GSB Globalscape Inc

Company Overview

We provide secure information exchange capabilities for enterprises and consumers through the development and distribution of software, delivery of managed and hosted solutions, and provisioning of associated services. We have thousands of enterprise customers and more than one million individual consumers in over 150 countries. Our solutions are used by more than 20,000 U.S. Army users deployed worldwide.

We operate primarily in the Managed File Transfer, or MFT, industry. We are evolving our MFT focus into adjacent solution spaces that creates what we refer to as Total Path Security. The Total Path Security framework addresses data and information management, movement, security and accessibility across a broad range of environments encompassing data and information in motion (for example, with traditional MFT solutions delivered as on-premises software or as a cloud service) and at rest (for example, through securely deleting or purging files or securely accessing stored data from mobile tablet or smartphone devices using our TappIn solution).

Our solution portfolio facilitates transmission of critical information such as financial data, medical records, customer files, vendor files, personnel files and other similar documents between diverse and geographically separated network infrastructures while supporting a range of information protection approaches to meet privacy and other security requirements. Our products provide the ability to monitor these activities, as well as access the underlying data, securely and flexibly through a wide range of network-enabled, mobile devices, including tablets and smartphones.

Our solutions ensure compliance with government regulations relating to the protection of information while allowing users to reduce IT costs, increase efficiency, track and audit transactions and automate processes. Our solutions also provide data replication, acceleration of file transfer, sharing/collaboration and continuous data backup and recovery to our customers. We believe we are strongly positioned to provide secure transfer, sharing, and replication of files that need to be transmitted inside the user’s firewall to distributed offices, or outside the user’s firewall to business and trading partners, including network-enabled, mobile devices.

Our initial product, CuteFTP, a file transfer protocol client program used mostly by individuals and small businesses, was first distributed in 1996 over the Internet and achieved significant success and popularity. Since then, we have continued to enhance our portfolio of products to meet the increasing demand for secure information exchange in the MFT industry and adjacent markets such as cloud services. Our capabilities have evolved from personal and small business MFT products to include standard and enterprise versions of our Enhanced File Transfer, or EFT, software, with an increasing number of add-on modules that provide additional capabilities such as ad hoc file transfer, advanced auditing and reporting, government-validated cryptography, and workflow automation. We have also developed Wide-Area File Services, or WAFS, and Continuous Data Protection, or CDP, software which further enhances the ability to replicate, share and backup files within a wide area network or local area network, at WAN and LAN speeds.

We also offer managed e-mail attachment, software-as-a-service, or SaaS, and cloud-based subscription solutions for information sharing solutions. Our managed e-mail attachment solution addresses the needs of customers who are constrained by the typical limits on e-mail attachment size or who require additional security, auditing, and reporting for file attachments shared through e-mail. Our SaaS and cloud-based subscription solutions allow customers to reduce their upfront and total cost of ownership and achieve other recognized benefits of cloud-based solutions, including service elasticity and strong service level agreements for IT infrastructure reliability and performance.

3

Table of Contents

Our managed cloud-based subscription solutions are a notable part of our future revenue model plans because they provide recurring revenue which potentially builds over time, as compared to sales of on-premises software licenses which must be reconstituted every period. While we are in the early stages of growing our subscription services, we already have added capability to deliver these services in additional geographies, such as the United Kingdom and Canada, where country-specific compliance requirements may necessitate in-country service delivery

In December 2011, we entered the secure content mobility market with the acquisition of TappIn, Inc. Secure content mobility provides users with the ability to easily and securely access and share data and information using a web-browser, tablet or other mobile device such as a smartphone. Secure content mobility integrates aspects of ad hoc file transfer, broader MFT capabilities, cloud services, and remote accessibility to address growing market demand for secure, ‘anytime and anywhere’, device-independent access to distributed content. We believe that the addition of secure content mobility capability to our portfolio potentially has profound implications due to the continuing growth of tablet computers and smartphone sales and their increasing adoption by business users.

Industry Background

The Internet has become an integral part of daily operations for individual users and companies of all sizes, not only for e-commerce, but also as a means of managing information between central and remote locations and with associates, employees, partners, suppliers, and customers. Corporate information managers must protect business assets, ensure that policies and processes meet regulations governing the management of sensitive information, and ensure that the right people have access to the right information at the right time. Global operations, diverse business partners and networks further emphasize the need for common standards to ensure compatibility, scalability, privacy, security and cost-effective integration. All of these needs have created the need for maintaining the security of data and information in motion (for example, with traditional MFT solutions delivered as on-premises software or as a cloud service) and at rest (for example, through securely deleting or purging files or securely accessing stored data from mobile tablet or smartphone devices using our TappIn solution).

The need for MFT and secure content mobility solutions is particularly strong for organizations faced with a daunting array of privacy, security, and remote accessibility challenges stemming from various regulatory and business requirements for data privacy and confidentiality. Regulatory and privacy requirements include federal legislation and regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA),the Federal Trade Commission Red Flags Rules, as well as state legislation and regulations in the U.S such as California Senate Bill (SB) 1386 and the data security regulations issued by the Massachusetts Office of Consumer Affairs and Business, as well as the extraterritorial requirements such as the European Union Data Protection Directive. Some of these statutes and regulations impose severe penalties for improper disclosure of confidential information. Industry best-practices such as the Payment Card Industry Data Security Standard (PCI DSS) and self-imposed business requirements lead to the need to secure and protect consumer information, intellectual property and trade secrets. These measures offer protection against disclosure of proprietary information and also reduce corporate risks associated with the potentially devastating consequences of security breaches.

Markets for MFT and secure remote access grew from mainstream adoption of the Internet, the subsequent exponential growth in data and information sharing, and the growing realization that information is a significant business currency requiring appropriate security, management, auditing, and reporting, and also subject in many cases to regulatory and privacy requirements. Similarly, the cloud services market arose from recognition that the Internet allows ubiquitous, global access to data and information services. By leveraging Internet technologies, and delivering services through appropriately secured and managed shared resources, cloud-based solutions allow businesses and other organizations to achieve economies of scale and greater operational agility. Cloud

4

Table of Contents

solutions also can support individual consumer needs for information access and sharing at very affordable costs. Secure content mobility solutions provide these same benefits, but extend the information delivery model to and from the broadest range of network-enabled devices, including smartphones and tablets.

Our primary industry is known as managed file transfer. The MFT industry has its technical origin in the file transfer protocol, or FTP. FTP dates back to 1980 (RFC 765, later superseded by RFC 959), with even earlier RFCs guiding prior attempts to establish standards for file transfer protocols. The use of file transfer protocols increased dramatically with the explosive growth of the Internet and the World Wide Web during the 1990s. The MFT industry arose from recognition that FTP, alone, does not provide adequate security and management capabilities for file transfers. MFT solutions offer a greater degree of security and control than FTP. Features available in MFT solutions include integrated security, auditing capabilities, performance monitoring, and reporting. The MFT industry includes low cost, or even free, solutions that offer basic capabilities. However, businesses and even individuals procure more advanced solutions that provide scalability, enhanced security options, automated workflow, dedicated maintenance and support, and other features that facilitate high-confidence, secure and cost effective file transfers.

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned, released, and scaled to meet requirements. We believe the continuing movement to cloud services is analogous to the telecommunications shift from dedicated point-to-point circuits to a delivery model in which the entire telecommunications infrastructure potentially can be used to establish, maintain, and manage individual connections on an as-needed basis. Cloud implementations may be public, private, community or a hybrid combination. In a private cloud, the infrastructure is operated solely for a specific organization. In a community cloud, the infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). In a public cloud the infrastructure is made available to the general public or a large industry group. A hybrid cloud is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technologies that enable data and application portability (for example, cloud bursting for load-balancing between clouds).

