Monday, February 18, 2008

Enterprise File Transfer Solutions

Q:
Enterprise File Transfer Solutions
I am researching Best Practices surrounding File transfer between business partners. The solution must be able to integrate with various back-end systems and offer Internet facing FTP, SFTP and FTP-SSL.
I have identified the following requirements:
The solution must offer automated encryption/decryption via PGP.
The solution must be able to route the information received to its' final destination.
No data may be unencrypted within the DMZ
(must be encrypted before being sent or decrypted after being moved internally)
Clarification
The PGP requirement is due to legacy considerations. All our current transfers are encrypted using PGP. Would entertain other encryption mechanisms... but PGP suport provides the most effective migration strategy.


A:
Hi …..,
Best practices are the least headaches on the operation side :) (not necessarily on the security side). Best practices are usually determined by the resources and the flexibility of your operations

You need a solution that is both transparent to existing operations while satisfying security and regulation requirements. That is a double edged sword.

If you have in house developers, the most customized way is to use "PGP Command Line" series of products. This is very flexible since it works on all platforms...

SCP, SSL, SSH and SFTP are usually not the full answer set since they encrypt "data in transit" do not answer the "data at rest" questions. I like certificate based encryption solutions but that is far away from PGP keys.

When using a key based solution, the ugly part is the automated key management with remote 3rd parties. You can use a trusted directory like PGP global directory for this purpose.

When you do not have flexibility to touch anything on the servers and the host then there are gateway products:

Sterling Commerce, and Globalscape are referenced above.

You can also check Forum Systems' Presidio OpenPGP security gateway…

Tumbleweed SecureTransport is the other gateway that is used by financial services.

And there is PGP Universal Gateway.

There are several other “store and forward” / “message both parties” secure enterprise data transfer solutions, you can check Ironport (Post x), SecureComputing (Ciphertrust), Zix, Voltage, Entrust and Accelion web sites for different solution sets.

Let me know if you have a specific question,
Regards,
- yinal ozkan

Add this post to:

DiggIt!| Reddit| Technorati|

Posted by yinal at

2 comments:

Chico said...

Sigaba (www.sigaba.com) is another vendor worth researching.

February 19, 2008 at 1:47 PM
Unknown said...

there are tonnes of solutions, you can buy one off the self or build one . I developed one for a customer between 2004~2006. the problem with pursing FTP / SFTP is soon it will be redundant, you have better protocols to transfer larger files, say larger than 2Gb.

and also FTP gets the least priority being a passive protocol. So I would suggest to invest sometime in choosing the protocol so at least your solution last couple of years.

May 14, 2008 at 10:08 AM

Post a Comment

Subscribe to: Post Comments (Atom)