Globalscape teams with SMS PASSCODE® to Enhance Customer Security

Globalscape teams with SMS PASSCODE® to Enhance Customer Security

SMS PASSCODE’s multi-factor authentication platform now integrates with Globalscape’s Enhanced File Transfer (EFT) Server.

The importance of stepping up user authentication

sms-passcodeA username and password are no longer enough to authenticate the identity of employees accessing corporate networks and data. Research indicates that weak or stolen user credentials are the preferred weapons used by cybercriminals, and are behind approximately 76 percent of all network intrusions.

Traditional two-factor authentication requires something the user knows (usually a password) and something the user has (like a token, fingerprint or mobile phone). In the past, companies distributed hardware tokens to their employees to help validate their identity when logging in; however, over time, these types of solutions have proved cumbersome and expensive for IT to manage effectively, while offering little convenience for end-users.

SMS PASSCODE offers a balance between strong security and high user convenience, with features that include:

  • Leveraging the one thing users always carry with them – their mobile phone – and provides a superior user experience by taking full advantage of contextual information such as time, geo-location, and type of login system being accessed.
  • Intelligent authentication that sees whether users are logging in from trusted locations like home or the office, versus an airport lounge with public Wi-Fi (for example), and conveniently delivers the appropriate level of security for the users.

How SMS PASSCODE works with EFT

Globalscape EFT includes multi-factor authentication through the SMS PASSCODE platform. On a local or LDAP-authenticated site, the administrator can configure EFT to connect to SMS PASSCODE to deliver a one-time use passcode via text message (SMS), a voice call, through email, or via an app to the user’s mobile phone as part of the login process for HTTP, HTTPS or SFTP transfers. Codes are generated in real time when the user enters a correct username and password, and the codes are locked to the session ID of the device used to log in from for added security. Following the successful entry of the SMS code, the user has full access to their files and folders. Any user account that is configured to use SMS authentication must supply the correct user name, password and unique one-time passcode delivered to their mobile phone in order to log in.

The Benefits

  • Convenience: leverages the one thing users always carry with them – their mobile phone
  • Reduced cost: no hardware tokens to buy or maintain
  • Codes are never stored: real time, session-specific codes
  • Superior user experience: avoid burdensome passwords
  • Better security: intelligent authentication assesses the threat level and dynamically adjusts the level of user authentication needed
  • Easy to implement, manage and scale

Please get in touch with the Pro2col team if you have any queries regarding this or any other feature of Globalscape’s EFT Server.

“Today’s modern cybersecurity threats have overwhelmed passwords and tokens, and companies are seeking strong authentication that protects their employees and is easy to use. With the integration
between Globalscape and SMS PASSCODE, system administrators can easily add multi-factor authentication
to their secure file transfer via EFT without compromising the user experience.”
Says Torben Anderson, chief commercial officer at SMS PASSCODE,
“We are excited to partner with a visionary security company like Globalscape that shares our passion
for keeping corporate networks and data secure.”

“Technology integrations that can improve authentication security for our customers just make sense in our EFT solution.” says Greg Hoffer, senior director of engineering at Globalscape,
“We have been hearing about phone-based authentication as a second factor for many years; it has
significant usability and security improvements over the legacy token-based approach to two-factor
authentication. SMS PASSCODE has a well-designed, thoughtful implementation of phone-based multi-factor
authentication. Their platform ties seamlessly into our EFT solution to provide the most secure enterprise
class of secure file sharing on the market.”

Ipswitch Survey Reveals; Damage to Reputation Seen as Biggest Reason to Comply with Data Protection Laws.

Ipswitch Survey Reveals; Damage to Reputation Seen as Biggest Reason to Comply with Data Protection Laws.

Despite 71% believing UK data protection laws should be stronger, 53% still admit to sending sensitive documents by email and 19% have lost critical documents in transit.

A survey by Ipswitch, managed file transfer (MFT) solutions vendor, reveals that fear of reputational damage is the biggest driver for business professionals to comply with data security laws. Yet the majority are still failing to secure the transfer of critical files.

The survey, conducted at the end of April 2014, asked 415 business professionals working across the EU about attitudes, practices and technologies relating to data security and protection. The results also show that the UK is seen as having tighter data protection laws than Germany or France. However, the vast majority think the UK’s data protection laws need to be even stricter.

