or information health information appropriate.
systems that destroyed is the one information is not
contain or use in an claimed. that is being improperly
electronic unauthorized transmitted modified
protected manner. over an without
10 STEPS TO health electronic detection until
SECURE FILE information. communica- disposed of.
TRANSFER tions network.
IMPLEMENTATION
1. Secure configuration
•
2. Control access
• • •
3. Automate transfers
•
4. Authenticate users/
processes • •
5. Encrypt files
• •
6. Sign and verify files
• • •
7. Use secure protocols
• •
8. Archive encrypted files
• •
9. Capture audit data
•
10. Monitor file transfers
•
1: Install and maintain a firewall configuration to protect 2: Do not use vendor-supplied 3: Protect stored cardholder data.
cardholder data. defaults for system passwords
and other security parameters.
1.13 1.2 1.3 1.3.4 2.2.3 2.3 3.4 3.5 3.5.1 3.6
Requirements Build a firewall Build a firewall Placing the Configure Encrypt all Render PAN Protect Restrict access Fully document
for a firewall at configuration configuration database in system security nonconsole (Primary Account encryption keys to keys to the and implement
each Internet that denies all that restricts an internal parameters to administrative Number), at used for fewest number all key
connection and traffic from connections network zone, prevent misuse. access. Use minimum, encryption of of custodians management
between any “untrusted” between segregated technologies unreadable cardholder necessary. processes and
demilitarized networks and publicly from the DMZ. such as SSH, anywhere it is data against procedures for
zone (DMZ) and hosts, except accessible VPN, or stored by using … both disclosure keys used for
the internal for protocols servers and SSL/TLS… and mis-use. encryption of
network zone. necessary. any system cardholder data,
component including…
storing Generation of
cardholder data. strong keys...
10 STEPS TO Periodic
SECURE FILE changing of
TRANSFER keys.
IMPLEMENTATION
1. Secure configuration
• • • •
2. Control access
• •
3. Automate transfers
4. Authenticate users/
processes
5. Encrypt files
• • •
6. Sign and verify files
10 COVIANT SOFTWARE
FIG. 4 – PCI DSS REQUIREMENTS (CONTINUED FROM PAGE 10)
4: Encrypt 7: Restrict 8: Assign a unique ID to each person 10: Track and monitor all access to network 12: Maintain a policy that
transmission access to with computer access. resources and cardholder data. addresses information
of cardholder cardholder security for employees
data across data by and contractors.
open, public business
networks. need-to-know.
4.1 8.1 8.2 8.4 8.5 10.1 10.2 10.3 12.5.2 12.9
Use strong Identify all users In addition to Encrypt all Ensure proper Establish a Implement Record at least Monitor and Implement an
cryptography with a unique assigning a passwords user process for automated the following analyze security incident
and security user name unique ID, during authentication linking all audit trails for audit trail alerts and response plan.
protocols... to before allowing employ at least transmission and password access to all system entries for information, Be prepared
safeguard them to access one additional and storage management for system components all system and distribute to respond
sensitive system method to on all system non-consumer components to reconstruct components for to appropriate immediately to
cardholder components authenticate all components. users and to each the following each event… personnel. a system
data during or cardholder users… administrators individual user. events… breach.
transmission data. on all system
over open, components …
public networks.
• • •
•
•
• • •
• •
Secure File Transfer SOX (CobiT Delivery and HIPAA PCI DSS
Implementation Support Control Objectives) Technical Safeguards §164.312 Major Requirements
DS5.3 Identity Management (a)(1) Access Control REQ 2: Do not use vendor-supplied defaults
(2.2.3, 2.3)
2. Control access DS5.7 Protection of Security Technology (a)(2)(i) Unique User Identification
REQ 8: Assign a unique ID to each person
DS5.10 Network Security (a)(2)(iii) Automatic Logoff with computer access (8.1, 8.4, 8.5)
DS5.8 Cryptographic Key Management (a)(2)(iv) Encryption And Decryption REQ 3: Protect stored cardholder data
5. Encrypt files
DS5.11 Exchange of Sensitive Data (e)(2)(ii) Encryption (3.5, 3.5.1, 3.6)
(c)(1) Integrity
(c)(2) Authenticate Electronic Protected
6. Sign and verify files DS5.11 Exchange of Sensitive Data
Health Information
(e)(2)(i) Integrity Controls
DS5.5 Security Testing, Surveillance REQ 10: Track and monitor all access to
9. Capture audit data (b)(1) Audit Controls network resources and cardholder data
and Monitoring (10.1, 10.2, 10.3)
DS5.5 Security Testing, Surveillance REQ 12: Maintain a policy that addresses
10. Monitor file transfers and Monitoring (b)(1) Audit Controls information security for employees and
DS5.6 Security Incident Definition contractors (12.5.2, 12.9)
BRIDGING SECURITY
4. AND COMPLIANCE
Security drives compliance. When you automate a secure file transfer FIG. 5, above, summarizes the relationships between the steps to
process using the 10 Steps to Secure File Transfer, you can also demon- automate a secure file transfer process and SOX, HIPAA, and PCI DSS.
strate compliance with the objectives in SOX, HIPAA, and PCI DSS.
Although each regulation and standard may emphasize different aspects
of security, implementation of the practical steps outlined above ensures
coverage of the pertinent objectives in each mandate.
12 COVIANT SOFTWARE
5. SUMMARY
Both security and compliance are essential to smooth operations
and business continuity. Developing an automated file transfer
implementation can also meet the key objectives that are critical for
compliance with industry mandates, such as SOX, HIPAA, and PCI DSS. Coviant Software offers Diplomat
Focus on 10 PRACTICAL STEPS to meet your security and
compliance needs: Transaction Manager, a suite of
STEP 1: Secure configuration file transfer management products
STEP 2: Control access
STEP 3: Automate transfers that secure data in transit and
STEP 4: Authenticate users and processes
STEP 5: Encrypt files improve compliance with industry
STEP 6: Sign and verify files
STEP 7: Use secure protocols and government mandates.
STEP 8: Archive encrypted files
STEP 9: Capture audit data
STEP 10: Monitor file transfers
ABOUT COVIANT SOFTWARE
Coviant® Software delivers file transfer management products that secure data in transit and improve compliance with industry and government
mandates. Built on open technologies, such as OpenPGP encryption, secure FTP and SQL, Coviant's Diplomat® Transaction Manager suite is an
easy to implement, cost-effective solution for automating your secure file transfer process.
For more information or to download trial software, visit www.coviantsoftware.com or email us at sales@coviantsoftware.com.
Coviant Software Corporation / 209 West Central Street / Suite 204 / Natick, MA 01760
781.534.5166 T / 781.347.4701 F / www.coviantsoftware.com
© 2008 Coviant Software. All rights reserved. Coviant and Diplomat are registered trademarks of Coviant Software Corporation.
All other company and product names are trademarks or registered trademarks of their respective owners.