Articles from press category

Faster GDPR compliance with SFTPPlus MFT

Fri 24 November 2017 | press blog Written by SFTPPlus

As of April 2016, the European Parliament and Council adopted a new legislation that will replace, in May 2018, the old personal data protection law for European Union (EU) and European Economic Area (EAA) residents. The new regulation is called The General Data Protection Regulation (GDPR).

The purpose of the new legislation is to protect the personal data of the EU and EAA residents by imposing rules to the organizations which hold or process the data within or outside of Europe. The companies from the United Kingdom are also affected (even after the Brexit). In case of a breach, the sanctions include warnings and can lead to high fines.

The SFTPPlus team offers services to the clients from the EU, EAA and the rest of the world. In this article, we would like to share and clarify how the new legislation can affect the file transfer operations in a company and how SFTPPlus MFT helps our customers comply with the regulations.

Industries

General Data Protection Regulation and File Transfers

To start, the key areas described in the regulation and affecting the data transfer operations inside an organization include:

  • Data portability and how open standards are required to achieve compliance.
  • Data protection, storage and the encryption at rest of the data.
  • Authentication and data access control, and the purpose of audit logging.

Let's review step-by-step the list above and outline how exactly SFTPPlus MFT Client and Server addresses the technical areas of GDPR compliance.

Data Portability

Article 20 GDPR covers data portability concerns and the importance of access to one's own data. File transfer technology should not imply any limitations or requirements on the format of data or the access to services providing such data.

SFTPPlus MFT was designed to address the data portability concerns. Our product uses open and standard file transfer protocols like SFTP, FTPS, and HTTP(S). All the data sent over a connection using these protocols is first encrypted using public and private cryptographic keys. The security layer is taking care of all the communication exchanged between your computer and SFTPPlus.

The open and standard technology respects the GDPR requirements and guarantees long-term support and consistent integration with the existing infrastructure. Using the SFTPPlus MFT web interface one can enable or disable multiple services within the same installation where the end-users benefit from user-friendly web portal for downloading and uploading files directly from their browsers or mobile phones.

Data Protection and Security of Processing

The data protection by design and by default is described in the Article 25 and the security of processing of the personal data is part of the Article 32. The two outline procedures for secure storage and secure access to personal data for processing at a later stage.

By using the SFTPPlus managed file transfer Client and Server organizations can automate the distribution and the synchronization of the data with full encryption support. For a better data protection in the age of cloud services, SFTPPlus can be configured to encrypt the data using local encryption keys before sending it remotely, just as described in the ENISA report (Privacy and Data Protection by Design).

The SFTPPlus MFT pre- and post-processing functionality and the external program execution support are particularly relevant here. These two simplify and make the deployments much easier for complex operations like the decryption of the data before the transfer and the encryption of the data after the transfer. It also works with both, the custom encryption/decryption solutions and the standard GPG tools.

Reporting

General Data Protection Regulation also addresses the audit and reporting concerns. The Article 30 does not refer directly to the transfer of the data, but it focuses on the tracking and the maintenance of persistent data operations activity log. This information can be required by the supervisory authority on request and is a GDPR requirement.

We cover the audit logging and reporting requirements in the SFTPPlus MFT. Our product integrates with the MySQL and SQLite databases to provide custom filtering, export, and integration with external reporting tools. The web-based administration panel offers a simple and user-friendly interface to browse the logs which is essential for the internal research in case of an incident.

The authentication and the data access control are also easier with our product. SFTPPlus provides multiple authentication methods, from virtual users to system accounts and remote account databases like LDAP.

Summary

At first, the General Data Protection Regulation might look intimidating and complex to understand, but with more than 10 years in the secure managed file transfer services, we are ready to help!

Our clients work with personal data on a daily basis and use our products in various industries: government agencies, the financial sector, healthcare and other PHI processing organizations. And while we know we can not change the compliance process, we are confident we can speed up the process for your organization by using our technology.

Try SFTPPlus MFT and reach faster GDPR compliance now!
• • •

SFTPPlus MFT is positioned for securing enterprise data with release of latest software version

Wed 15 November 2017 | press Written by SFTPPlus

The security and automation of file transfers has become easier for all enterprises – large and small - to use and integrate with the release of the latest version of SFTPPlus MFT.

