Securing Internet File Transfers
All too often, proprietary data—so heavily protected on the corporate network—is instantly exposed to risk and attack once it sails onto the public Internet. Non-secure protocols, defenseless email attachments, and homegrown scripts without error-handling mechanisms all jeopardize data security. Fortunately, armed with FileXpress software, you can overcome the shortcomings of traditional file transfer practices to protect the confidentiality, integrity, and availability of workflows that depend on Internet file transfers. This solution brief tells you how.
4 Essential elements of secure file transfer
Data worth protecting within the corporate network is also worth protecting as it moves across the Internet. To keep your data safe, you’ll need to accomplish four security tasks:
Encrypt files for transfer
Encrypting files ensures that only intended recipients will have access to the data in those files. Modern cryptography depends on a combination of public keys, which can be shared, and private keys, which must be kept secret. It also depends on sufficiently strong algorithms. A robust file transfer application will shield users from the complexities of encryption, including the esoteric details about key management and algorithm selection.
Authenticate the identity of transfer partners
How do you know that you are transferring a file to the intended recipient? Besides the standard approach of requiring a user name and password for identification and authentication, other forms of authentication exist. Digital certificates are used for file transfers that leverage the Secure Sockets Layer (SSL) protocol. Public keys are commonly used in conjunction with the Secure Shell (SSH) protocol. Combining multiple authentication technologies is referred to as “multifactor authentication.”
Ensure the integrity of files transferred
Anyone who has tried multiple times to transfer a large file knows the frustrations of working with basic File Transfer Protocol (FTP) services. Although FTP has existed for almost 40 years and has been revised numerous times, it is still insufficient for secure, enterprise-scale file transfers. With FTP, it is difficult to ensure that files transfer correctly and to roll back to a checkpoint when problems occur (you’re required to restart the entire transfer from the start). A secure file transfer solution will provide these capabilities.
Audit and report on the transfer process
File transfers happen around the clock, frequently at high volumes and usually between geographically dispersed parties. That’s why an effective file transfer solution must be able to report on the status of transfers, provide details of the transfer process (such as which users were authenticated to make the transfer), and generate management reports for capacity planning and service-level agreement compliance.
Application features are just one part of securing file transfers. If your file management practices are not secure, you may compromise the entire process. For example, you should reduce the amount of sensitive information stored in the network DMZ along with the number of open ports on the internal network. The right tools and proper procedures are key to improving upon the security of traditional, homegrown solutions.
FileXpress for secure file transfer
FileXpress is a managed file transfer solution that meets enterprise-scale security needs in the ways discussed above:
- Make files available to partners and customers.
- Allow partners and customers to upload files to your internal servers.
- Brand your own file transfer web page, where users can pick up and drop off files.
- Seamlessly move files from outside your corporate network, through the DMZ, to internal target servers.
- Delegate administrative and account management tasks to partners and help-desk personnel.
- Support the file transfer protocols required by your partners, including HTTPS, FTP, FTPS, SFTP, PGP over FTP, and AS2.
With a full range of strong encryption services—including AES encryption, SSL support, and PGP support—FileXpress reduces Internet file delivery risks. This high level of security also helps you comply with mandates driven by Sarbanes-Oxley, PCI-DSS, HIPAA, Gramm-Leach-Bliley, and FISMA.
FileXpress supports a wide range of authentication methods, including X.509 certificates and SSH public keys. These methods authenticate your transfer partners, thereby reducing the risk of spoofing by malicious parties searching for confidential data.
FileXpress uses both message integrity checks and success/failure notifications for reliable delivery. What’s more, real-time alerts instantaneously notify personnel when problems occur and include detailed transfer information to inform trouble-shooting efforts. With checkpoint/restart, failed transfers can be recovered near the point of the failure rather than at the beginning of the transfer.
FileXpress logs each transfer-related event and produces detailed reports for each transfer element—with information arranged in a logical, readable format. The logs are centralized and searchable for easy access to transfer details.
Additional features, such as secure data streaming, reduce the need for less secure practices such as parking sensitive information in the DMZ. Delegated administration capabilities ensure that system administrators have the appropriate level of control—based on organizational role and security status. For example, system administrators can be assigned the task of defining target servers and configuring new file transfers, while help-desk staff can manage user account functions, such as password resets.
Custom, homegrown solutions may work well for one-time needs or simple use cases. But ongoing business operations require a secure, managed file transfer solution that provides both the protections and efficiencies of FileXpress.