The secure content mobility market has emerged from a confluence of the same primary market forces that drove demand for MFT and cloud services, with those forces magnified by the exponential, worldwide proliferation of mobile devices. According to a recent report by Cisco Systems, global mobile data traffic grew by 70% in 2012. The Cisco report also states that mobile data traffic in 2012 was nearly 12 times the size of the entire global Internet in 2000 and projects that such traffic will increase 13-fold between 2012 and 2017. The report further projects that the number of mobile-connected devices will surpass the world’s population in 2013. Secure content mobility solutions will become increasingly necessary to allow business and consumers to securely access and share data, potentially across multiple network-enabled devices to include smartphones and tablets. The content delivery model will include solutions like TappIn that provide access directly to and from on-premises or personal devices, with those solutions possibly interoperating with cloud-based data repositories.

Strategy

Our Total Path Security framework encompasses protection of data in motion and at rest. We intend to build upon our leadership position in the MFT market to provide businesses, other organizations, and individual users with the solutions necessary to meet their growing need for secure information exchange within the Total Path Security framework. From our perspective, more fully addressing this need for secure information exchange requires consideration of capabilities beyond traditional MFT, including managed e-mail attachment, cloud-based, and remote access security solutions. We believe we must consider ongoing, fundamental changes in customer technologies and processes, such as the rapidly increasing use of mobile devices, including “Bring Your Own Device”, or BYOD, aspirations, in the workplace.

5

Table of Contents

Our strategic focus continues to center on:

Entering and Establishing Leadership in Broader Markets

Gartner and International Data Corporation (“IDC”) have stated that the annual MFT market is in excess of $700 million. We are a leader in MFT products and services. In 2012, we achieved one of the highest ratings in the latest Managed File Transfer (MFT) Vendor Landscape Report from Info-Tech Research Group. The report designated GlobalSCAPE a “Champion” in its Vendor Landscape matrix and awarded the Company “Exemplary Performer” status in both security strength and ad hoc file transfer capabilities. Info-Tech Research Group evaluated criteria such as strategy, viability, sales and support reach, and channel partner programs. We scored high in all categories, earning the ranking of “Champion.” Their evaluation of our strategy garnered one of the highest possible scores due in part to our TappIn product line and our approach to mobile file access. Also playing a role in our rating was the assessment of our EFT Enterprise Edition, one of our primary MFT solution products. EFT Enterprise Edition was commended for its ability to meet advanced security requirements, its flexible deployment options and our responsive customer support. We also received the highest marks for our available features and flexible system architecture.

We also were in the leader’s quadrant of the Gartner Magic Quadrant for Managed File Transfer in 2011 and 2010, the latest years for which Gartner published this magic quadrant. With MFT capabilities increasingly being integrated into business-to-business, or B2B, gateway, data integration, service oriented architecture, and other technical solutions, we believe the market will continue shifting toward consideration of MFT as more of a “feature” than a solution. This shift may take many years, but we believe early recognition of the trend and appropriate strategic planning increase our potential for evolving our solutions in front of the ongoing market changes. We have begun to address this shift in a number of ways.

We offer services to the much larger, and adjacent, cloud services market with our Managed Information Xchange, or MIX, and Hosted Enhanced File Transfer solutions. Gartner, a notable industry analyst, estimated the cloud computing market would grow from an estimated $109 billion in 2012 to approximately $207 billion by 2016. This market includes categories such as infrastructure-as-a-service, management and security, and SaaS. Our partner agreements with hosting providers such as Rackspace and Peer 1, and the proven, modular capabilities of our EFT solution suite, provide us a straightforward path for delivering our products and technology to specific segments of this market

Our Secure Ad Hoc Transfer module, or SAT module, is designed for companies needing an out-of-the-box solution to exchange files without the problems typically associated with having to manually create temporary FTP accounts, accept the size limitations and security issues of regular email, or contend with the time delays and high costs of overnight and physical shipments. The SAT Module works in conjunction with our EFT solution and allows users inside an enterprise to send and receive files of any size to and from recipients outside the organization with secure authentication, non-repudiation and auditing capabilities. We have added other adjacent-market capabilities, such as business automation, to the EFT software also through our modular solution architecture. These capabilities are helping to underpin the consistent growth in revenue from the EFT solution

6

Table of Contents

suite. In addition, our Mail Express solution was recognized by Info Security Products Guide as a “Global Excellence Award” winner in February 2012 in the Email Management and Security category. We believe strengthening our ad hoc file transfer solutions remains a key strategy element and we intend to pursue solution enhancements in this area in future periods. Our secure content mobility competencies provide a potentially compelling complement to traditional MFT capabilities, including ad hoc file transfer solutions. We have developed a secure mobile access module for our EFT solution as an initial point of integration with our TappIn technology. We regard secure content mobility potentially as a unifying concept for our solution portfolio given the central position and importance of content (i.e., data and information) in the market drivers for our solutions. We intend to further integrate our solution capabilities, for example as demonstrated by the February 2013 integration of Mail Express functionality as a module within the EFT solution suite, to take advantage of potential synergies and strengths across our solution portfolio, while also possibly simplifying our marketing and sales processes.

We believe that building on our MFT capabilities provides a clear opportunity to increase our average transaction size and repeat business through greater scalability, business integration, and application of professional services to support implementation planning and execution. Our enterprise solutions, such as EFT Enterprise, have increased considerably in capability over the years. The add-on modules available for EFT Enterprise and increased technical performance for other offerings in our portfolio provide a strong platform for greater business adoption and integration of our solutions. We believe continued focus on capabilities necessary for even broader B2B applicability, including appropriate treatment of evolving secure content mobility requirements, is a key strategic opportunity for our future business operations.

With MFT capabilities increasingly being integrated into B2B gateway, data integration, service oriented architecture, and other technical solutions, the need to keep evolving our solutions and entering adjacent markets also is clear. We continue to believe the market will shift toward consideration of traditional MFT as more of a “feature” than a solution. This shift may take many years, but we believe early recognition of the trend and appropriate strategic planning increase our potential for evolving our solutions in front of the ongoing market changes.

Growing Recurring Revenue

Recurring revenue includes M&S contracts and subscriptions for our cloud-based managed and hosted solutions. In the broadest sense, delivery of labor hours on long-duration professional services contracts also fits within this growth strategy because such “contracted sales” provide a book of sold business that will be recognized as revenue in future periods with some revenue from these labor contracts potentially visible even two or three years in the future. We believe increasing recurring revenue provides greater predictability of revenue in future periods and a stronger hedge against future business or broader economic downturns.

We believe execution of this strategy element potentially could provide greater predictability of revenue in future periods and a stronger hedge against future business (or broader economic) downturns. Currently, the largest component of our recurring revenue is from M&S contracts which grew 20% or more in both 2012 and 2011 compared to the prior year. We intend to focus on delivering continued growth in deferred revenue, while assessing market traction for the full range of our solutions on an ongoing basis. From this perspective, deferred revenue may continue to grow in absolute terms, and as a percentage of total revenue, for some period of time, depending on the relative future growth rates of all of our solutions.

As discussed under “Key Business Metrics” in “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” subscription sales may change the trajectory of our prior revenue growth. We believe that due to its compounding effects, subscription revenue potentially can grow more quickly and significantly than software license revenue and create increased operating margins.

7

Table of Contents

Developing and Enhancing Our Solutions

We have allocated significant resources to enhancing and developing our solutions in recent years. This strategic focus has delivered substantially more capable releases of our Enhanced File Transfer, WAFS and Mail Express solutions, plus our cloud-based offerings, TappIn mobile file access and monitoring products and professional services. We intend to maintain our focus on developing our solution portfolio and, as appropriate, enhancing our existing solutions.