SFTPPlus MFT is a software suite for managed file transfer (MFT) with Client and Server that may be licensed and used as standalone modules or together as a MFT solution. SFTPPlus MFT provides functionality to automate file transfers between systems, users inside an organization and with third-parties. The software is designed to work on major operating systems including Windows, Linux and UNIX. SFTPPlus MFT supports the most popular file transfer protocols like FTPSSFTP, HTTPS and WebDAV and provides external authentication support, integration with built-in and external logging solutions and audit functionality. SFTPPlus MFT also integrates with external encryption solutions and offers an API for third-party integrations.

SFTPPlus MFT suite has become the main product of the company which is continuously developed and supported using automated tests, high-quality assurance and documentation. Security, correctness, functionality and performance as well as integration support and no vendor lock-in are key requirements of SFTPPlus MFT.

Tim Adams, Director, said “We have found an increasing demand from customers who do not want vendor lock-in with proprietary protocols and prefer a solution that can be quickly installed to use basic functions and are then delighted to find the extra functions that are typically only available with high cost solutions. Part of our mission has always been to make high end functionality available with a cost-effective and affordable product.”

New features and functionality have been added – in many cases this is driven by customer requests as well as market needs – and includes those required due to changes in FIPS, PCI and other security standards.

A new website has been launched at sftpplus.com which has added new pricing and discount information to ensure new customers can quickly find information they need and access further information through trials and documentation. Discounts are not only available for larger deployments but also for small companies in order to encourage and enable best practice for every enterprise of any size.

Tim Adams, Director, said “We encourage new customers to take a free, supported trial to see the ease with which the software can be installed and used in order to explore the rich functionality and features. Our consultants will be happy to help with best practice and discuss integration, if required. We are always pleased to work with companies of all sizes where needs may be a single Server or Client as well as with large enterprises and government where needs may be for an enterprise wide solution that requires integration with other systems.”

Adi Roiban, CTO, said “We have listened carefully to customers who are keen to use open standards and require a solution that helps ensure security of data while enabling many options for automation and authentication. Our larger customers need a product that can be integrated with existing workflow and other systems and can also be installed on multiple operating systems.”

“Key to our success has been our team of developers and support specialists who ensure that SFTPPlus MFT fits customer needs whether on legacy systems or latest technology and they will assist, if required, with use of features and best practice as well as help with integration.”

“We see increasing demands due to changing requirements to meet FIPS, PCI and other security standards. We work closely with customers to ensure that current and future needs are met in a timely way with functionality that is based on the RFC and specific standards as well as particular integration or other use.”

Our worldwide customer profile includes government agencies and businesses large and small across Europe, USA, Middle East, Asia, Australia and Far East. Pro:Atria also works with integrators and system design teams including IBM, DXC, Fujitsu, Capita and Tata (amongst others). Customers are from all sectors including retail, financial, manufacturing, healthcare, education and transport as well as government agencies and departments. Support is provided by our team of staff who are based across Europe.

For more information on SFTPPlus MFT and how Pro:Atria can help secure and automate file transfers go to - sftpplus.com.

END


Notes to editors

For further information

Issued by Pro:Atria Ltd. For more information please contact Tim Adams on +44 (0)1963 441311 or email tim.adams@proatria.com.

All news releases can be accessed on our web site.

About Pro:Atria Ltd

Pro:Atria was founded in 2001 in the UK and provides commercial on-premise software products and support to it’s worldwide client base. Its flagship product, SFTPPlus MFT, enables enterprise users and IT teams to secure and automate file transfers across a wide range of platforms that includes Windows, Unix and Linux. The original SFTPPlus product was launched in 2005 and has been under continuous development since then.

With customers that include government agencies and businesses - large and small - Pro:Atria also works with integrators and system design teams on a worldwide basis. Support is provided by its team of staff who are based across Europe.

Our mission is to provide a cost-effective and secure software product with a rich feature list for authentication, automation and integration together with the highest quality service, ensuring that enterprises of all sizes can secure and automate their data transfers both internally and externally with third parties. Data is secured using open standards that include the protocols FTPS, SFTP and HTTPS - amongst others.

For more information, visit our web site.

• • •