What does it take for a cybersecurity solution to exist for 25 years?
2020 is a special year in more ways than one. I don’t want to mention the ‘C-word’, since everyone knows it is what this year will be remembered for. Be that as it may, this year marks the 25th anniversary of an evergreen cybersecurity product. It’s a robust Secure File Transfer Protocol (SFTP) product for interactive and automated file transfers from the inventors of the Secure Shell (SSH) protocol – us at SSH.COM.
Some of you probably already know which product we are talking about, but let’s reveal the hero at the end. In the meantime, let’s look at some of the reasons why this product has endured the test of time and why hundreds of companies are willing to pay for it.
After all, SFTP is available for completely free so it begs the question why thousands of companies – dozens of them Fortune 500 - buy a product that they could in principle get for free?
1) Some basic needs never change: do you have my back?
This point is simple but critical: companies want someone to call to if there’s a problem, a sudden need for a critical update or a feature request. The open source project is not just one phone call away.
With this product, you get a different level of support depending on your needs, all the way to 24/7. This is a great way for companies to guarantee their business continuity and also ensure that a team of dedicated professionals take care of all their secure file transfer needs - be they interactive or automated machine-to-machine (M2M) connections.
2) Free comes with a price tag
Many companies don’t want to go for a full open source environment simply because they would have to take on the burden of upgrading and maintaining it. It takes time, effort and resources.
A solution that comes with a team of professional services engineers ensures that your business stays safe and runs without disruptions so that you can focus on your core competence. Also, commercial products tend to be updated more often with new features so there’s more options for the customer. It’s worth your hard-earned money!
3) Stability and legacy use cases
When a product has been around the block a few times, it tends to be very stable. Moreover, in our case, the basic use cases have been working for 10 years or more. Although change is constant in IT, some environments are incredibly change resistant.
There are thousands of legacy server environments with physical servers and those good-old IT workhorses – mainframes. They still work perfectly fine for the purpose they were created for, and they are going to stay the same for a long time coming.
Companies have a need for a solution that can support their legacy uses cases reliably but is also updated to keep up with the gradual changes in legacy environments.
For example, our most experienced developers and support engineers have extensive knowledge of how our customers have implemented the product and therefore know how to get the job done. We are talking about 10 to 15 years of expertise!
4) Updates and backward compatibility
A product doesn’t probably stay around this long if it’s all legacy. To be viable, a solution must keep up with the times. Even the SSH protocol has evolved from the early SSH1 to the current SSH2, and constant improvements are provided to take the latest security concerns into account.
Another important point is backward compatibility, or the fact that our customers don’t want to rewrite their interfaces each time there’s a change in the application.
For example, in the early days, the Secure file copy (SCP) protocol was used for file transfer, but nowadays it is considered vulnerable and it’s mostly replaced by SFTP.
In our solution, the SCP command is still there to ensure backward compatibility, while the actual connection is run over SFTP.
Such subtle changes happen at a smaller scale all the time, making file transfers more secure without the customer even noticing what’s happening.
5) Large enterprises are regulated and need to stay compliant
Large financial and governmental organizations, customers in regulated businesses and those dependent on certifications like Payment Card Industry Data Security Standard (PCI-DSS) tend to take compliance seriously.
It is easier for them to stay compliant and enforce internal security policies when they have a business partner who has specialized in this area of expertise and have both a solution and a team of experts to guide through the intricacies of the regulatory game.
Federal Information Processing Standards (FIPS) compliance is certainly appreciated by our American federal customers. Built-in support for X.509 certificate-based authentication has made smart card user identification easier.
Or if we look at the IBM z/OS mainframe environments, our customers appreciate that our client/server solution supports the use of the Multiple Virtual Storage (MVS) data sets as well as the Unix-type file system.
This way, native applications can access transferred data as if it was coming from another native application. Moreover, offloading some of the most CPU-consuming algorithms will save those valuable CPU cycles that are always cherished by the mainframe administrators.
6) Quantum computing
One of the next big paradigm shifts in cyber security will likely come in the form of quantum computing. With quantum decryption technology available, some of today's most important encryption algorithms like Diffie-Hellman will simply crumble.
We as a company have been involved with quantum-safe encryption projects for years, and already have a quantum-ready solution available on the Finnish market.
Our next step is to incorporate the technology into the rest of the portfolio as well, including our 25-year-old champion product. With these new algorithms, the business critical data of our customers will be safe far into the foreseeable future
Secure your mainframes and critical file transfers with Tectia
Our champion product comes in two flavors: Tectia SSH Client/Server and Tectia z/OS for IBM mainframes. These two have seen other IT products come and go, have evolved along the way and have proven their worth. And they are here to stay. In 25 years from now, we might or might not see flying cars, but we will still see Tectia.
It will be an interesting journey before we get there, and we will be, from our part, making it a safe one.
Jussi Rautio
Jussi's mission at SSH is to develop the product vision for the company's flagship product, Tectia. He has been in the IT business for more than 20 years, researching, developing, and managing products.