Our solution portfolio may evolve over time, for example, through development of new offerings in adjacent markets or through acquisitions. We maintain an active research and development program and work closely with partners and others in the industry to identify new solution opportunities. As an example, we began our first original equipment manufacturer, or OEM, partnership with Network Automation in 2008, embedding Network Automation’s AutoMate product as the Advanced Workflow Engine, or AWE, module to our Enhanced File Transfer Server solution. During 2010, we expanded our partner agreement to become a worldwide reseller of Network Automation’s software solutions, AutoMate and AutoMate Business Process Automation Server. Over the past three years, we have partnered with hosting providers (including Rackspace Hosting) to deliver the MIX and Hosted EFT Server solutions. Also, in December 2011, we acquired the TappIn secure content mobility technology.

As we evolve our solution portfolio, we intend to maintain an appropriate balance between legacy and new solutions, including making choices about transitioning, sustaining, or retiring solutions as necessary to best operate under prevailing business conditions. Transitioning or sustaining solutions may involve consolidating capabilities within our solution portfolio, releasing upgrades in response to market or customer needs, or making bug fixes in accordance with our communicated End of Life, or EOL, Policy. We also may phase out solutions periodically in accordance with the EOL Policy.

Entering and Extending our Presence in the Secure Content Mobility Market

In December 2011, we entered the secure content mobility market with the acquisition and introduction of our TappIn product line. Secure content mobility provides users with the ability to easily and securely access and share data and information using a web-browser, tablet or other mobile device such as a smartphone. Secure content mobility integrates aspects of ad hoc file transfer, broader MFT capabilities, cloud services, and remote accessibility to address growing market demand for secure, ‘anytime and anywhere’, device-independent access to distributed content.

We believe the addition of secure content mobility capability to our portfolio potentially has profound implications due to the continuing growth of tablet computers and smartphone sales and their increasing adoption by business users. While storing and accessing data in a cloud environment is viable in many circumstances, we believe there also is a significant demand in the marketplace for the ability to access data in a manner similar to that offered by cloud computing but with the data being accessed and stored within the security of computers, servers or data centers owned by or dedicated solely to a particular individual or enterprise, rather than in the cloud. Many of our customers already using our EFT Server and other products have expressed a desire to have the flexibility to access their data or monitor the status of their MFT activities from anywhere using a tablet computer or smartphone and security protocols at least equivalent to that offered by our EFT Server and other products. Our TappIn technology, if further developed, potentially can provide that accessibility. Therefore, we intend to expand and enhance the TappIn capabilities and appeal for enterprise customers.

TappIn currently supports the consumer user’s needs by providing the capability to access data stored on the user’s personal computer, network attached storage or similar device from a remote location using a tablet, smartphone or other network-enabled device. There is demand in the marketplace for this capability in light of concerns about the security of personal data when it is stored in the cloud. We are accessing this market through direct sales of the TappIn application to consumers through our website and by partnering with major storage device manufacturers who will ship their products pre-configured with TappIn capabilities.

8

Table of Contents

Increasing International Sales Through Third-Party Distributor Channels

We have added several channel partners in recent years and also organized our sales force and associated sales processes, to more effectively support our partner network worldwide. Channel partners resell, distribute, or integrate our solutions. These channel partners provide us with additional opportunities to penetrate deeper into existing markets and enter new sales territories.

Channel sales can help us establish a lower-touch delivery model through which we train and provision the partners to sell and distribute our solutions. We leverage this approach to reduce our over cost of marketing and selling our solutions in geographic areas where it would be costly to establish a presence with our own employees. To facilitate this approach, we host channel partner conferences to provide a forum for exchanging ideas and delivering partner-specific sales education and training. We currently derive approximately 88 percent of our sales from the United States, United Kingdom, Canada, and Australia. Achieving an additional presence in regions we do not yet serve to any notable degree could increase our sales in future years.

Growing Enterprise and Government Sales

GlobalSCAPE conducts business with thousands of businesses around the world. We provide solutions to some of the world’s largest banks, insurance companies, healthcare providers, automakers and film companies. We intend to continue penetrating large enterprise firms with our expanding solutions and services.

Government sales, particularly large contracts from the U.S. Army, have had a significant positive impact on our growth and market image since 2007. However, these large contracts also have caused significant swings in our financial results. We are focused on more deliberate growth in government sales, including software and associated services, potentially augmented by occasional large product orders.

We have a contract with the U.S. Army to support the Standard Army Maintenance System-Enhanced (SAMS-E) logistics program. This is the fourth large U.S. Army contract for GlobalSCAPE since 2005. This contract extends through September 2013. It is a sole source contract for $1.35 million, which we will recognize as revenue in equal monthly installments over that term. Under this agreement, we will continue to provide maintenance and support to previously purchased software licenses, including the Enhanced File Transfer Server solution and CuteFTP Pro managed file transfer application. GlobalSCAPE solutions enable the SAMS-E program to maintain compliance with federal and U.S. Army and information security regulations as a result of our product certifications that include Federal Information Processing Standards (FIPS 140-2) and the U.S. Army Certificate of Networthiness.

Developing our Corporate Brand

GlobalSCAPE traditionally has been better known for CuteFTP than as a corporate brand. We have an ongoing initiative to elevate our corporate profile under the GlobalSCAPE brand. We use internal resources as well as outside marketing, communications and investor relations professionals to support this work.

We have participated in numerous analyst briefings and investor conferences that have increased our recognition within the investor and analyst communities. We have revised our website, logos, and other areas reflecting our corporate brand. Through these activities, we have established a more consistent, recognizable brand that may better support future growth and market visibility.

We believe we have continued to enhance our brand through additional national and regional attention resulting from the numerous corporate awards we have received including:

9

Table of Contents

We were also named Software Magazine’s Software 500 ranking of the world’s largest software and service providers, now in its 29th year. The Software 500 is a revenue-based ranking of software and services suppliers targeting medium to large enterprises, their IT professionals, software developers, and business managers involved in software and services purchasing. The ranking was based on total worldwide software and services revenue for 2010, including revenue from software licenses, maintenance and support, training and software-related services and consulting.

In addition to these corporate awards, we were named to Deloitte’s Technology Fast 500 for 2010 and 2009, a ranking that recognizes the fastest growing technology, media, telecommunications, life sciences and clean technology companies in North America on the basis of five-year revenue growth. We believe our corporate, financial, and technical awards in aggregate increase our market visibility and provide a stronger basis for continued development of the GlobalSCAPE brand.

Software Products

Managed File Transfer Products and Solutions

Our MFT products and solutions help users securely move and copy files on the Internet. FTP, along with more secure protocols such as SFTP, FTP/S, and HTTP/S, requires a client program to start a transfer and a server program to accept the connection. A substantial portion of our revenues is derived from licensing our file management products, especially the EFT solution.

In 2012, we achieved one of the highest ratings in the latest Managed File Transfer (MFT) Vendor Landscape Report from Info-Tech Research Group. The report designated GlobalSCAPE a “Champion” in its Vendor Landscape matrix and awarded the Company “Exemplary Performer” status in both security strength and ad hoc file transfer capabilities. Info-Tech Research Group evaluated criteria such as strategy, viability, sales and support reach, and channel partner programs. We scored high in all categories, earning the ranking of “Champion.” Their evaluation of our strategy garnered one of the highest possible scores due in part to our TappIn product line and our approach to mobile file access. Also playing a role in our rating was the assessment of our EFT Enterprise Edition, one of our primary MFT solution products. EFT Enterprise Edition was commended for its ability to meet advanced security requirements, its flexible deployment options and our responsive customer support. We also received the highest marks for our available features and flexible system architecture.

Server-Based Managed File Transfer Software Solutions

Our server software solutions are designed to provide businesses with increased file transfer security, automation, and performance when compared to traditional FTP-based and e-mail delivery systems. Our server solutions offer substantial ease-of-use advantages compared to competitive products. Each provides two-factor authentication, enhanced visibility and monitoring of file transfers, support for IPv6, and additional security enhancements. These products are common, scalable solution platforms that accommodate a broad family of add-on modules to support the user’s complex information sharing needs. For flexibility, these products preserve backward compatibility with our early version solutions.

