Linoma Gets Hip to FIPS 140-2
June 5, 2012 Alex Woodie
FIPS 140-2 is a short, acronym-laden term floating in an IT world filled with short, acronym-laden terms. But for organizations that do business with the U.S. Government, the term FIPS 140-2 is absolutely critical, and determines whether a product has the necessary level of security to be implemented. For customers on the hunt for managed file transfer (MFT) software, the news that Linoma Software has received FIPS 140-2 certification puts its GoAnywhere suite in the government game.
The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government computer security standard that was set by the National Institute of Standards and Technology in 2001 to certify the cryptographic modules embedded into hardware and software products. FIPS 140-2 provides that, not only does a product use a cryptographic algorithm that is approved by NIST (the requirement for FIPS 140-1), but that the cryptographic module is protected by a tamper-evident layer. FIPS 140-3 and 140-4 offer higher levels of security by further protecting the encryption layer with more advanced responses to tampering.
Obtaining FIPS 140-2 certification is critical for software vendors because the U.S. Government requires that FIPS 140-2-certification be obtained for all implementations of encryption used by any company, organization, or government department doing business with the U.S. Government and handling sensitive but unclassified (SBU) data. There has also been talk about big players in the healthcare and financial services industries requiring FIPS 140-2 certification, too. For a software vendor that uses encryption in its products, failure to get FIPS 140-2 certification means missing out on a large chunk of the market.
For Linoma, FIPS 140-2 certification for its GoAnywhere Director and GoAnywhere Services products means the potential customer base just got a lot bigger. Linoma teamed with RSA Security to implement its FIPS 140-2 certified encryption module into the MFT products. Because the GoAnywhere products are using a certified encryption module, they bear the FIPS 140-2 seal of approval as well.
Linoma customers that handle sensitive government data can upgrade their GoAnywhere implementations to one that is certified for FIPS 140-2 and contains the RSA ciphers. “When GoAnywhere customers enable the FIPS 140-2 Compliance Mode, only FIPS 140-2 compliant ciphers (e.g. AES, Triple DES) will be permitted for encryption processes,” states Linoma chief technology officer Bob Luebbe in a press release. “The RSA security module will be utilized for any SSH and SSL communications in GoAnywhere including SFTP, SCP, FTPS, and HTTPS protocols.”
Because security is such a critical aspect of MFT, Linoma expects its sales to pick up as a result of the FIPS 140-2 certification. “We’re hearing from more agencies and corporations that work with sensitive government-related data. By incorporating this RSA security module in our latest release, we will be able to serve an even larger group of customers,” states Linoma sales director Brian Pick.
GoAnywhere runs on IBM i among other operating systems, and starts at $3,995. For more info, see www.goanywheremft.com.