Customer Benefits

Many organisations make extensive use of the popular and pervasive FTP protocol to implement an extremely cheap and efficient mechanism for transferring data between themselves, internal or external departments, trading partners and business partners etc.

A common assumption, is that by implementing encryption (FTPS, SFTP, TLS) at the transport layer, the data has been secured – This is only partially true, transport layer encryption only protects the data during transfer.

Once the data has been transferred and is stored the data is completely unprotected.

Cryptosoft’s automated encryption agent can be easily integrated into new and existing FTP data flows. The example also illustrates optional integration with Symantec’s centralised PGP Key

Management Service (KMS). Data can now be simply copied or saved to a pre-defined folder or directory where it will automatically trigger a process to encrypt the data using PGP’s command line. The secured data will then be automatically delivered to an external FTP server.

The Cryptosoft agent provides detailed logging and reporting that can be used to identify exactly how each file has been processed from the point of collection through to its final delivery to the remote FTP server.

For most organisations the potential cost savings of using cloud based storage service such as Amazon’s Simple Storage Services (S3) are significant. The ability to completely outsource the storage hardware, backups, disaster recovery and scalability can represent a significant cost saving. However, there are still many concerns regarding the security of data stored outside of the network perimeter. Whilst the Amazon services themselves have been implemented within immensely secure environments, and have well protected API’s, there is still a question of trust — Do I really trust Amazon with my business sensitive data?

A simple solution to this problem is to implement a data security gateway (or proxy) that encrypts the data before it leaves the organisation and decrypts the data as it enters the organisation.

Cryptosoft’s automated encryption solution can be easily integrated into the data flow

between a typical business application and Amazon’s S3 service. As key management is likely to be an issue when implementing this type of solution, integration with Symantec’s centralised PGP Key Management Service (KMS) has also been included. Data can now be simply copied or saved to a pre-defined folder or directly submitted to the Cryptosoft API where it will automatically trigger a process to encrypt the data using PGP’s command line. The secured data will then be automatically stored within the Amazon S3 cloud. Data can be retrieved from the S3 service by making a request to the agents API. The agent will then retrieve the data, decrypt it and either make it available to the API, or route it to another internal data repository.

The Cryptosoft agent provides detailed logging and reporting that can be used to identify exactly how each file has been processed from the point of collection through to its final delivery to the remote FTP server.

As the move towards a more cloud based computing infrastructure continues, more applications will utilise cloud storage technologies and will even be hosted within the cloud using service such as Amazon’s Elastic Computing Cloud (EC2). This presents organisations with several challenges regarding their information security.

How can we ensure that the critical parts of our applications — the data — is protected?

Cryptosofts agent API can be used to easily expose a policy driven PGP cryptographic service using simple HTTPS (REST). Depending on configuration, this interface can be called locally or remotely.

For example, an application that collects personally identifiable information (PII) during data entry should only store data in an encrypted form. The application is also required to use multiple encryption keys depending on the context of the data being entered. Obviously it’s possible to modify the application to call some local cryptographic libraries and a local keystore, then add logging and reporting. However, this would typically involve a significant amount of development effort and knowledge of the cryptographic libraries etc.

Implementing a Cryptosoft agent either locally on the application server or remotely, enables new or existing applications to easily access all of the cryptographic components required to encrypt or decrypt data using simple HTTP requests.

The agent also provides detailed logging and reporting for all administrative requests and can be remotely managed using the Cryptosoft management console.

For larger enterprises that have a proliferation of disparate systems and applications, Service Orientated Architecture (SOA) provides an elegant solution to the interoperability problem. Messaging technologies such as the Java Messaging Service (JMS) provide essential communication services for SOA based solutions and in most cases provide the foundations on which they are built.

Cryptosoft’s messaging adapter can be easily configured for any JMS or Advanced Message Queuing Protocol (AMQP) based system. This enables Cryptosoft to participate within the message based communications flow used by other applications. Cryptosoft can also be used to provide a gateway or bridge between applications that do not have a messaging connector, applications that would otherwise be excluded from the SOA. Cryptosoft can be configured to consume messages produced by an internal business application, encrypt the message payload and deliver it to an external messaging service such as Amazon’s Simple Queue Service (SQS).