Phone: 1.800.290.5054 or 1.210.308.8267      Support: 1.210.366.3993      Partner Program
Choose Region
    • Germany
    • France
    • Italy
    • Mexico
    United States
 
 
Loading
 
   
Skip Navigation LinksHome > Products & Services > Enhanced File Transfer (EFT) > Capabilities > High Security Module

High Security Module

Maintain security at the highest levels. The Globalscape High Security Module (HSM) achieves or exceeds security practices mandated by the most rigorous standards, including the PCI DSS, FIPS 140-2 Validation, HIPAA, Sarbanes-Oxley, and many others. Whether your business is obligated to comply or you simply desire the utmost in security standards, the HSM is your solution for securing data transfer, access, and storage.

Key Benefits

Protection of Data at Rest

The HSM, in concert with EFT and DMZ Gateway, helps organizations comply with data storage requirements—including not storing data in the network DMZ&mash;using repository encryption and securely sanitizes (wipes) deleted data so that it cannot be reconstituted.

Protection of Data in Transit

With support for multiple secure protocols and a built-in FIPS 140-2 validated cryptographic library, the HSM thoroughly protects data in transit. By enforcing the use of secure protocols, strong ciphers, encryption keys, and password policies, data transfers strictly follow all security guidelines.

Controlled Access to Data

The HSM enforces strong account access policy controls such as the automatic lock out of accounts—users and administrators— after a set amount of incorrect login attempts and the removal of inactive accounts after a certain period of inactivity. Additional security controls can be set to expire passwords automatically on certain dates, and notifications such as emails and banners can be configured accordingly. For user authentication, you can use an AD, NTLM, LDAP, or ODBC-compatible database, or EFT's authentication manager. The Auditing and Reporting Module (ARM) captures all server activity in a fully relational database.

Active Monitoring

The HSM actively supports the PCI DSS by:

  • Monitoring compliance
  • Alerting on non-compliance
  • Identifying the cause of non-compliance
  • Allowing reverting of security controls
  • Implementing mitigation/workaround techniques
  • The Auditing and Reporting Module (ARM) captures all server activity in a fully relational database.

Minimized Attack Vector

The HSM lets you leverage your existing Active Directory infrastructure for EFT administrator accounts, eliminating the need to create, maintain, and track standards compliance of built-in, administrator accounts typical of most MFT solutions.

Ongoing Standards Compliance

Compliance with security standards such as the PCI-DSS is not a "set it and forget it" process. The ultimate goal of securing sensitive company data requires continuous monitoring and validation of security policies and controls. Globalscape makes it easy for an administrator to create and maintain file-transfer services that meet or exceed these standards with a simple set-up wizard. Once enabled, the HSM is an ever-vigilant security tool that disallows low-security options, captures compensating controls, and generates reports for auditing the system’s compliance status.

High Security Module (HSM) achieves or exceeds security practices mandated by the most rigorous standards for the enterprise including PCI-DSS, FIPS 140-2 Validation, HIPAA, and Sarbanes-Oxley Setup WizardPCI DSS Report

Setup wizards provide administrators with an easy, step-by-step method to configuring a new high-security-enabled Site, with each page describing the requirement and what you need to do to meet that requirement, or to provide a compensating control (workaround).

Globalscape takes seriously and follows all the best practices mentioned in the PCI DSS, including considerations for customizations produced by our Professional Services team, use of common security frameworks, and development of our web client portals.

Download PCI Whitepaper on Facilitating Enerprise PCI DSS Compliance Federal Information Processing Standard (FIPS) Publication 140-2 specifies the security requirements of cryptographic modules used to protect sensitive information in the Enterprise