Cryptographic algorithms and MFT: Does it matter?

Jun 25th, 2014 / Category: Managed File Transfer

Managed file transfer solutions enable you to quickly and easily share and manage important data and documents. Behind the scenes, encryption is what keeps your information secure at rest and in transit. It's the mechanism that turns your documents' code into something unreadable unless the corresponding encryption key is available to unscramble it. By using these solutions within an MFT program, your organization can count on the safety of its electronic transactions without having to manually encrypt and decrypt sensitive documents.

However, there are a number of encryption types, and not all are created equal. Depending on the nature of your organization and its files, you need to choose the appropriate technology to best keep your information secure. At a basic level, encryption can use:

  • Symmetric keys. This approach relies on each computer having access to an encryption key in order to encode and decode information. Today's algorithms follow the Advanced Encryption Standard (AES), which include 128-, 192-, or 256-bit keys.
  • Asymmetric keys. Also known as public-key encryption, this method uses two keys at once so any computer can send information securely over the Internet. The receiving system must decode the symmetric key and then use that algorithm to decode the document. Asymmetric keys generally use complex algorithms that provide an extremely high number of possible combinations.

Because of the added security value and the way it works with computers that don't have access to the corresponding symmetric key, public-key encryption approaches are generally the most appropriate for MFT solutions.

Here are the common methods of encryption used for MFT and the best practices for using them:

  1. OpenPGP. The open source implementation of Pretty Good Privacy encryption is an industry-standard solution to protect data at rest. It uses an asymmetric public/private key pair and a password to control access, providing a higher degree of protection than other forms of encryption that rely on shared keys or single passwords. Within MFT, the encryption occurs between when users upload files and when they're sent to the storage locations, with unique encrypted session keys assigned to each message. It's most useful for data that is moved by MFT to be stored in other destinations.
  2. SSL or TLS. These forms of encryption are used for HTTPS Web browser connections. Secure Sockets Layer is the predecessor of Transport Layer Security, and they are both employed to encrypt networks, by establishing connections over secure port numbers that can then be managed according to the standard's protocol. They are enabled within MFT by selecting a check box in the configuration options and provide an easy way to work with business partners over the Internet by encrypting data sent via the Web. It safeguards against eavesdroppers and man-in-the-middle hacks.
  3. FIPS 140-2 Validation. A standard rather than an encryption key, the Federal Information Processing Standard (FIPS) Publication 140-2 sets requirements for encryption for sensitive information, especially that which is handled by governmental organizations. Its cryptographic library offers several encryption algorithms that companies can use while complying with FIPS 140-2 regulations. These standards are used, for example, in Globalscape's High Security Module, providing the greatest possible security. This cryptographic mechanism is especially appropriate for highly sensitive material.