10

Table of Contents

Enhanced File Transfer Standard Edition (“EFT Standard Edition”) . Our EFT Standard Edition solution complements CuteFTP Pro (further described below) and other third party FTP clients by enabling encrypted transfers using SSL, SSH2 and advanced S/KEY password encryption. When used with CuteFTP Pro, EFT Standard Edition offers a complete digital certificate management system giving system administrators the ability to manage digital certificates as well as initiate back-end processes with other customer systems. The latter functionality can be used as a partial or total replacement for more complex, enterprise-level electronic data interchange systems. Additional features include remote management capability, the ability to operate multiple FTP sites with unique user management from a single server and the ability to manage user accounts with advanced settings for maximum security and control. EFT Standard Edition is integrated with a Secure Mobile Access, or SMA, module that uses TappIn functionality to allow authorized mobile users to view files on EFT.

EFT Standard Edition supports add-on modules and software such as the Auditing and Reporting module, High-Security module, OpenPGP module, Web Transfer Client, Secure Ad hoc Transfer module, DMZ gateway, and FIPS 140-2 validated cryptographic libraries.

Version 6 of EFT Standard Edition and CuteFTP Pro Version 3.1 also received the Certificate of Networthiness from the U.S. Army Network Technology Command (NETCOM) during 2009. Our receipt of this certificate enables Army installations worldwide to install and operate these server and client-based secure information exchange solutions. The availability of add-on modules, and migration to a common software code base with EFT Enterprise Edition have dramatically increased the capabilities of EFT Standard Edition as compared to the legacy Secure FTP Server.

Enhanced File Transfer Enterprise Edition (“EFT Enterprise Edition”) . EFT Enterprise Edition is an enterprise file server, building on the base features of EFT Standard Edition. EFT Enterprise Edition supports large-enterprise installations and is compatible with our AWE module. The AWE module provides over 200 built-in “drag and drop” workflow actions, including sending SNMP traps, communicating with mainframe computers, redirecting or relocating files, integrating SQL and XML capabilities, and executing third-party applications, custom programs, and batch files.

EFT Enterprise Edition also supports the Applicability Statement 2 (AS2) protocol, encrypting file system (EFS), the multi-site (and multi-platform) version of DMZ Gateway, two-factor authentication, active directory administration, Oracle DBMS, Microsoft SQL and many more enterprise capabilities. In November 2012, we released our Business Activity Monitoring (“BAM”) dashboard as an additional module available for use with EFT Enterprise Edition. The BAM dashboard is designed for both technical and business users requiring monitoring of business transactions. The BAM software provides an overview of transactions involving sensitive data transfers such as currency exchange, shipments and deliveries and other sensitive data transfers. Screen views provided by the BAM dashboard are customizable by the user to display transactions in a manner responsive to their business needs.

Both editions of our EFT solution provide two-factor authentication, enhanced visibility and monitoring of file transfers, support for IPv6, and additional security enhancements. In February 2013, we announced the general availability of EFT Standard 2013 and EFT Enterprise 2013 (collectively EFT 2013). The EFT 2013 release provides a significant update to the EFT Standard and Enterprise Editions. Some of the top improvements for EFT 2013 include full Unicode UTF-8 integration which allows data exchange in any language, improved support for implementations with hundreds of thousands of accounts, expanded administrative visibility and control of ongoing data transfers, and full support for Microsoft Windows Server 2012 and Microsoft SQL Server 2012. In addition, EFT 2013 includes tight integration with our Mail Express solution, allowing users to exchange large or sensitive files securely via email attachment. This new integration with Mail Express allows administrators to achieve even higher levels of efficiency and visibility than prior versions, through common auditing, reporting, and event rule processing.

11

Table of Contents

CuteFTP

CuteFTP is a ‘“client side” software product, installed on a user’s local computer, that enables file transfers from or to an FTP server. The target market for the CuteFTP product includes corporate IT professionals who use it to transfer data between locations via the Internet and individual Web site operators who use it to upload their Web pages to their Web hosting provider, among others. CuteFTP simplifies use of file transfer protocols presenting a user-friendly, graphical user interface that allows users to “drag and drop” files between computers, rather than requiring those users to interact directly with the underlying technical processes and protocols. CuteFTP has won several awards, and has been favorably reviewed over the years in leading online and print trade journals, as being one of the most powerful, easy-to-use file transfer protocol program available. We offer CuteFTP in English, German, French, Spanish, Japanese, Traditional and Simplified Chinese, Russian, Portuguese and Turkish.

CuteFTP incorporates standards for encrypting data during transport and at rest, accelerating transfer of large files, and automating common file transfer tasks. It includes various features attractive to advanced users such as multi-part and concurrent file transfers to maximize transfer speed, additional secure protocols, scheduled file transfers, automated site backups and scripting ability for automating FTP tasks. CuteFTP has been favorably reviewed by leading online publications including CNet’s Download.com and PC Review.

We released our current CuteFTP Version 9 in November 2012. The Version 9 release includes a number of updates, including support for Unicode (UTF-8) characters that will allow greater international use and Web Distributed Authoring and Versioning (WebDAV) support to facilitate collaboration between users in editing and managing documents and files stored on World Wide Web servers. In creating the Version 9 release, we also simplified our CuteFTP product line by consolidated all the features of our previous multi-product CuteFTP product line for Windows operating systems into the single new version. We also continue to offer CuteFTP Version 3.1 software for Mac platforms.

Wide-Area File Services and Continuous Data Protection Solutions

Our Wide Area File Services, or WAFS, software provides a file sharing, collaboration, and replication solution over multiple sites. WAFS technology can have our Continuous Data Protection (“CDP”) product added to provide enterprises with a file access and data protection combination that centralizes data storage and IT administration facilities but doesn’t compromise data sharing and protection.

Wide Area File Services. Our WAFS software delivers a unified and accelerated file access system, instant file-sharing and server-to-server mirroring across any distance, with full coherency and at near-LAN access speeds. WAFS delivers a true, wide area file solution for collaboration. Continuous, real-time multi-directional acceleration and mirroring technology ensures that data exists in multiple places simultaneously and in complete synchronization, no matter where a change in any file is made. The data is mirrored between servers on the LAN, virtual private network, or across firewalls in real time, with full support for file locking ensuring coherency. Our WAFS product ensures bandwidth efficient WAN utilization and that users have access to the most recent data. The off-line mode ensures continued data access in the event of WAN or server outage. Our WAFS software is easy to deploy and manage remotely. It supports Autodesk ^® Revit ^® Architecture construction and design application. Most recent feature enhancements include compatibility with Unicode character sets (which are encountered more frequently in international sales opportunities), and Local Sync, a feature that allows users to rapidly synchronize data while also simplifying implementation.

In April 2012, WAFS won the Network Products Guide 2012 Best Products and Services Awards in the “Social Media, Networking or Collaboration Solutions” category. These awards highlight the best products and services, roadmaps, industry directions, technology advancements, and independent product evaluations of the year.

12

Table of Contents

CDP . Our CDP continuous backup software transparently and continuously captures data from local and remote servers, eliminating the backup window and restoring data rapidly. Our software-only solution supports the ability to backup any number of branch servers or remote laptops to one or more centrally located systems. As files change, file servers backup in real time to the customer’s backup site which can be at the same or a remote location. The backup server can keep any number of past versions of each file (and deleted files) which gives the customer immediate restore, as well as the ability to perform point-in-time snapshots. Bandwidth requirements are minimal since only file differences are transferred to the backup system.

Managed E-mail Attachment Solution

Not all customers want to use FTP, or even traditional MFT solutions, to transfer large files. Some customers prefer using their familiar e-mail application to send and receive large files such as images, video, data files, etc. However, e-mail traditionally has been ill-suited to delivery of certain attachments due to typical infrastructure and administrator-defined limitations on e-mail attachment size. In many cases, these limitations preclude sending or receiving e-mail attachments larger than 10 to 20 MB.