Key Conclusions:

  • 31 percent of business professionals say that financial censure is the biggest impetus for complying with data protection or staying in line with ICO guidelines, while nearly half (43 percent) cite fear of reputational damage to their brand as the major reason to fall in line
  • The survey also reveals that over half of respondents (53 percent) admit to sending business sensitive documents over unsecured email, while nearly a fifth (19 percent) also admit to losing critical business documents
  • 64 percent of respondents consider the UK to have the tightest data protection laws, 30 percent name Germany as having the strictest laws, while six percent of respondents say that France has the strictest data protection
  • Almost three-quarters (71 percent) of respondents believe UK data protection laws should be stronger to protect businesses and consumers
  • Over a quarter of respondents (27 percent) have never heard of the UK Information Commissioner’s Office (ICO), the public body which reports to UK Parliament and is sponsored by the Ministry of Justice to oversee data protection and privacy
  • More than half (57 percent) agree that the ICO should be more aggressive in its data protection responsibilities

Data-Protection-Image-300x198“It is clear that organisations need to take more responsibility for their own file transfer practices.  Our survey reveals that far too many still rely on unsecured procedures for transferring sensitive files to get work done,” said Loic Triger, VP International Sales for Ipswitch. “Businesses need to have systems in place to mitigate security breaches, and rigorously ensure those systems are appropriately used.”

“Enterprises have come to rely on a mix of DIY approaches for file movement, in the absence of well-defined policies and enterprise-supported alternatives. But it is entirely possible to untangle the web of file transfer applications available and talk about best practices to ensure visibility and control in an increasingly regulated market. We urge all organisations to re-evaluate their file transfer methodologies, before they end up paying the price, either in diminished brand reputation, customer losses, or financial penalties.”

“Business simply cannot afford – either in terms of cost or reputation – to deal with the potential fall-out from unsafe business practices such as unsecured file sharing, and they are clearly looking to the ICO to take the lead in implementing further, stricter regulation.”


About Ipswitch
Ipswitch helps solve complex IT problems with simple solutions. The company’s software is trusted by millions of people worldwide to transfer files between systems, business partners and customers; and to monitor networks, applications and servers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe and Asia. Pro2col are Ipswitch’s Elite Partner here in the UK, please do not hesitate to get in contact if you require any further information.

Are Employees Putting Your Company’s Data at Risk?

Are Employees Putting Your Company’s Data at Risk?

One of our key vendors, Ipswitch File Transfer conducted a survey of over 200 IT leaders and practitioners with security responsibilities about person-to-person file-sharing practices.  From the results that they gathered, this is what they found… These results should alarm IT and security professionals.  Findings show that employees are circumventing IT staff by sending confidential and highly sensitive company files via means that are insecure and lack auditability. The results serve as a graphic reminder that when company systems hinder employee productivity, it’s both a security risk and bad for business. There’s no way to sugarcoat the results of the survey, the highlights of which you can see in the Infographic below.

Click here to register to receive the full research report results and recommendations. Person-to-Person-File-Sharing-Risks2-621x1024-1

Security hole in Facebook’s secure file transfer platform

Security hole in Facebook’s secure file transfer platform

As a brand Facebook is up there with the biggest of them, with over a billion users each month according to company reports .  This makes them a big target for the cybercrime community. As a countermeasure their ‘Bug Bounty Program’ encourages friendly hackers to report vulnerabilities in their systems and it was one such researcher that noted the security hole in their Accellion private cloud deployment.

Writing on his blog on this Monday, Nir Goldshalger announced that he had previously uncovered a hole affecting Accellion Secure File Transfer appliance that would allow an attacker to gain control of a users account with little more than their email address account.


A closer look at the date on the video at the bottom of his blog article (19th March 2012) and when the problem was patched (patch 9_1_166 released on 20th March 2012) would suggest that Nir did in fact identify this vulnerability, meaning that Facebook Bug Bounty Program is a worthwhile exercise.  It also demonstrates that Accellion took the issue seriously, quickly and efficiently addressing the problem when it came to light.

Software is rarely ever without flaws but all vendors do their best to ensure products don’t reach the market with problems and when they do, responding quickly is the key to maintaining brand integrity.  This also goes to highlight how important it is for customers to update the software patches released by vendors in a timely manner.  Nir was likely paid for his research and held off releasing this information for nine months, whilst I expect Accellion made a concerted effort to ensure all customers were running the latest versions of software. It will no doubt have a small negative impact on Accellion’s brand image but on the plus side, it appears to show that Accellion handled the matter in a professional manner.

Ad Hoc file transfer is one of the largest segments of the managed file transfer industry and we’re pleased to be working with some of the industries leading brands. With solutions from Biscom, Ipswitch, Globalscape and more, we at Pro2col are able to help you choose the right product to fit your feature requirement and budget limitations.  To speak to an ad hoc file transfer consultant call Pro2col today on 0333 123 1240.

