By Ian Hamilton
In Part 1, we discussed the hybrid SaaS architecture behind Media Shuttle including file storage, the cloud tier, TLS, and password policies.
Now that we have the basics out of the way, let’s turn to the security behind the customer journey—from setup with the help of Signiant Customer Care to authorized transfers.
The trust model for an individual customer begins with the creation of a customer account and assignment of top-level administrators for the account. The initial account creation step is performed by Signiant Customer Care as part of the customer provisioning process. The next step is to setup and associate file transfer servers with the account. Signiant Customer Care may also assist in this step.
Each transfer server installation securely binds with the cloud tier and the customer account using a one-time setup key generated by the cloud tier for this purpose. This one-time key is used to securely establish and exchange security credentials, which are then used to validate and encrypt all future communication between the cloud and the transfer server.
Once transfer servers are registered with an account, the administrator can create new Portals that allow communities of users, called Members, to securely exchange files.
Portals have their own unique Web URL and can be branded with portal specific wallpaper, logos, icons, color schemes and messaging.
From an information security perspective, it’s relevant that a portal is associated with a specific area of storage visible to a transfer server or visible to a set of redundant transfer servers.
Portals can be configured so that members of the portal can browse the associated storage, in portal Share mode, or so that member have no storage visibility and only utilize the associated storage as transient transfer storage, in portal Send mode.
Using a portal in share mode acts as an FTP alternative for upload and download interactions. Using a portal in send mode involves email-attachment-like send and receive interactions.
Administrative rights to manage certain aspects of the portal, like membership, can be delegated to operations staff within the organization. The access rights of regular members can be controlled by top-level administrators and delegated administrators, as allowed by top-level administrators.
When a user initiates a file transfer via the cloud-served graphical user interface, or a transfer is initiated by an unattended sync operation, transfer instructions are generated for and delivered to the transfer client.
Transfer instructions include a unique transfer security token and are delivered via secure web communications. The transfer client then connects to the transfer server and delivers the transfer instructions.
The transfer server validates the transfer instructions by contacting the cloud tier with the transfer instructions including the transfer token.
This round trip check ensures that transfers are authorized and valid at the time of transfer and are fully tracked by the cloud tier.
We take security seriously here at Signiant. This section breaks down user-related security features. For more about Media Shuttle security, read Part 3 of Securing SaaS, covering design principles for safe media transfer and secure storage.