Mail Express is a software add-in (also sometimes referred to as a plug-in) compatible with Microsoft Outlook. The add-in transparently redirects e-mail attachments, up to 25 GB in size, for delivery in accordance with administrator-defined policies. Attachments specified in the policy (for example, by type or size) are replaced in the e-mail message with a hyperlink. The files are transferred securely to the Mail Express server. The e-mail recipient clicks the hyperlink and is able to download the files from the Mail Express server using standard web-based download procedures with all communications using HTTPS (SSL or TLS encryption). This approach can ease the load on the e-mail infrastructure and the long-term storage requirements associated with e-mail attachments. Mail Express also allows enhanced tracking and auditing of the file attachments through read receipts and log files. Mail Express requires little or no user training because the add-in is transparent from the perspective of the sender and the recipient is able to use a familiar web browser for downloading the attachments.

Mail Express provides two-way file sharing and collaboration, an optimized administrator experience through enhanced workflow in the user interface and a simplified deployment process. It provides a secure environment by supporting communication through the GlobalSCAPE DMZ Gateway. This DMZ Gateway support allows customers to implement Mail Express behind a demilitarized zone (DMZ) firewall, providing an added layer of protection for data storage and retrieval, user authentication, and firewall traversal. The Mail Express Internal Web Portal provides full Mail Express functionality via a standard web browser to customer employees who may not use Microsoft Outlook as their primary mail client. Other key features of Mail Express include support for Microsoft Outlook and Exchange 2010, improved performance, and optimization when interacting with anti-virus software, and ease of scalability.

In February 2013, we announced the general availability of Mail Express Version 3.3. In addition to the integration with EFT 2013, the new Mail Express includes a number of enhancements including:

13

Table of Contents

Mail Express awards and recognitions include:

Data Backup and Recovery Solution

In 2011 we released CuteBackup, a data backup and recovery software solution, compatible with Windows operating systems, aimed at helping consumers and small business owners avoid a data loss catastrophe. The scalable, automated solution gives home and small business computer users complete backup and recovery protection, with an intuitive setup wizard that enables a simplified, effective way of securing data. CuteBackup also offers “Boot Corrector” protection that can reboot the system and subsequently correct most common issues if the computer crashes and fails to restart. Additional features include automated backup routines and selective restores. CuteBackup is powered by Paragon Software Group’s Backup and Recovery 10 Suite.

Endpoint Security Solution

We had planned to enter the endpoint security market through development of appShield, a software application control, or whitelisting product. The appShield product was being developed under a Joint Development and Reseller Agreement between GlobalSCAPE and CoreTrace Corporation. In November 2012, CoreTrace Corporation sold substantially all its assets to an unrelated third party resulting in CoreTrace ending its development work on appShield. This action provided us possession of the appShield source code while sustaining our prior appShield-related license rights. The notable resulting change is that we now have the right to sell products based on the appShield source code with no royalty obligation to CoreTrace Corporation or any other party.

The consumer application control market has matured significantly since appShield product development began in 2009. That situation necessitates additional development work, which possibly could be significant, to bring appShield to market. We are investigating whether to further develop this product on our own, engage others to continue the development for us, or sell the appShield rights to another party. We therefore have no date scheduled for introduction of appShield to the market nor do we have specific plans to pursue introduction.

Maintenance and Support

We offer maintenance and support, or M&S, contracts to licensees of all of our software products. These M&S contracts entitle the licensee to software upgrades and technical support services in accordance with the terms of our M&S contract. Standard technical support services are provided via e-mail and telephone during our regular business hours. For EFT Server Enterprise and WAFS software, we offer a Platinum M&S contract which provides access to emergency technical assistance 24 hours per day 7 days a week.

Cloud-Based Services

GlobalSCAPE Managed Solutions

We have a partner agreement with Rackspace Hosting, Inc., a world leader in the hosting and cloud computing industry that began in 2010. We have a similar agreement with PEER 1 Hosting to meet the growing European demand for our services. Through these relationships, GlobalSCAPE delivers cloud-based, managed

14

Table of Contents

file transfer solutions for the secure exchange of business-to-business data, including large files and sensitive data. Our cloud-based solutions allow customers to outsource all or part of their complex and demanding information exchange needs to reduce costs, improve operational efficiencies, track and audit transactions, and provide a greater level of security. We offer our cloud services capability in the United States, as well as in the United Kingdom and Canada, to support solution delivery in instances where country-specific compliance requirements may necessitate in-country delivery of the services.

Managed Information Xchange . Our Managed Information Xchange, or MIX, service delivers a hosted and managed MFT solution that enables cost effective, secure exchange of business-to-business data, including large files and sensitive data. MIX is a fully GlobalSCAPE-managed solution for companies seeking complete support for the contracted services. The tiered service allows customers to outsource all or part of their complex and demanding information exchange needs to reduce costs, improve operational efficiencies, track and audit transactions, and provide a greater level of security. Available solution tiers range from trial and proof-of-concept implementations to enterprise-scale managed services.

Key benefits and features of the Managed Information Xchange offering include:

We introduced our MIX solution in mid-2010. In 2011, Info Security Products Guide recognized MIX as the winner of the 2011 Global Excellence Award in the Cloud category. The Info Security Product Guide recognition, together with previous awards received for EFT Server, broadened our portfolio of industry and market validations for our cloud-based solutions.

Hosted Enhanced File Transfer Server . In 2011, we introduced our Hosted Enhanced File Transfer Service. This service expands our cloud-based solution portfolio by integrating a hosted version of our market-leading EFT Server solution with Rackspace Hosting, Peer 1 and other partner infrastructure. While this scalable and tiered service is structured for the small-to-medium business, or SMB, market, it allows customers of all sizes to outsource all or part of their complex and demanding secure information exchange needs. Through such outsourcing, customers can greatly reduce costs, increase efficiencies, track and audit transactions, and provide a greater level of security and compliance, at affordable price points. The Hosted EFT Server offering delivers these benefits while allowing direct customer management of the EFT Server solution (as contrasted with the fully managed MIX service)

Software as a Service Solutions

SaaS delivers a software application over the Internet, or across other networks, to users on an on-demand basis. The SaaS delivery model allows central administration and maintenance of the application with user access provided through a provider hosted website. SaaS appeals to many prospective customers because it uses cloud computing approaches in which the customer does not need to install special software on the computer systems accessing the application. SaaS eliminates the need for the customer to purchase, install and maintain servers and other IT infrastructure to use and maintain the software.

15

Table of Contents

Our SaaS solution, CuteSendIt, is a file transfer service for individuals, professionals, and businesses. CuteSendIt uses cloud computing approaches to deliver files through a hosted web portal. This solution approach meets the needs of users who do not have, or wish to invest in, file transfer infrastructure such as FTP servers or client application software. The solution scales from single-user to multi-user licensing with varying file transfer capabilities based, for example, on a maximum number of files, the aggregate data volume for files transferred each month or the amount of long-term online storage required for the files.

Users access the CuteSendIt application over the Internet using a standard web browser, securely upload files (up to multi-GB) through the portal and compose a brief message to accompany the file delivery. CuteSendIt then sends the message to the recipients as the body of an e-mail message. This e-mail message also includes links to the files uploaded through the CuteSendIt web portal. Anyone with an Internet connection can access this service at www.cutesendit.com. There is no software to install with CuteSendIt, and no specific knowledge of file transfer is needed to use it.

Secure Content Mobility Solution

We believe secure content mobility is a rapidly emerging central feature of our served markets, including our primary MFT market. Exponential growth in smartphone and tablet sales and adoption, combined with rapid growth in retained content and BYOD expectations, will drive strong growth in this market segment. We acquired TappIn, Inc. in December 2011 to provide us with initial entry into the secure content mobility market.

