Secure File Transfer (SFT)

Secure File Transfer (SFT) provides a complete enterprise platform for securely transferring department files using standard secure protocols (e.g., FTS/s, HTTP/s, SSH-FTP), to another server, Internet-connected client, or private IP network.

Security Compliance

  • HIPAA
  • FIPS 140
  • SOX
  • HITECH
  • GLB

Benefits

  • Delegated Administration
  • Provide customer ownership without customer headache
  • Rapid deployment
  • Customer peace of mind

Reliability Features

  • Fully redundant, highly-available, active-active Linux platform
  • A Disaster Recovery option will be available in the future

Secure File Transfer, also known as Managed File Transfer, replaces the need for VPN connections (IPSec tunnels), magnetic tape, tape couriers and storage solutions, paper and postal service delivery, CD packaging processes, standard FTP, and other non-managed, unsecure methods of exchanging information in file-based formats.

Operating Systems

  • Microsoft Windows™
  • UNIX and Linux
  • Apple OS X™ or higher
  • Mainframe

Web Browsers

  • Microsoft Internet Explorer® 7 and 8
  • Mozilla Firefox 2.x or higher

SecureTransport™ Clients

  • SecureClient ™ 5.6 (or higher)
  • SecureTransportTM Command Line (FDX) Client, version 4.5.1, 4.5.2

FTP and HTTPS Clients

  • cURL 7.19 (HTTPS only)
  • CuteFTP Professional 8.3.2
  • Ipswitch WS_FTP Server 7.1
  • LFTP 3.7.14
  • FileZilla 3.0.0
  • SmartFTP Client 3.0
  • Igloo FTP Professional 3.9
  • Core FTP v2.2
  • IBM Mainframe client

SSH Clients

  • FileZilla 3.0.0
  • Tectia Client 5.3, 6.0.7
  • PuTTY 0.60 (pscp.exe and psftp.exe)
  • VanDyke SecureFX 6.2.1
  • SecureFile Transfer SCP and SFTP
  • WinSCP 4.1.9

SFT includes the following security measures:

Authentication

In addition to password-based authentication, SFT also supports client certificate authentication (either SSH keys or X.509 self-sign, CA-chained certificates). Client certificate authentication offers these advantages:

  • No more lost or forgotten passwords.
  • The ability to script or automate a transfer without having to embed a password in clear text
  • Increased security – an attacker could potentially guess a weak password, but client certificates are practically failsafe.
Encryption
  • Encryption in Transit: SSL and SSH provide the standard encryption solution for data passing through the network. When a customer connects to SFT using a supported web browser or supported 3rd party SSL client, the server enforces an SSL connection. When a customer connects to SFT using a supported SFTP client, the server enforces an SSH connection. Both SSL and SSH connections are protected by the use of an official VeriSign certificate.
  • Encryption at Rest: Data stored is encrypted using Triple Data Encryption Standard (3DES). When data is sent to SFT, it is decrypted in active memory on the DMZ Edge Server, transferred to the back-end using a propriety secure protocol then re-encrypted in active memory using 3DES before writing to disk. Therefore, files are never cached, written to a temporary file, or saved in an unencrypted format. Note: Some automation configurations do not support encryption at rest.

For more information, see Security Services.

CDT:

  • Based on Customer requirements and resources, CDT is available to recommend a file transfer client

Customer::

  • Operations and Systems Security: Customers are responsible for the integrity of their internal networks and local data.
  • User Administration: See FAQs tab
  • Desktop Systems: Customers have full responsibility for all file transfer client installation and configuration. However, purchase of the Axway SecureClient ™ from CDT includes setup and configuration assistance via remote access or telephone.
  • Desktop Anti-virus Protection: Customers are strongly encouraged to employ up-to-date anti-virus protection software on each client station.

Shared:

  • File Transfer Support Issues: CDT and the customer’s Delegated Administrator(s) will work together to resolve any file transfer issues.

Are there upload/download limits on file size?

Files uploaded or downloaded using a web browser are limited to 2GB in size (a limitation of the browser). Files of any size can be transferred with the Axway SecureClient™ or other 3rd-party clients. The only limit to file size is the remaining storage available in the SFT shared SAN pool. However, if your requirements include very large files (10 GB or larger), you may be directed to purchase storage and dedicate it to your file transfer needs.

Can I log into my SFT account with a SSH key or X.509 certificate instead of a password?

