I regularly see operations teams bogged down in security environments and implementations. The usually low-level exposure to certain aspects of security become a daunting and time consuming task to learn. Sometimes, this can be the proverbial straw that broke the camel’s back, as an already busy team takes on the overhead of managing yet another aspect of their project. The problem with security requirements is that they quickly escalate into complex pieces in a project’s puzzle. We here at Flux ask the question, “Does it really need to be that complicated?”
Case in point, a customer and I were discussing PGP security within his project plan the other day. “We monitor files in a folder on a remote FTP site”, he began. “We then wait for a file to arrive and then download the file to our local servers. From there, we can process it accordingly. The only problem right now is that the file we download is encrypted. This means we have to mess around with a command line utility to decrypt the file before continuing the workflow.”
He went on to explain that it is vital for them to comply with certain privacy guidelines, and wished to discuss how this security requirement could be integrated into Flux.
“Pretty Good Privacy” — Don’t let the name fool you. Those simple words pack a lot of features into them. Identities, passwords, private keys, public keys, key algorithms, encryption algorithms. The very sight of those words to someone inexperienced with security systems, and even some who are familiar, is enough to make your head spin! (I’ll give you a minute to recollect yourself….)
The reality of these complexities is that introducing them to an operations team that has not dealt with them on a regular basis is like throwing your team to the wolves. A lot of time and money is spent by companies learning these systems. Once they are in place, it can sometimes feel like you’re playing Jenga with your project. You’ve put a security solution in where nobody is really sure how it works and everyone is afraid to touch it. To get a question answered about it will be filled with, “Yeah… I think Mike over in script development put that in,” which will lead you to 5 or 6 similar answers — getting you nowhere.
Managing PGP Solutions
The key to any problem is simplicity. The easier it is to understand and use, the quicker you learn it and the less likely you are to make a mistake with it. With all the complexities of a PGP system, some simplicity is a welcome vacation.
Key management is one of the top problems when dealing with security systems. The keys can be generated using a number of different parameters and then spit out to be stored on your file system. Using the proper key for the proper scenario is, pardon the pun, “key” in the successful encryption and decryption of a file.
PGP Integration with Flux
Flux takes all of these complexities and bundles them up into a central, easy-to-use workflow system.
- Flux’s simple, web-based user interface creates an intuitive and straight forward environment in which to use PGP.
- Key management is done inside Flux, which allows for clear associations of keys to file sets.
- Integration into Flux means your PGP work harnesses the power of the Flux file transfer suite. This gives you the ability to do PGP work on supported remote hosts (FTP, SFTP, FTPS, UNC) — all without any extra work on your part.
Flux has taken great strides in creating a simple PGP solution inside an already powerful ETL and file workflow orchestration product. By utilizing the functionality already available in Flux file transfer, PGP becomes as simple as 1-2-3.
Download this article as a PDF — PGP Simplicity in Your ETL and File Workflows