The TappIn GlobalSCAPEservice provides the ability to easily and securely access and share documents, pictures, videos and music anytime, anywhere while eliminating or minimizing the storage of data in the cloud and the associated security and privacy concerns. From the office, at home, or on the road, customers can “Tapp In” to their files, stored in multiple locations, using any web browser and most Internet-enabled mobile devices (including Apple iPhone and iPad, Google Android and Windows Phone and Kindle Fire). With TappIn, users can avoid uploading and/or syncing to a cloud storage location and eliminate the need to pay for additional cloud storage. Instead, the TappIn service securely accesses the user’s existing in-house storage devices (such as a desktop computer, in-house network servers or network attached storage devices), allows sharing files of any size and provides encryption to safeguard content.

The TappIn GlobalSCAPE service incorporates elements of on-premises software, cloud and SaaS delivery models. Unlike other remote access products that can consume significant amounts of storage capacity on a smartphone or tablet, TappIn makes content available through a secure pathway that gives users access to files on their existing in-house storage devices without having to download those files to their mobile device. This delivery method not only saves storage space on the mobile device but also ensures content remains secure and private on the user’s existing in-house storage devices.

We first offered these secure content mobility capabilities through our TappIn Standard Edition. In October 2012, we introduced TappIn Professional Edition, offering additional features that build upon our TappIn Standard Edition. These additional features include:

16

Table of Contents

The TappIn mobile file access capabilities are integrated with our EFT Server solution. The Secure Mobile Access Module allows businesses and IT departments to better support the rapidly growing BYOD trend.

TappIn solutions are available through direct sales and channel partners. TappIn enables channel partners to provide end-users with secure mobile access to rich-media content. TappIn’s OEM strategy is geared toward three major technology categories – hardware devices, content security software and SaaS providers, and carriers and network operators – and is designed to provide industry leading secure access and file sharing capability. Hardware manufacturers may preload certain levels of TappIn functionality on their hardware devices. Customers who purchase those devices are presented the TappIn solution and provided the opportunity to upgrade to a higher service level such as upgrading to the Professional Edition from the Standard Edition or to the Standard Edition from trial usage.

We have established OEM relationships with hardware manufacturers such as QNAP, Seagate, and most recently, Scale Computing. We also have been selected by SnappCloud as one of the preferred secure file access and sharing solutions for all Toshiba product users and OEM partners. In the area of content security software, we have signed an agreement with ESET, a leading provider of anti-virus software, under which ESET will offer TappIn’s secure content mobility solution to customers wanting remote access and file sharing capability.

Most recently in the area of SaaS and hosting services providers, we announced an agreement under which the TappIn solution will be included on the Rackspace Cloud Tools Marketplace. After downloading the TappIn solution, Rackspace customers will receive a 30-day free trial of the TappIn Professional Edition. Following the free trial period, customers can choose to subscribe to either the Professional Edition or Standard Edition. These relationships, as well as other contracted and potential business arrangements, provide TappIn with direct access to well-established, synergistic, distribution channels.

TappIn has won numerous awards and accolades from leading industry authorities, including:

Professional Services

We offer a range of professional services to complement our software and cloud-based solutions. These professional services include product customization and system integration, solution “quickstart” implementations, business process and workflow, policy development, education and training, and health checks. In addition, we may provide longer-term engineering services, including supporting multi-year contracts, if necessary to support certain solution implementations and integrations.

Product Customization and System Integration.

Through our product customization and system integration services, we customize the branding, reporting, and administration capabilities of our solutions to meet specific customer requirements. Typical deliverables include customized implementations, documentation for installations and customizations, and the installer programs necessary to install or reinstall the applicable solutions, drivers, and other software included in the customization and systems integration project.

17

Table of Contents

Custom Branding. Custom branding services allow customers to incorporate logos, different fonts, colors, hyperlinks, and additional text within the Web Transfer Client and the SAT module used with our EFT Server solution and Mail Express products.

Custom Reporting. Custom reporting services leverage the flexibility and power of the Auditing and Reporting Module used with our EFT Server solution to deliver customer-specific formatting and content using data tracked within the EFT Server solution. Custom reporting services also can provide customers with a web browser-accessible reporting module for the EFT Server solution. This module allows users to generate reports without requiring administrative access to the EFT Server.

Custom Administration and System Integration . Custom administration and system integration services provide web-based administration and development capabilities for our EFT Server solution. A browser-accessible administrative module facilitates sub-domain administration of EFT Server through separation of duties. The web-based user provisioning does not require full administrative access to the EFT Server and provides convenient access without the need to install client software. Other web services-based customizations expose much of the functionality within the EFT Server component object model (COM) application programming interface (API). Exposure of the COM API allows integration with a customer’s existing IT infrastructure via open standards.

Solution Quickstart Implementation

Our Quickstart Implementation services accelerate implementation of our file transfer solutions within customer IT environments. Our engineers lead the product installation and configuration and provide training and knowledge transfer to customer administrators. Quickstart Implementation services are available for the EFT Server, WAFS, and Mail Express secure information exchange solutions. Typical deliverables include requirements documentation, implementation plans, and configuration documentation.

Business Process and Workflow

Business Process and Workflow services include workflow site surveys and implementation of the AWE Module used with our EFT Server solution. The workflow site surveys assist customers with documenting business processes as they pertain to information delivery and sharing associated with file transfers. Typical deliverables include business process documentation for file transfers, recommendations for process automation, workflow implementation and use documentation, and installation of the AWE module for use with the EFT Server solution.

Policy Development

Policy Development services help customers establish and implement file transfer policies that address regulatory requirements and comply with corporate policies. Typical deliverables include a map or census of existing file transfer policies, standards, and procedures, recommended improvements based on our best practices and updated policy documentation with customer-approved improvements.

Education and Training

Education and Training services provide classroom and hands-on instruction for implementing, maintaining and optimizing our secure information exchange solutions. Intermediate and advanced classes cover the use of our EFT Server solution. We also provide business process instruction tailored to the AWE module. We can deliver training at customer facilities or from our offices. Typical deliverables include the instruction hours plus training materials and solution documentation.

18

Table of Contents

Health Checks

Health Check services provide customers with periodic assessments, education, and training, to help them get the most value from our solution implementations. These services also allow customers to more easily maintain currency with the latest versions of our software and with best practices for sustaining and enhancing the deployments.

Longer-Term Engineering Services

In addition to the previously described professional services, we have developed our capacity to deliver longer-term engineering services. Beginning in 2010 we have been a subcontractor on the McLane Advanced Technologies (MAT) industry team supporting the U.S. Army Standard Army Maintenance System (SAMS-E) program. As part of the MAT industry team, we are providing professional and technical services to support the SAMS-E program, including the EFT solution (known as Secure FTP Server before the release of Enhanced File Transfer Server 6 in early 2009) and CuteFTP solutions integrated into the SAMS-E environment. We have deployed several engineers onsite at the MAT facility. We continue to adjust the size of this team as required to best support contract requirements. Our increased capacity to deliver longer-term professional services also may be applicable to the commercial sector as we work closely with our enterprise customers to help them best sustain their secure information exchange solutions and infrastructure.

Sales and Marketing

We emphasize developing our direct sales staff and reseller channels to capture those sales through a high level of individual attention to the customer. For example, sales of our more complex enterprise solutions, such as EFT Server, WAFS and Mail Express, sales to larger enterprises, and sales of managed solutions and M&S contracts are delivered by our direct sales staff and resellers in an environment of personal interaction with the customer.

We provide our sales staff and resellers with training and professional development opportunities to ensure they are capable of meeting the needs of our prospects and customers. These sales team development activities focus on technical and process-oriented topical areas to enhance their ability to identify prospects, best position our solutions and develop pipeline opportunities into sales.

Our reseller and distributor relationships allow us to increase our market reach, particularly when pursuing international sales. We have established such relationships within specific industries, such as the government sector, and in multiple geographies outside of North America in, for example, Europe, Australia, Asia, Latin America, and Africa.

