Product Group Tests
Encryption in motion (2010)
Ipswitch's MOVEit DMZ Enterprise is the Best Buy this month for its control over end-to-end file transfer and enterprise class administration features.
A solid product that can scale to support most environments, we rate Accellion Secure File Transfer 8 Recommended.
Full Group Summary
Securing data when it is in motion is not easy. Nathan Ouellette looks at five solutions that might help.
Securing data in any organisation is a delicate balance of operational integration, cost and reasonableness. Depending on the particular industry, organisations may have many different data exchange needs and requirements. A review of any data exchange initiative may uncover the need to encrypt data as its rests within storage, as well as encrypting it as it is in motion. Within these requirements may be several types of transactions, key management needs, encryption standards, compliance mandates and many other components that require consideration. Understanding the needs and the requirements is critical to matching them with the right solution.
In this issue we are reviewing encryption solutions specifically for data in motion.
In this issue
We specifically focused on products that helped to secure end-to-end file transfers using common encryption standards. There are many point-to-point security products, such as VPN or email security gateways, but we focused on the solutions that offer application-to-application types of secure file transactions. This includes secure EDI-based transactions, FTP, SSH, HTTPS and other means of end-to-end delivery.
In some form or another, these products allow workstations, servers or even web servers to provide a secure channel and support common file transfer protocols in either a batch processing type of mode or by allowing users to perform self service on-demand transactions and control recipients through pushing and file retrieval mechanisms. It is common that the data at rest within these transaction servers is encrypted as well, but our focus is on how the products help secure the remote file transfers.
All of the products submitted for testing in this group review were software solutions but some are available from the vendor as VMware instances. Some are architected as client server implementations, others are single host installations or web servers that allow users to push and pull files from a centralised server.
Depending on the size of the business and the amount and type of transactions that need to be secured, some products will fit better into environments than others. Businesses that do a large amount of batch EDI transactions may look for products that are designed specifically for those in mind. Others fit better when less specialised protections are needed. This includes whether or not batch jobs are used or whether the environment simply needs an on-demand method of exchanging sensitive files with external entities.
Business and security needs are important factors for considering what type of solution to implement into the environment because many of them are implemented differently and contain various types of feature sets.
It is worth noting that all of the products in this group test performed well. They all use well-known encryption standards and will fit into existing architectures. The encryption schemes are not necessarily the most compelling buying factor, as they all help meet a high level of encryption. The intangibles will be the determining factors: administration and operational features, overall architecture and how the solution fits into your environment. Whether or not you require a flexible PKI environment or if a HTTPS transaction web server meets your needs, most of the solutions in this group deliver on one or more of these criteria.
How we tested
Our lab server machines consist of both physical and virtual Windows 2003 RC2 Standard Edition images. Our virtual environment consists of Windows 2008 servers using Hyper-V or VMware as needed. All client software was installed on either physical or virtual instances of Windows XP SP3. We also installed IIS and MS SQL Server 2005 on our Windows 2003 server when necessary.
The areas we assessed were implementation, administration, usability in an enterprise environment, user experience (transparency and performance), support, price and overall value for the money. Some products have a more enterprise look and feel to their overall implementation, while others serve more of a single host use. We did not touch on every product's operational integration capabilities because of the limited space in this review, but several can integrate into existing frameworks for authentication, key management and other environmental considerations.
Keep in mind that most of the solutions reviewed are not policy-based email or VPN types and do not enable encryption schemes on the fly based on keywords, regular expressions or packet inspection. They are designed for dedicated file transfer scenarios, such as hosts that perform your EDI, FTP, SSH or other specific use functionality or user groups that are dedicated to managing known or on-demand file transfer needs.