Software Distribution Center with Granular Access Control for File Uploads/Downloads
A Marine Vessel Operator Secures Remote Access for Diagnostics, Maintenance and IoT Data Collection
Software Distribution Center with Granular Access Control for File Uploads/Downloads
Customer
A leading cybersecurity solution provider with an extensive partner network, offices in Europe, North America and Asia and customers all over the world. Software distribution is a vital part of the business.
Challenge - complexity and lack of oversight
The customer wanted to replace their legacy download center. This system helps track product downloads while assigning stratified authorization access to customers based on product tier levels. The previous process featured an excess of integration points that were prone to human error and required additional manual steps to generate audit reports, decreasing overall usability.
The vendor wanted to implement a solution that would:- improve administrative reaction times
- increase granular access controls over the permissions to download software
- improve the management of product uploads to the distribution center
- harness automation
- and provide seamless integration compatible with existing software systems, like the customer relationship management (CRM) software.
Furthermore, the vendor wanted to expand the software distribution center functionality to allow consultants, customers, partners, contractors, and other stakeholders to download and upload software packages in a controlled fashion.
Solution - role-based, automated and tracked SFTP
The implemented PrivX SFTP solution relies on traditional public key authentication on the Secure Shell (SSH) protocol but also allows for modern passwordless authentication and even quantum-safe connections.
Through the seamless integration with the CRM, roles can be assigned to end-users to ensure that the right customers or other stakeholders are directed to the right product tier every time they log in to their account, allowing them to download/upload the right software package automatically based on their subscription.
The solution provides a modern, user-friendly and secure vanilla HTML5 user interface, can handle multiple large-scale download/upload request at once and produce an audit trail of activities for the vendor.
What’s more, the vendor got a better handle on their software upload process as well. Since making new software releases available to customers is a critical part of any software business, the vendor can now produce a solid audit trail of activities internally and easily restrict the rights to publish software releases for distribution as required per internal policies.
How does it work?
- After a new software release is approved internally, a designated member of the vendor’s product team uploads the software package to the Software Distribution Center.
- The customer clicks on a link that directs them to an OAuth account login page integrated to PrivX SFTP for strong authentication and inputting their credentials or for passwordless access.
- After being successfully authenticated, the customer gets automatically mapped to roles according to their commercial contract, based on the vendor’s Customer Relationship Management (CRM) system.
- Depending on the link initially used, the customer is either automatically directed to a product-specific download or a landing page. Using the SSH protocol under the hood, a connection is made to a backend Tectia utilizing built-in X.509v3 Public Key Infrastructure and ephemeral, passwordless access.
- Once authenticated and authorized, the customer gains access to a folder housing their product version, with access to a subfolder for downloading previous or recent versions. Alternatively, a partner or a consultant can upload new software packages to a designated location.
- The PrivX SFTP frontend is configured to support customer/partner product downloads or uploads, with the concurrently running Tectia backend enabled for secure file interactions. For customers, access can be restricted to facilitate downloads or uploads only – or allow both. All file transmissions produce a solid audit trail of activities and are scanned for malicious payloads if needed.
- From the vendor’s perspective, components can be configured or integrated, when needed, to customize the solution’s scalability and its compatibility with neighboring software programs — for example, another PrivX SFTP setup for administrative and CI/ CD pipeline access or integration to a SIEM system.
- From the customer’s perspective, the authentication and authorization process are automated, simple, quick, and invisible — offering maximum security with minimal effort and guiding the customer to the right software download package or the upload location automatically.
PrivX SFTP is very user-friendly, which reduces the likelihood of human error — for example, the download or upload link is persistent and human-readable. It can be bookmarked or shared publicly because authentication and authorization are verified separately when the link is accessed.
Automation of linking an identity to a role that allows the vendor/partner/other external stakeholder to upload a specific software bundle.
Granular access controls with enhanced security, passwordless authentication leave less room for human error.
Flexible scalability for download/upload peaks.
Scanning files for potentially malicious payloads and automatic prevention of uploading harmful files to the environment.
Further integrations with current and future ecosystems.
