Automate IBM i PGP Encryption and Secure File Transfers with Robust MFT

Streamlining and automating the PGP encryption process for organizations on the IBM i platform can help ease time pressures on IT staff and in turn, reduce risks that lurk around the corner when teams rely on error-prone manual tasks and cumbersome scripts and programming to encrypt and monitor file transfers. There’s a better, a more secure option using a Managed File Transfer (MFT) solution. 

PGP (Pretty Good Privacy), along with other popular encryption protocols, can be seamlessly automated with robust MFT software that supports the IBM i, such as Fortra’s GoAnywhere MFT, which can be installed on IBM i Series version 7.1 and higher on IBM Power Systems and other operating systems with hooks back into the i Series. And, GoAnywhere can be deployed on-premises, in the cloud, in a hybrid environment or as MFTaaS. 

IBM i Organizations Can Ditch Encryption Scripts  

With automation functionality built-in to MFT, IBM i organizations can ditch the scripts in favor of user-friendly encryption for file transfers of their sensitive data, no matter the file size or type. And this automation benefit is not limited to encryption, the entire file transfer process can be automated and centralized, including IBM i-specific transactions. GoAnywhere can: 

• Generate full audit logs of all PGP encryption and decryption processes 
• Use database to run SQLS over DB2 tables and more 
• Use data translation to export and/or import DB2 data in different formats 
• Use integration to run native IBM i commands  
• Encrypt files with one or more public keys 
• Decrypt files with private keys 
• Sign files with private keys 
• Verify digital signatures in files using public keys 

MFT Simplifies IBM i Commands, Key Creation, and Key Certificates 

You can easily execute IBM i commands and programs through a GoAnywhere connection with an IBM i server. Up to 35 parameters can be used to pass variables and constant values to the program, and commands are included for performing SFTP transfers, ZIP compression, as well as PGP encryption and decryption. 

SSL certificates, SSH keys, and Open PGP keys are accessible through a browser-based interface on GoAnywhere’s Key and Certificate Manager and there’s no need to know cryptic commands. For additional security, admins can restrict use to authorized users only.   

MFT Functionality Provides Additional IBM i Benefits 

Solutions that are easy to use are the ones that get used – greatly reducing the chance that employees will hop onto a free, perhaps more familiar, but less secure resource, when transferring sensitive data. Not only can GoAnywhere MFT streamline encryption, IBM i organizations can also take advantage of its user-friendly GUI interface (a dashboard-style interface).     

For the IBM i platform, GoAnywhere offers these advantages above and beyond eliminating programming and scripting:  

• Automated and secure file transfers in transit and at rest 
• An intuitive interface for setting up transfers and multi-step workflows 
• Included IBM i commands and built-in tasks for performing Open PGP encryption and decryption, SFTP transfers, and ZIP compression 
• Integration with CL, RPG and COBOL programs 
• Help in meeting compliance requirements such as those for HIPAA, PCI DSS or GDPR with data encrypted in transit (as well as at rest). Detailed audit logs and reports also help meet compliance requirements. 
• Scheduling through GoAnywhere MFT's integrated scheduler or third-party schedulers 
• No need to create additional IBM i user profiles with a built-in user management system  
• Comprehensive security controls such as IP block and allow lists, brute force attack monitors, alerts and password policies built into the software 
• Triggers for automatic processing of files  
• Open PGP and AES-256 encryption to protect files at rest 

See How GoAnywhere MFT Automates PGP Encryption 

With its intuitive dashboard, admins can quickly set up PGP encryption to occur automatically, removing the time and error constraints of encrypting sensitive files without robust MFT functionality. 

As shown in this brief, self-directed IBM i PGP encryption demo, users need only follow a few simple steps to automate PGP encryption to send files of all sizes and types securely. 

1. First, admins need to define their SSH Server to connect with their trading partner using SFTP. Once that’s done, that connection will be noted as a resource.  
2. Once the connection is tested, projects can be created to automate both file transfers and workflows. Within workflows, projects can be built to encrypt, push, pull, or rename files. Then, jobs can be scheduled, and monitors can be applied to automatically execute workflow projects. 
3. Projects can be set to execute immediately or be scheduled to run at date and time defined by the built-in scheduler, IBM i Advanced Job Scheduler, or with Robot Schedule or they can be set to run via an established event. 
4. Pre-defined templates can be used to save time when building projects or you can create your own. GoAnywhere has over 100 built-in tasks with drag-and-drop features to easily build out a custom workflow project. 

Teams can seamlessly build automation using the built-in scheduler to run the job when needed. Frequency can be scheduled to run one time, at startup, by the minute or hour, daily, weekly, or monthly. The file monitor function in GoAnywhere also repeatedly scans for new, changed, or deleted files in a folder. When the scan condition is met, the monitor can call a pre-defined project. 

Add Security Controls to IBM i Data 

GoAnywhere’s comprehensive security controls can help protect sensitive data while it’s in transit or at rest on an IBM i system: 

• Create IP block lists to block brute force and DoS attacks 
• Set guidelines and expiration intervals for user passwords 
• Trigger alerts to send an email whenever a monitored event occurs 
• Use only FIPS 140-2 certified encryption algorithms 
• Restrict users to certain directories and subfolders 
• Generate audit logs of all user events and file activity 
• Encrypt files on disk using AES-256 encryption