Articles from blog category
Wed 31 January 2018 | blog
Docker containers have been a constant presence in the worlds of DevOps and cloud computing. We have recognized this only through a passing mention in our product page that SFTPPlus can run in a Docker container.
However, we have not gone beyond that, until now.
We are pleased to announce the creation and release of a dedicated, public, MIT-licensed repository to make the creation and running of Dockerfiles more accessible. Whether you are already a customer of ours, currently evaluating SFTPPlus or you are interested in seeing a managed file transfer service run in Docker. Simply head over to our repo, clone, and follow the instructions to run an SFTPPlus instance in Docker.
SFTPPlus running in a Docker container does not lose functionality and makes full use of the infrastructure provided by a Docker container. You can audit and archive SFTPPlus server events (also knows as logs) using the default Docker log driver.
Once you have set up the SFTPPlus Dockerfile, what's next? Why not use Docker Compose to run multi-container Docker applications.
You can use Compose to create the following specialized instances like:
- SFTPPlus instance - Handle file transfers over SFTP / FTPS / WebDAV. Data storage is backed by a volume.
- Authentication and Authorization instance - Respond to authentication and authorization requests over HTTP. You can use this instance to authenticate other services inside your deployment.
- Audit instance - Receive, over HTTP, events and logs generated by SFTPPlus. Use this instance to process logs and events from other services.
- File Processor instance - Receives events over HTTP in order to further process them based on the rules specified by your business logic.
See our Github and documentation
You can view the scripts and instructions to get started quickly in our GitHub repository.
A users guide is available in our Docker documentation page.
Evaluating SFTPPlus MFT
SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.
Not on Docker? SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, AIX, OS X, Solaris, HP-UX, FreeBSD.
As of April 2016, the European Parliament and Council adopted a new legislation that will replace, in May 2018, the old personal data protection law for European Union (EU) and European Economic Area (EAA) residents. The new regulation is called The General Data Protection Regulation (GDPR).
The purpose of the new legislation is to protect the personal data of the EU and EAA residents by imposing rules to the organizations which hold or process the data within or outside of Europe. The companies from the United Kingdom are also affected (even after the Brexit). In case of a breach, the sanctions include warnings and can lead to high fines.
The SFTPPlus team offers services to the clients from the EU, EAA and the rest of the world. In this article, we would like to share and clarify how the new legislation can affect the file transfer operations in a company and how SFTPPlus MFT helps our customers comply with the regulations.
General Data Protection Regulation and File Transfers
To start, the key areas described in the regulation and affecting the data transfer operations inside an organization include:
- Data portability and how open standards are required to achieve compliance.
- Data protection, storage and the encryption at rest of the data.
- Authentication and data access control, and the purpose of audit logging.
Let's review step-by-step the list above and outline how exactly SFTPPlus MFT Client and Server addresses the technical areas of GDPR compliance.
Article 20 GDPR covers data portability concerns and the importance of access to one's own data. File transfer technology should not imply any limitations or requirements on the format of data or the access to services providing such data.
SFTPPlus MFT was designed to address the data portability concerns. Our product uses open and standard file transfer protocols like SFTP, FTPS, and HTTP(S). All the data sent over a connection using these protocols is first encrypted using public and private cryptographic keys. The security layer is taking care of all the communication exchanged between your computer and SFTPPlus.
The open and standard technology respects the GDPR requirements and guarantees long-term support and consistent integration with the existing infrastructure. Using the SFTPPlus MFT web interface one can enable or disable multiple services within the same installation where the end-users benefit from user-friendly web portal for downloading and uploading files directly from their browsers or mobile phones.
Data Protection and Security of Processing
The data protection by design and by default is described in the Article 25 and the security of processing of the personal data is part of the Article 32. The two outline procedures for secure storage and secure access to personal data for processing at a later stage.
By using the SFTPPlus managed file transfer Client and Server organizations can automate the distribution and the synchronization of the data with full encryption support. For a better data protection in the age of cloud services, SFTPPlus can be configured to encrypt the data using local encryption keys before sending it remotely, just as described in the ENISA report (Privacy and Data Protection by Design).
The SFTPPlus MFT pre- and post-processing functionality and the external program execution support are particularly relevant here. These two simplify and make the deployments much easier for complex operations like the decryption of the data before the transfer and the encryption of the data after the transfer. It also works with both, the custom encryption/decryption solutions and the standard GPG tools.
General Data Protection Regulation also addresses the audit and reporting concerns. The Article 30 does not refer directly to the transfer of the data, but it focuses on the tracking and the maintenance of persistent data operations activity log. This information can be required by the supervisory authority on request and is a GDPR requirement.
We cover the audit logging and reporting requirements in the SFTPPlus MFT. Our product integrates with the MySQL and SQLite databases to provide custom filtering, export, and integration with external reporting tools. The web-based administration panel offers a simple and user-friendly interface to browse the logs which is essential for the internal research in case of an incident.
The authentication and the data access control are also easier with our product. SFTPPlus provides multiple authentication methods, from virtual users to system accounts and remote account databases like LDAP.
At first, the General Data Protection Regulation might look intimidating and complex to understand, but with more than 10 years in the secure managed file transfer services, we are ready to help!
Our clients work with personal data on a daily basis and use our products in various industries: government agencies, the financial sector, healthcare and other PHI processing organizations. And while we know we can not change the compliance process, we are confident we can speed up the process for your organization by using our technology.Try SFTPPlus MFT and reach faster GDPR compliance now!