#29 TOP TIP
for Globalscape EFT Server
Globalscape have announced the release of EFT 7.4.13. This new version introduces several security and compliance related enhancements, while also improving performance, compatibility, collaboration, and automation capabilities.
Security & Compliance
Protecting data at rest is a critical component for secure and managed file transfer solutions. In EFT 7.4.13 Globalscape have introduced “Encrypted Folders” – a new technology that automatically and transparently encrypts or decrypts data in designated encrypted folders, even network shares. By not requiring key pairs, Encrypted Folders eliminates PCI compliance hurdles and reduces complexity normally involved in key management, while also delivering the data-at-rest security that customers require.
Keeping EFT’s Web Transfer Client (WTC) and Workspaces communications secure means staying current with constantly evolving security standards. These standards often impact things behind the scenes, which customers typically don’t notice until there’s either been a breach, or a security scan flags it. Some of the improved behind the scenes security includes better Cross Site Request Forgery (CSRF) mitigation, secured session cookies, enhanced Cache-control directives, and improved HTTP Strict Transport Security (HSTS) directives.
Updating security standards also means ensuring any dependencies EFT relies upon are also up-to-date. In EFT 7.4.13 Globalscape have updated the OpenSSL library to 1.0.2q, and the OpenSSH-derived library to 126.96.36.199. These newer libraries address bugs and security vulnerabilities and are a great reason to upgrade to this latest EFT version. Globalscape have also updated EFT’s database connectivity drivers, allowing it to communicate with SQL over more secure protocols (TLS 1.1 or 1.2), and have officially tested EFT against Windows Server 2019, which has been added to the list of supported operating systems.
Managing user accounts often involves launching the EFT Admin GUI and performing the action directly, such as temporarily disabling a user’s account. The alternative was to write script and leverage EFT’s COM calls to perform said actions. EFT 7.4.13 introduces a new top-level action to Event Rules called “User Account”. This action lets administrators automate and streamline common user management actions, such as locking, banning, kicking (disconnecting them), or even deleting users directly from within EFT’s event rules.
EFT’s Disk Quota feature is used by organisations to prevent the misuse of resources. For this latest EFT version, Globalscape have revamped the logic for the Disk Quota system in order to improve performance, even when there are many users and folders. Now the amount of free space is determined when a user first logs in to an EFT session, rather than upon startup, which vastly improves EFT startup performance.
Authentication & Authorisation
SAML has become a popular feature for customers, as it allows for both federated identity management (a centralised service with authentication and on occasion, access controls), and a Single-Sign-On (SSO) experience, where users sign on once to the identify provider (IdP), and they then leverage other services, including EFT’s WTC, without having to re-type their credentials. EFT 7.4.13 has support for a process often referred to as “Just in time” (JIT) provisioning. Under normal SAML/SSO, once the IdP informs EFT that a connecting user is “authorized”, EFT has to perform a second lookup to an LDAP or similar director to obtain what it needs to then provision the user within EFT. With JIT enabled, EFT doesn’t need to perform this second step. As long as the IdP authenticates the connection request, EFT will automatically create the user and place that user within a designated Settings Template. Subsequently the user can perform the operations that are permitted by that template, subject to file and folder permissions for associated permission groups. JIT provisioning further streamlines an already streamlined process, creating a SSO, SAML, and JIT authentication trifecta.