Sharing files in most any industry requires some level of security to protect what is often an organization’s most valuable asset – the data entrusted to it. When it comes to the military, the defense industry, or other high-security organizations – government or private – prioritizing the security of files via solutions that offer segmentation opportunities to thwart intrusion is a must.
Government agencies, military departments and contractors regularly transfer highly confidential or time-sensitive information and face several challenges, for example:
- Large data sets can be slow to deliver
- The data being exchanged must be protected in transit as while as at rest
- When using ad-hoc file transfer methods, tracking whether a file has been delivered or received can often be difficult if not impossible
At every level, these organizations need to know that their information can be exchanged efficiently and securely across their various departments, and sometimes out to external agencies as these transactions may occur across a variety of network links spanning numerous territories.
To maintain high security for accessing secure information, sharing videos from an active military installation, or preparing an off-site recovery backup, infrastructure must be put into place to ensure file transfers can be streamlined and simplified without heavy IT administration.
Secure File Sharing for Military or Other High-Security-Needs Industries
Meeting the security policies and substantial compliance regulations and requirements of military and defense departments, as well as those policies of other government agencies and their contractors requires secure file transfer solutions that go beyond getting files from point A to point B.
Not only do these file sharing solutions need to meet federal government compliance mandates such as FISMA, NIST, and PCI DSS, in some situations, they also need to be able to segment or airgap their file exchanges to physically separate networks or computers so they can operate as separate entities or networks. This separation, or siloing, can help insulate high-security organizations from unauthorized access or other cyberthreats that would otherwise cross over a network, creating a domino effect from a single incident.
“When stringent security measures are needed for data transfers, such as for defense contractors or the military, having the ability to deploy a single Managed File Transfer (MFT) solution with the option to configure it with multiple GoAnywhere Gateways offers an enhanced level of security to protect those highly sensitive data assets,“ said Jerrod Foster, Senior Solutions Engineer, MFT, Fortra. “By establishing multiple GoAnywhere Gateways instead of the more standard configuration of a single gateway, organizations can use their MFT for both their internal traffic, as well as for exchanging files outside the organization, which makes for better air gapping all around,” said Foster.
“These types of organizations need to serve their clientele (internal and external) with varied levels of security and an MFT solution that can handle multiple gateways simultaneously accomplishes this more seamlessly and with better compatibility than relying on multiple solutions,” Foster added.
Fortra’s GoAnywhere MFT has architected its MFT solution to allow for it to connect to more than one gateway in order to deliver this type of security by isolation. Not all MFT solutions offer this capability. In fact, some MFT solutions require a MFT application to sit directly in the DMZ rather than the private network. As GoAnywhere always initiates the connection to GoAnywhere Gateway, it allows MFT to sit in the private network and the gateway to be deployed to the DMZ and other network segments as needed.
“This configuration can help those highly secure organizations create a barrier, should they be attacked or threatened, as it provides more containment. The MFT and gateway can function like their own independent network and would be unaffected by something like a ransomware attack on another network,” added Foster.
Read More: Protecting Vital Government Information with MFT
Defense Contractor Use Case Illustrates Multiple Gateway Benefits
To see how robust MFT can be deployed for “non-traditional” use cases, let’s look at one large U.S. defense contractor. This contractor was using a homegrown file transfer solution to meet their general file transfer needs. While their solution easily accomplished standard data exchanges, their defense contract required multiple gateways for security and compliance purposes. GoAnywhere MFT offered the desired single MFT environment plus the ability to utilize multiple gateways to provide security in a more segmented fashion.
In the sample architecture detailed above, GoAnywhere MFT is deployed in a single, secure network segment (OT networked) and GoAnywhere Gateway is strategically deployed in the DMZ and additional network segments. MFT initiates all communications to each Gateway instance, minimizing exposure to the Secure OT network.
This design eliminates the need to open any inbound ports into the secure zone, enabling user access from the different network segments. Additionally, file transfers can be facilitated to/from external partners through the Gateway deployed in the DMZ. This scenario is an optional, but atypical use case.
To automate internal file movement across security boundaries, GoAnywhere Agents can be deployed without requiring any additional port openings. Agents leverage the Gateway for all communication and data transfers, ensuring a streamlined and secure file exchange process.
Foster notes, “In this scenario, GoAnywhere MFT’s Secure Mail module is used as a peer-to-peer solution within the contractor’s network to incorporate security controls, such as automatic AES-256 bit encryption, restricted access controls, and a configurable data retention policy so that internal employees sharing files with other employees or with external parties can be assured that even if an intrusion in another segment of the organization occurs, the data contained on the network with a particular gateway remains isolated from that cyber threat.”
File Integrity Checking via Checksum Task Adds Assurance
“The last thing any military operation needs to be worried about is whether files sent actually arrived,” noted Foster. “GoAnywhere’s checksum task can be inserted into any flow to verify file integrity.”
The checksum task is used to ensure that data has not been altered or corrupted in transit and to verify the integrity of data during transmission or storage. A checksum algorithm generates a unique hash value. Data is sent accompanied by this checksum and when the data is received, the same algorithm is applied to the data and compared to the original. If it’s a match, the data can be considered uncorrupted and intact.
Read More: Transferring Government Files: MFT Addresses Biggest Challenges
Meeting Common Criteria, NIAP Standards for NSS Procurement for MFT
Government entities needing to meet National Security System (NSS) Procurement rules, per the Committee on National Security Systems Policy #11 and those needing to adhere to software solutions listed on the NIAP Product Compliant List can be assured that GoAnywhere has met the rigorous security standards, including Common Criteria certification, required for federal government buyers and other security-forward organizations.
Common Criteria is the international standard that helps affirm the security certification for security software, providing assurance that specifications, implementation, and evaluation claims are true.
Software solutions that undergo the rigorous evaluation and certification process, such as GoAnywhere MFT, deliver “next level” trust for government entities, including the Department of Defense, which is required to purchase from the NIAP Product Compliant list.
Read More: Why Common Criteria Certification Matters to Security-Conscious Organizations
How Military File Sharing Benefits from Secure File Transfer
While secure file transfer solutions such as Fortra’s GoAnywhere MFT and FileCatalyst (Fortra’s accelerated file transfer solution, which helps speed large file transfers from anywhere around the world), can help military and government organizations secure and accelerate their sensitive files, these capabilities need not be limited to only government entities. “Almost every Fortune 500 company that has sensitive assets that could potentially be exposed could also benefit from segmented networks,” noted Foster.
In addition to delivering gateway options, Fortra’s MFT solutions offer:
- Data encryption using FIPS 140-2 compliant AES, Triple DES, and TLS algorithms
- Strong authentication methods
- Automation to help reduce risks of manual file transfer tasks
- Optimized bandwidth to ensure reliable transfers, even from remote locations or from locations with unreliable links
- File monitoring and tracking
Meet Military and other High-Security File Transfer Needs with GoAnywhere MFT
Protecting the assets of the military, other government entities, and other highly sensitive organizational needs requires more than a file transfer solution that simply ushers data between locations. High-security demands require a high-security MFT solution; one that delivers flexibility in how access is granted via multiple gateways.
To see how GoAnywhere MFT can meet and exceed your file transfer needs, schedule a demo today.