EFT RoadmapGlobalscape UK & Ireland User Group 2021
Please note the contents of this blog and webinar are confidential and only for current EFT users.
At the Globalscape UK & Ireland User Group 2021, Head of Product Robert Oslin outlined the roadmap for EFT. You can watch the session below, which includes details of the enhancements planned for the rest of the year.
This is followed by some further explanation and clarification from Richard Auger, Pro2col’s EFT expert.
EFT 8.0.4, released Q4 2020
Web Transfer Client
The web client was improved to allow end-users to see the files that have been shared in the form of a history log.
Secure forms was released for the upload of files. These forms allow for a variety of controls – radio buttons, tick boxes, dropdowns etc. This allows the client uploading the file to add some metadata, which is then made available to the EFT event rule triggered on the upload. This metadata is presented as context variables in the rule.
Two Factor Authentication
Multi-factor authentication can be set on both the site or template level. Rather than just sending a password to new users, you can also send a code (one-time password) via SMS to the end user. Conceptually, while it is possible to inadvertently send a password to the wrong email address or even risk someone else having access to the mailbox, it is unlikely that they would also have access to the code sent via SMS. Currently this supports either Twillio or some generic authorisation platforms.
SFTP ciphers update
Not only has the available cipher set been changed to meet current standards, but the ability to select specific ciphers at the site level has been introduced. This allows you to have a more secure externally facing site, whilst at the same time having an internal site that is more flexible in terms of security.
Datasets have now been introduced into EFT event rules, where previously they would only have been available in the Advanced Workflow Engine. You can list the contents of a remote site into a dataset and then process the results accordingly, either writing to a csv or processing the dataset in a loop. This allows you to sort the files and check properties before performing a transfer of each file if required.
In addition, you can read the content of a csv into a dataset and load it into variables which you can then access in the rest of the rule.
This version introduced REST APIs for user and VFS management. You can, for example create users through an API and set up a virtual folder into the users home folder remotely via the REST API.
8.0.5, May 2021
Content adaptation (ICAP)
ICAP interaction has been greatly enhanced. Previously, the only available options were to get a yes/no answer from ICAP, however EFT now supports redaction of files. For example, if a file is found to have credit card numbers by the ICAP scanner, that file can be redacted so that the numbers are removed.
EFT now also has more controls for how you interact with the ICAP scanner. In general, this may be only truly useful on occasions where there are problems connecting to ICAP, but can also be used to pass header information (or parse returning headers) and finally identify the caller.
Proxy Protocol support
Proxy Protocol is new to EFT and is especially useful for those occasions where a network device masks or fails to pass a client’s originating IP address through to EFT. This tends to occur in the SFTP protocol most commonly with devices like load balancers. Proxy Protocol resolves this issue.
Several enhancements have been made here, but arguably the most important is the simplification of branding.
Several changes have been made, however the most important is the ability to offload management of secrets into an external key vault. In this release the only key vault available is Azure Key Vault, however it is planned to introduce others.
As well as being able to specify a vault, there is the ability to specify a backup vault into which to save the secrets.
REST APIs for Site management have been extended, but perhaps more interestingly there is now the possibility to launch event rules from the REST API. This functionality existed previously in SOAP/WSDL format, however the new REST API method allows for the passing of context variables to the rules – this could be useful when you just want to collect a known filename or set a destination folder for example. The REST API allows for webhooks to be used in the call.
A new event rule action has been added for folder synchronisation. This can be either uni-directional or bi-directional, and comes with several configuration options to assist in determining files to be copied. What is worth noting is that this action also works with remote agent rules, which simplifies the process of replicating a folder to a remote machine.
8.0.6, Q2 2021
Secure send triggers, conditions
The next release due out includes new trigger actions for secure send. Currently, the triggers only go as far as management of a workspace and don’t actually interact with the secure send functionality, this will allow an event rule to call out to ICAP to check files before end users can send them out. To complement this, a new action has been added – Secure Send abort; If someone does send out the wrong file, you now have the opportunity to intercept it before it leaves your network.
TLS 1.3 support
TLS 1.3 support will be introduced in version 8.0.6. Although not widely used in the industry yet, some products already support this and EFT will be well placed when it becomes more popular.
PGP sub-key controls
In general, PGP keys are commonly set with an expiry date configured, prior to which you need to exchange keys again with your trading partner. However, it is also possible to create ‘sub-keys’ in PGP; you have a ‘master’ key with a long expiration, and a number of sub-keys attached to it with shorter expiry that are only valid from a certain date. In this way, you can preconfigure and exchange keys to cover a greater timespan without having to renew the key each time (as the sub-keys are consecutive, they automatically become the valid key without human intervention).
Following on from the expansion of REST API, it is planned that the first release of a web based admin GUI will become available in this version, although only as a proof of concept. The great thing about moving from a windows application to a web GUI for administration is that you do not have to manage software versions for administrators who access the application remotely. It also becomes operating system agnostic.
8.0.7, Q3 2021
It is planned to extend the Secure Forms to Workspaces for both internal and external users.
It’s likely that there will be several lessons learned from the first release of web GUI based administration, which should make it into this release. In addition, more functionality will be added to match changes introduced in the REST API.
Configurable alerts will be introduced to allow certificate and key expiration notifications to be sent to administrators in advance of the expiry date.
To keep up with external compliance, EFT will be updated to support the PCI version 4 standard
EFT will be integrated with Vera, world class Digital Rights Management (DRM) software. This will allow administrators to dictate who is allowed to open or send a file once it has been classified via the Vera interface. If someone inadvertently (or maliciously) sends a file to a person who has not been granted access, that person will not be able to access the file, even if it has been downloaded).
8.0.8, Q4 2021
There are three main areas of improvement planned for this release. Firstly, EFT will be released as 64 bit software, rather than the existing 32 bit. This brings with it a number of performance improvements.
Next, the Advanced Workflow Engine will be upgraded from version 10 to version 11. This brings a number of enhancements, for example JSON converters.
Finally, and important to many people who are moving to cloud, EFT primary storage can be set to be Cloud Storage instead of NTFS.
If you have any questions or would like to know more about Globalscape EFT please call us on 0333 123 1240 or email firstname.lastname@example.org.