Advantages of SecureTransport over standard and secure FTP servers.
One of the biggest questions organizations face today is the need for a managed file transfer solution to replace or augment their existing home grown solution. As organizations grow and consolidate, many centralize IT infrastructure for efficiencies with managing data exchange, users and applications, and improved visibility/reporting for meeting compliance and regulatory mandates. This comes up frequently at organizations looking to deploying a secure file transfer solution, either for a specific application, or at the enterprise level. Tumbleweed's SecureTransport is an Industry leading comprehensive managed file transfer solution providing: security, management, communication breadth and reporting to support organizations of all sizes. The build-it-yourself approach generally takes the following shape:
- Use an open-source secure ftp server (such as OpenSSH) or a low-end commercial product (such as WSFTP) as the protocol server, and build a set of custom scripts to provide automation, integration, etc.
- Use a standard non-secure FTP server and use file encryption, such as PGP. This approach typically involves even more scripting to automate the PGP encryption-decryption processes.
SecureTransport offers many advantages that would be difficult to reproduce in a homegrown non-secure FTP server or secure FTP server solution including:
| SecureTransport Advantage |
Description |
| One Solution Supports Multiple-Protocols |
While standard FTP servers and secure FTP servers can work only with one protocol, SecureTransport supports multiple open standards: FTP, FTPS (SSL/TLS), SFTP (SSH), HTTP, HTTPs (SSL/TLS), AS2. |
| Purpose-Built for Secure File Transfers |
SecureTransport restricts all protocols exclusively to file transfer activity. For example:
SecureTransport supports the SFTP (SSL/TLS and SCP capabilities of the SSH protocol). |
| AS2 Certification |
The AS2 protocol in particular requires an interoperability and certification process through the Drummond Group. This is not something an organization would want to take on itself. |
| Multi-Tier Security Architecture |
The SecureTransport Edge is unlike anything an organization can procure from open-source secure FTP servers (or even from other commercial vendors). Not only does it provide a two-tier server security model, where no data is ever written in the DMZ, but it does so in a single, multi-protocol security gateway. |
| Enhanced Security |
There are many limitations which affect the security of low-end or open-source secure ftp servers.
• The access controls within ST are very granular. This includes data access restrictions as well as administrative controls (such as support for delegated and hierarchical administration).
• ST supports LDAP, SSO solutions like Siteminder.
• SecureTransport can validate user credentials against a Public Key Infrastructure (PKI) system.
• ST also features two factor authentication for enhanced security, a feature that is missing in secure FTP servers.
|
| Advanced Features For More Robust Transfers |
Some other advanced features simply will not be available with homegrown solutions. For example:
• SecureTransport provides some extensions which add guaranteed delivery to transfers as well as supporting checkpoint restart. This is accomplished through the use of Transfer Restart for interrupted transfers, and Transfer Integrity to ensure the reliability of data after a transfer.
• Server-Signed Message Disposition Notification (MDN) receipts for every transfer with ST provide a secure audit trail. |
| Confidentiality |
The secure protocols supported by SecureTransport provide session encryption, which will encrypt usernames, passwords, and (optionally) commands, as well as the actual data. This is an advantage over approach #2 above, non-secure FTP server, which leaves these (including passwords) unprotected. |
| Flexible Integration |
SecureTransport provides a built-in rules engine and integration interface for extending the product in a uniform way, again regardless of protocol. This includes:
• hooking into external authentication and authorization systems
• performing post-transfer activities like email notification, file routing, and processing
• virtualizing the filesystem to present a customized view to a user
• abstracting the files altogether to store data in other systems, such as a database |
For a more detailed look at what SecureTransport can offer you in comparison to FTP, please take a look at the whitepaper “Does FTP Have What It Takes?”.
|