We also sell our file transfer client programs, such as CuteFTP, as well as EFT Standard Edition, certain of our EFT solution add-on modules, and CuteBackup via download from our www.cuteftp.com website. Prospective buyers may use certain of our software products for free during an evaluation period that is typically for thirty days. The programs are automatically disabled if a license is not purchased by the end of the trial period. Our software is also available for download from a variety of independent Internet software sites such as CNet’s Download.com, as well as sites in Western Europe, Canada, Australia, and Asia.

We offer our TappIn solutions for trial and subscription activation from our www.tappin.com website. As with our software solutions, prospective subscribers may use the TappIn service for free during an evaluation period. At the end of the evaluation period, the TappIn service is automatically downgraded unless the prospective customer activates a paid subscription.

In addition to the www.cuteftp.com and www.tappin.com websites, we also maintain a corporate website, www.globalscape.com . Our corporate website provides a variety of sales and marketing information for our enterprise solutions. The website also includes links to the www.cuteftp.com and www.tappin.com websites to facilitate cross-marketing and potential promotions.

19

Table of Contents

The segmentation and re-launch of our websites, implemented in 2012, allows us to leverage the websites for marketing communication activities oriented toward specific market segments. We continually update the design of our websites to be responsive to the evolving marketplace and to provide a more solution-oriented perspective of our business, improve site navigation and provide additional opportunities for visitors to contact us through the websites.

The websites also provide an effective means of facilitating certain post-sale customer support functions. To facilitate self-help for common inquiries and issues, we provide free customer support via searchable knowledge bases on our websites. We also sell maintenance and support plans to customers requiring assistance from our support services team.

Our marketing activities consist primarily of online paid advertising (for example, Google AdWords), improvement of natural search-engine results, marketing communications initiatives such as press releases and increased media outreach, and attendance at key industry trade shows, such as the RSA Security Conference. We also provide an online chat capability that allows us to interact in real time or near-real time with visitors to our website. Our reliance on online paid advertising has declined in recent years as we have transitioned to a more strategic business development and sales approach based on the personal interaction discussed above. We also have reduced our reliance on online paid advertising by conducting ongoing search-engine optimization to enhance our ranking for particular key words in natural search results of major search engines.

Customers

Our solutions have been sold to most of the Fortune 100 companies. Our products have been sold into more than 150 countries. No single customer accounts for more than 10 percent of our revenue.

We continue to derive most of our revenue from commercial customers in the U.S., U.K., Canada, and Australia. Our primary commercial vertical markets include finance, health care, energy, retail, manufacturing, and engineering. We also have a customer base in the local, state, and federal government spaces. We continue to pursue additional government business by leveraging our certifications and industry validations.

Seasonality

Our products are marketed to individuals as well as large organizations. As a result of this mix within our customer base, we typically have not experienced significant seasonality in our sales other than a typical modest decline in first quarter sales as compared to fourth quarter results. We believe this seasonality is related to our continued growth as an enterprise solution provider operating in an environment where first quarter sales possibly slow as prospective customers begin to execute their business activities, including purchases of our solutions, in accordance with new-year budgets and plans.

Network and Equipment

We have contracted with various network providers for Internet access. Our arrangements provide for redundancy in the event of a failure, and also for expansion of available bandwidth in the event that there is a dramatic increase in demand. To protect critical customer data, GlobalSCAPE’s Internet shopping cart utilizes SSL encryption. We maintain technical and physical measures and procedures compliant with the PCI DSS. We use a certified Approved Scanning Vendor and to verify our compliance with the PCI DSS.

We have dedicated servers on and off site and expansion plans in place to allow rapid and cost effective scalability. Our offsite servers and data backup procedures provide a warm backup to our onsite servers for contingency purposes. The backups are performed in accordance with our disaster recovery plan.

20

Table of Contents

Research and Development

Our internal software engineers are responsible for software design, managing the development process, testing and quality assurance. We utilize offshore developers for a portion of the coding phase of software development for certain products. Our use of external developers allows us to tap into a highly skilled labor pool, maintain a 24-hour development schedule, decrease time to market, and minimize programming costs.

All phases of development, including scope approval, functional and implementation design, object modeling and programming, are subject to extensive internal quality assurance testing. We maintain an ongoing focus on improving our quality assurance testing infrastructure and practices. Technical reporting, for example through WinQual, and customer support feedback confirm the continuing positive effect of our ongoing enhancement of research and development and quality assurance processes.

In 2012, we expended $3.5 million on research and development of which we capitalized $330,000 with the remainder recorded as research and development expense. In 2011 and 2010, we expended $3.1 million and $3.0 million, respectively, on research and development all of which was recorded as research and development expense with none capitalized. We expect to continue to increase our research and development spending in future years as we focus improving our current products and introducing new products.

Competition

The file management, content management and Web development software market sectors are intensely competitive, subject to rapid change and significantly affected by new product introductions and other activities of market participants. Our primary competitors vary by product.

We have limited information regarding the market shares of our solutions in their respective categories. Many of our competitors have substantially greater financial, technical, sales, marketing, personnel, and other resources, as well as greater name recognition and a larger customer base than we do. Significant competition characterizes the markets for our traditional MFT products. We anticipate we will continue to face increasing pricing pressures from competitors in the future. Given there are low barriers to entry into the software market, and the market is subject to rapid technological change, we believe that competition will persist and intensify in the future. For more discussion on the risks associated with our competition, you should read the information under “Risk Factors — Risks Related to Operations.”

EFT Standard Edition . EFT Standard Edition competes against a limited number of secure, Windows-based FTP servers. We believe our primary competitors are products sold by Ipswitch, SolarWinds (through their December 2012 acquisition of RhinoSoft) and JSCAPE. EFT Standard Edition has the advantage of leveraging the success of CuteFTP through product integration, offering proprietary extensions to the FTP protocol, and cross-marketing efforts to an existing customer base. EFT Standard Edition also benefits from being part of our EFT platform, which includes add-on modules, including the DMZ Gateway solution, and an upgrade path to EFT Enterprise Edition.

EFT Enterprise Edition. EFT Enterprise Edition competes in the managed file transfer server market. We believe our primary competitors are Axway, Ipswitch, IBM-Sterling Commerce and Tibco (including through their acquisition of Proginet). EFT Enterprise Edition has the advantage of being very cost effective in its market and allowing customers to flexibly evolve their MFT implementation by procuring add-on modules such as our DMZ Gateway and Advanced Workflow Engine solutions.

CuteFTP . CuteFTP exists in a highly competitive environment with numerous FTP software utilities available on the Internet for both the personal and professional user. CuteFTP is positioned as one of the only secure FTP client programs that support a wide range of security standards related to the FTP protocol. We

21

Table of Contents

believe our primary competitors are consumer file transfer solutions sold by Ipswitch, Inc., SolarWinds (RhinoSoft) and products offered by Van Dyke Software, Inc. CuteFTP was the second Windows-based FTP client to market and is consistently among the most frequently downloaded FTP clients on popular download sites. CuteFTP Mac, our FTP client for the Macintosh platform, competes with products offered by Fetch Softworks, Interachry, Nolobe Software Pty Ltd, and Panic, Inc.

WAFS. WAFS competes in the Wide Area File Services/Storage market. We believe our primary competitors are Riverbed, Blue Coat and Cisco, who are delivering proprietary appliances. We believe that WAFS has the advantage of being a software-only solution which leverages corporate infrastructure and minimizes the total cost of ownership.

CDP. CDP competes in the highly competitive continuous data protection market. We believe our primary competitors are CA XOsoft, Vision Solutions, and Symantec (Veritas). We believe CDP has the advantage of transparently and continuously capturing data from local and remote servers, eliminating the backup window and restoring data rapidly.

Mail Express. Mail Express competes in areas of the file transfer market associated with e-mail attachment offloading. We believe our primary competitors are Accellion, Tibco (Proginet), Leapfile and Biscom. Mail Express has the advantage of centralized policies for outbound file attachments and a transparent end-user experience, which allows for rapid customer deployments. Mail Express also has the benefit of integration with our most recent EFT release which provides customers with a more uniform administration experience for e-mail attachment offloading and traditional MFT operations.