Socitm 2012: Managed File Transfer for Councils

Socitm 2012: Managed File Transfer for Councils

We’ve been working closely with councils throughout the UK to simplify, secure and streamline their file transfer, so we couldn’t miss the opportunity to attend Socitm 2012; the No. 1 UK ICT event for councils.  The conference has kicked off today (here’s a breakdown of the programme) and the Pro2col team are ready and waiting to share the knowledge and experience that we have gained from working with councils to secure person-to-person file transfers and automate the movement of sensitive data into and out of the organisation.


On a similar note, this is the ideal moment to publically release our lastest e-book: The Council’s Guide to Secure Managed File Transfer, which is now available for download.  It covers a range of issues surrounding the secure movement within councils including:

  • How to eliminate the problems caused when employees resort to insecure, non-compliant file transfer methods such as email.
  • Ensuring you meet with UK data security and compliance legislation including The Data Protection Act and PCI DSS.
  • Providing your employees with a quick and simple way to send and receive sensitive files both internally and with third parties.
  • Automating the transfer of files, saving time and money.
  • How to regain control over file transfer processes and user access.

If you’re at the conference and would like to speak to one of our managed file transfer experts, drop by stand 8 (piccy attached) – we’re always happy to help.  If you’ve not been able to make it this year and you’d like to talk to us, please don’t hesitate to get in touch with the office on 0333 123 1240.

Managed File Transfer in Action

Managed File Transfer in Action

A well known utilities company in Yorkshire were using multiple legacy systems and 2 disparate FTP solutions to move data into, out of and around their organisation.  These systems had grown organically over time to tackle isolated file sharing issues when they arose.  As it transpired, this approach left the company with an ungovernable mix of system to system and FTP solutions that required manual interventions and the ongoing revision of batch scripts.


The mounting costs generated by work duplication and management overheads, accompanied by the risk associated with the absence of failover was becoming a genuine concern.  Bearing in mind that these systems were executing business critical processes such as billing, debt management, banking and delivering mission dependent data to employees in the field – recreating these undocumented workflows in the event of a disaster would be costly.  Considering the sensitive nature of certain pieces of data moving through these workflows, securing data was also a priority.

Pro2col worked alongside the customer to develop an understanding of their processes and document their key requirements.  Armed with this information, we were able to identify the technologies that would meet these requirements, and help them through the selection and evaluation process.  Specifically, the company were looking to:

  1. Secure the sending and receipt of confidential business and customer data
  2. To further automate the retrieval of time sensitive data from remote systems to provide realtime updates of vital information to their workforce at regular intervals throughout the day.

In terms of features, the company were looking for:

  • A solution that would support FTP, SFTP/FTPS, HTTP/HTTPS.
  • A user-friendly GUI for administration and configuration as apposed to CLI and scripts.
  • The ability to schedule time or event driven actions.
  • Pre and post processing ability i.e.; archiving, moving, deleting files that have been processed.
  • The capability to report failed transfers and system problems.
  • Potential to integrate with HP OpenView for system reporting.
  • Ability to perform ad hoc file transfers manually and simply via web browser or email plugin.
  • Ability to run concurrent processes.
  • Automatic fail over to a backup system.
  • Compatibility with Windows 2008 R2.
  • Integration with Microsoft Active Directory.

Based upon the information we gathered through the consultancy process, we were able to recommend the most suitable solution to meet their objectives – in this case, a combination of Ipswitch MOVEit Central and MOVEit DMZ with the Ad Hoc Module.  MOVEit Central was specifically designed to automate a wide range of mission critical file transfers, enabling the company to automatically “pull, process, and push” all files to any platform, including network architectures, operating systems, and protocols.  It would integrate directly into their existing data workflows, consolidating their automated file transfer tasks and allowing IT staff to create/administer them via a user friendly GUI interface.  For the ad hoc aspect of their file transfer requirements, MOVEit DMZ with the ad hoc module provided a secure, end to end solution for employees to send and receive mission critical files.

This just gives you an idea of the potential of these solutions and the levels of automation that can be achieved.  Within an enterprise environment such as a large utility company, an managed file transfer solution can save hours of manual processing and ensure that all the information is where they need it, when they need it.  As with all of our customers, we’ll be working with this organisation in the months and years to come, and look forward to helping them achieve their maximum ROI.

Click here for more information on the Ipswitch file transfer products.

Click here if you are interested in the consultancy services, which helped this organisation identify the right solution for them.

Alternatively don’t hesitate to contact a Pro2col team member on 0333 123 1240, if you wish to discuss your particular file transfer requirements.