Comply

With Secure File Transfer Mandates

“Diplomat Transaction Manager streamlined our process allowing us to do more with less while continuing to meet our HIPAA secure file transfer compliance requirements.”

Alberto Laveaga

NOC and Operations Manager, Molina Healthcare

Comply with Secure File Transfer Mandates

Do you want a file transfer process that is secure? Or compliant?
Of course, the answer is “both”.

Good business practice dictates data protection for you, your customers, and your business partners — such as secure FTP for data-in-motion and PGP encryption for data-at-rest. But even the best security practices do not alleviate the need to comply with regulations and standards that can carry high contractual, civil and criminal penalties — such as HIPAA, PCI DSS, and SOX.

Secure, managed file transfer software isn’t a panacea to all your data security problems, but it can be a vital ingredient to a data security and management program that minimizes the risk of error in everyday data transfers. And if you average even one data transfer a day, that’s 365 fewer chances of a costly mistake.

 

10 steps to comply with secure file transfer mandates

1. Create a secure configuration

Secure file transfer typically includes moving files outside your firewall. Encrypted files are secure on an FTP server outside your firewall, but your Managed File Transfer software processing those files should sit securely inside your firewall.

2. Control access

Control access by limiting which users can set up and execute file transfers. Set up access controls to encrypt access data (e.g., passwords and pass-phrases), limit privileges based on the needs of each user, and terminate inactive sessions.

3. Automate secure file transfers

Automate secure file transfers to reduce errors and limit access to sensitive information. Running jobs automatically means that users do not need access to sensitive information, such as user names, passwords, and pass-phrases.

4. Authenticate users and processes

Require user authentication to ensure only known users with unique privileges can access your Managed File Transfer software. Then, track all user activity by capturing data each time file transfer set-up data is changed.

5. Encrypt files with PGP

Encrypt all files in a secure area before they are transferred to an FTP, web or email server in the DMZ. Using secure transmission protocols only protects data in transit. As soon as files are at rest on a server in the DMZ, they are vulnerable to attack.

6. Sign and verify files

Sign and verify files to ensure integrity and non-repudiation. Verifying signatures on every file ensures files have not been altered during transit and confirms the identity of the sender. In other words, the decrypted file is safe to be processed.

7. Use secure protocols

Use secure protocols to protect logon data and add extra protection to encrypted files being transferred. Without secure transmission protocols, an encrypted file can be captured intact during transit and attackers can work on decrypting the file at their leisure.

8. Archive encrypted files

Encrypt data files with your own master key before archiving. Encrypting archival copies of files with your own master key before storing in a secure location creates a repository of secure files that are safe and meet your business needs.

9. Capture audit data

Capture audit data to demonstrate regulatory and internal audit compliance. You can demonstrate regulatory compliance or confirm to a business partner the encryption key and destination location used by a specific file transfer job.

10. Monitor file transfers

Monitor file transfer jobs to rapidly identify potential security risks. If a security breach occurs, you need visibility of the specific file transfer jobs affected and the ability to suspend them until the security breach has been corrected.

Molina Healthcare

Molina Healthcare needed to centralize secure file transfers with a solution that would integrate into their existing IT infrastructure. Diplomat MFT software simplified management of secure file transfers while meeting HIPAA compliance requirements.

Why do all School Buses Look the Same? (TL;DR: Standardized = good)

When things are standardized, operations are safer, easier, and more cost effective.

Automating and Securing HR Data Transfers to AbsenceSoft

One of the many things I love about my job is hearing from our customers how Diplomat MFT helped them solve a data management and compliance problem. Turns out there are a lot more ways secure, managed file transfer can help organizations interact with customers and...

Coviant Software: Your Trusted Partner for HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 and is one of the first regulations to apply specifically to securing a type of information we now know as protected health information (PHI) in electronic or digital form, both when...

With Diplomat MFT, CitiConnect Compliance is as Simple as 1-2-3

One of the big advantages of a well-built, commercial, secure managed file transfer (MFT) solution compared to an in-house, DIY approach, is an architecture with broad support for integrations and protocols that enable interoperability with other organizations. Many...