Cloud-based Managed Solutions for Secure Information Exchange . Our MIX and Hosted Enhanced File Transfer solutions compete with MFT SaaS solutions. We believe our primary competitors are Ipswitch, Axway, IBM-Sterling Commerce, Thru, Inc. and Accellion. MIX and Hosted Enhanced File Transfer have the advantage of leveraging cost effective, secure hosting and cloud infrastructures, as well as Enhanced File Transfer management services provided by GlobalSCAPE’s experts.

TappIn . The TappIn solution has direct competitors such as PogoPlug and FileTek. In addition, TappIn competes for mindshare in the market with pure-play cloud data repositories like Dropbox and Box and with computer remote control solution such as Citrix Systems (GoToMyPC) and LogMeIn.

CuteBackup. CuteBackup competes in a highly competitive, and even saturated, market for on-premises backup solutions. While there are few means of differentiation in such an environment, CuteBackup allows us to make opportunistic sales, particularly to customers who visit our website for other solutions, such as CuteFTP, or who wish to contract with one vendor for multiple products (for example, for consistency of support).

CuteSendIt. CuteSendIt competes in the SaaS segment of the file transfer market. There are a large number of competitors, but we believe our primary competition includes YouSendIt, LeapFILE, Dilbert Files, DropSend, SendThisFile, Box and Pando. CuteSendIt has the advantage of supporting multiple users, allowing larger files to be sent, and providing additional file tracking. However, some of the competitors offer significant capabilities for free.

Governmental Regulation

Export Control Regulations . All of our products are subject to U.S. export control laws and applicable foreign government import, export and/or use requirements. The level of control generally depends on the nature of the goods and services in question. For example, the level of control is impacted by the nature of the software and encryption incorporated into our products. Where controls apply, the export of our products may require an export license or authorization or that the transaction qualify for a license exception or the equivalent, and may

22

Table of Contents

also be subject to corresponding reporting requirements. For the export of some of our products, we may be subject to various post-shipment reporting requirements. Minimal U.S. export restrictions apply to all of our products, whether or not they perform encryption functions. Additionally, because GlobalSCAPE is a Department of Defense contractor, there are certain registration requirements that may be triggered by our sales. In addition, certain GlobalSCAPE items and/or transactions may be subject to the International Traffic in Arms Regulations (ITAR) if our software or services are specifically designed or modified for defense purposes. Companies engaged in manufacturing or exporting ITAR-controlled goods and services (even if these companies do not export such items) are required to register with the U.S. State Department.

Enhancements to existing products may, and new products will, be subject to review under the Export Administration Act to determine what export classification they will receive. In light of the ongoing discussions regarding anti-terrorism legislation in the U.S. Congress, there continues to be discussions regarding the correct level of export control. Export regulations may be modified at any time. Modifications to the export regulations could reduce or eliminate our ability to export some or all of our products from the U.S. without a license in the future, which could put us at a disadvantage in competing for international sales compared to companies located outside of the U.S. that would not be subject to these restrictions. Modifications to the export regulations could prevent us from exporting our existing and future products in an unrestricted manner without a license or make it more difficult to receive the desired classification. If export regulations were to be modified in such a way, we may be put at a competitive disadvantage with respect to selling our products internationally. We are working on enhancing our systems to address the impact of these regulations on our products and services and understand the need to comply. We will complete technical reviews on any new products that we acquire or develop that may be subject to the requirements before we can export them.

Privacy Laws . As our business evolves to incorporate more cloud and SaaS solutions, we will receive, transmit, and store more and more information. As a result, we may be subject to various federal and State regulations regarding the protection of personally identifying information. Applicable laws may include, without limitation, federal laws such as the GLBA and HIPAA, as well as state and regulations in the U.S., as international laws and regulations including the European Union Data Protection Directive. In the event our systems are compromised by an unauthorized party, many of these privacy laws require that we provide notices to our customers whose personally identifiable data we reasonably believe may have been compromised. To mitigate the risk of compromised information, we use encryption and other security to protect our databases.

Intellectual Property

We regard some of the features of our internal operations, software, and documentation as proprietary and rely on copyright, patent, and trademark and service mark laws and trade secret protection, such as confidentiality procedures, contractual arrangements, non-disclosure agreements and other measures to protect our proprietary information. Our intellectual property is an important and valuable asset that enables us to gain recognition for our products, services, and technology and enhance our competitive position and market value.

As part of our confidentiality procedures, we generally enter into non-disclosure agreements with our employees and independent contractors, resellers, and corporate partners. We enter into license or subscription services agreements with respect to our software, documentation, and other proprietary information. Our standard license agreements are transferable only in limited circumstances and have a perpetual term. Our subscription services agreement for our hosted solutions restrict access and have a definite term. We also educate our employees on trade secret protection and employ measures to protect our facilities, equipment, and networks.

Our trademarks and copyrights are central to our business. We have U.S. federal trademark registrations for GlobalSCAPE, GlobalSCAPE and design, CuteFTP, CuteFTP Pro, CuteBackup, CuteSendIt and design, DMZ Gateway, Enhanced File Transfer Server and design, Availl, Mail Express, and Mail Express and design, and SnapEdit and pending U. S. federal trademark applications for appshield, appShield and design, CuteSendit and

23

Table of Contents

design, Stop to Ask, Stop Tomorrow’s Viruses Today, Total Recall, GlobalSCAPE Securely Connected, and other products on our roadmap. We have trademarks registered in Canada and the European Union for GlobalSCAPE. We have obtained twenty-seven United States copyright registrations for all but the most recent versions of our software applications, and have applied for registration for the most recent versions. Our subsidiary, TappIn, Inc., has pending U.S. federal trademark registration for TappIn and TappIn and design, and a registration for TappIn in China. We have two patents in the U.S. TappIn, Inc. has one pending patent application in the U.S and one pending application filed under the Patent Cooperation Treaty (PCT).

Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or to obtain and use information that we regard as proprietary. Policing unauthorized use of our products, which are licensed by the thousands and sold world-wide, is difficult. While we are unable to determine the extent to which piracy of our software products exists, software piracy is a persistent problem. In selling our products, we rely primarily on click-wrap licenses which are not signed in writing by licensees and may be unenforceable under the laws of certain jurisdictions. The laws of some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States. Companies in the software industry, and other patent and trademark holders seeking to profit from royalties in connection with grants of licenses own large numbers of patents, copyrights, trademarks, service marks, and trade secrets and frequently enter into litigation based on allegations of infringement or other violations of intellectual property rights. We have received, and may receive in the future, communications from third parties asserting that our products infringe, or may infringe, the proprietary rights of third parties, seeking damages resulting from such infringement or indicating that we may be required to obtain a license or royalty from such third parties. For more discussion on the risks associated with our intellectual property, you should read the information under “Risk Factors,” especially “Risks Related to Legal Uncertainty.”

None of our employees are covered by collective bargaining agreements. We believe our employee relations are good.

Available Information

We file annual, quarterly and current reports, proxy statements and other information with the Securities and Exchange Commission. You may read and copy any document we file with the SEC at the SEC’s public reference room at 100 F Street, NE, Room 1580, Washington, D.C. 20549. Please call the SEC at 1-800-SEC-0330 for information on the public reference room. The SEC maintains an internet web site that contains annual, quarterly and current reports, proxy statements and other information that issuers (including GlobalSCAPE) file electronically with the SEC. The SEC’s web site is www.sec.gov. Our Annual Report on Form 10-K, Quarterly

24

Table of Contents

Reports on Form 10-Q, Current Reports on Form 8-K and other reports and amendments filed with the Securities and Exchange Commission are available free of charge on our web site at www.globalscape.com in the Investor Relations section as soon as practicable after such reports are filed. Information on our website is not incorporated by reference into this Form 10-K and should not be considered part of this report or any other filing that we make with the SEC.