Yes, your user accounts can authenticate using certificates in lieu of, or in addition to, using a username & password. SFT supports client certificate authentication (either SSH keys or X.509 self-sign, CA-chained certificates). Client certificate authentication offers these advantages: 1. No more lost or forgotten passwords. 2. The ability to script or automate a transfer without having to embed a password in clear text. 3. Increased security – an attacker could potentially guess a weak password, but client certificates are practically failsafe.

Is there a Transfer Log and how long is it kept?

Every transfer into and out of the SFT system generates a file transfer log entry which is retained on the SFT system for a period of 1 year. This transfer log entries ensures audit ability compliance with government regulations such as HIPAA, SOX, GLBA, PCI and others. The system also generates an MDN receipt for each transfer.

How long can the transferred files remain on the SFT servers?

The Secure File Transfer service provides temporary file storage for file transfers. SFT is a file transfer service not a data storage service or solution; however, SFT can utilize customer-purchased storage to create transfer/storage solutions to meet any need. The SFT service file retention policy stipulates that each file transferred to SFT will be retained on the system for a period of 14 days. Customers requesting retention periods in excess of 14 days may need to purchase storage at the current storage rates.

Why can't we use plain old FTP?

The risks associated with transferring any sensitive data (medical, financial, SSNs, etc.) is too great to leave to unsecure, unmanaged products or systems. SFT addresses regulatory compliance initiatives, such as Sarbanes-Oxley, Health Insurance Portability and Accountability Act (HIPAA), MHLW, EMEA and Gramm Leach-Bliley using standard secure protocols and encryption algorithms (3DES). SFT is a true enterprise shared service that not only provides full regulatory compliance but also the following features: 1. A consolidation platform for all your department file transfer applications and processes. 2. Managed transfers and reporting via web-based Admin Console. 3. Shared service accessibility, reliability and economies of scale. 4. Delegated administration — you manage your accounts, business units and applications as if the entire system was built for you. 5. Large file size transfers (a feature most email services do not support). 6. Minimal resource commitment. 7. Rapid deployment. SFT allows the secure transfer of sensitive files with reduced risk and peace of mind.

How can I be notified of system upgrades and scheduled maintenance?

Customer delegated administrators and technical contacts are encouraged to subscribe to the SFT LISTServer. You will be notified of scheduled maintenance, system upgrades, new services, etc.

What is a Delegated Administrator?

The Delegated Administrator is the customer’s first line of user support. CDT delegates certain SFT user account administration tasks to the customer: password resets, unlocking user accounts, creating new user accounts, deleting user accounts, importing ssh keys and x.509 certificates, modifying or reconfiguring user accounts and requesting higher-level support from CDT SFT staff. The name and contact information of the customer’s delegated administrator will be gathered during the Intake Process. All delegated administrators receive hands-on training via remote console session or at the CDT Training Center.

 

User account holders request support from their Delegated Administrator(s), not from the CDT Service Desk. To promote security best practices, CDT Service Desk personnel are instructed to refer password reset and account unlock requests from end users to the customer’s Delegated Administrator. CDT SFT staff will accept requests for SFT support only from Delegated Administrators.

What is the SFT Maintenance Window?

Refer to the Preventative Maintenance Schedule.

What secure protocols does the SFT Service support?

The Secure File Transfer (SFT) service supports the most popular and useful secure protocols: FTPS (FTP over SSL), SSH (SFTP and SCP), and HTTPS. Many other secure client software applications should work, but there may be compatibility issues requiring the use of vendor-supported clients only. CDT provides direct support for and resells the Axway SecureClient™.

Subscriptions to this service are available and can be referenced in the CDT Rate Schedule.

Service CodeService DescriptionUnit of MeasurementRateGroupComment(s)
I115Secure File Transfer One Time SetupOne-Time/Hour$130.00Web Services
I116Secure File Transfer Service (includes 10GB data transfer)Named User Account/Month$12.30Web Services
I117Secure File Transfer Additional Data TransferGigabyte$10.00Web Services
I118Secure File Transfer Axway Secure Client SoftwareOne-Time$300.00Web Services
R310Disaster Recovery Secure File Transfer Set-up FeeSystem$8,932.00 Disaster Recovery
R311Disaster Recovery Secure File Transfer ServiceUser$1.40Disaster Recovery

The CDT Account Lead can assist customers with opening a Service Request in Remedy. Order Service Now