top of page
SES Encrypts and Audits Global Client Data
Decades of experience helping Asia-Pacific customers have established Generic Systems Australia as our region’s local experts in secure managed file transfer. In this case study, we share how global experts in operational resilience – SES – take advantage of GoAnywhere MFT , the world’s leading MFT solution, to manage the transfer of more than 2,000 files daily.
Software escrow agreements are becoming increasingly common for organisations worldwide. Medium and large enterprises, especially those in retail, energy, and financing, rely on these agreements to provide coverage for the unique source code, files, and other software assets critical to a company’s intellectual property.
To prevent loss of this information during sudden downtime, a data breach, or natural disaster, organisations create a software escrow agreement with a third-party vendor to protect and back up their data. The third party then takes the data, creates an inventory of everything that’s to be escrowed, and puts the source code and other assets into a vault for maximum protection.
SES is a third-party vendor that provides software escrow agreements, intellectual property protection, and cybersecurity risk management globally. Based in Manchester, UK, SES has more than twenty years of experience providing security to more than 2,500 professionals in 40+ countries.
"Dealing with software escrow agreements is our bread and butter," said Tom Sweet, Information Security and Systems Manager at SES. It’s an area of constant growth and adjusting to keep clients happy and source code regularly updated. We are continually developing and innovating.”
Often, SES does this with tools such as GoAnywhere MFT.
For SES, GoAnywhere Managed File Transfer (MFT) has been a well-used and finely-tuned addition to its cybersecurity solutions. With the software in place, it performs on average nearly 2,000 uploads for clients per day — a mix of small and large files — as well as help monthly and quarterly businesses with their source code deposits.
Switched from Manual File Transfers to Managed File Transfer
Before GoAnywhere came into the picture, SES used a web gateway, an AWS-backed instance, to receive source code for its clients. It also occasionally used old-fashioned file transfer methods: physical disks and SD cards that were tracked, signed for, and had a direct chain of custody which could be followed.
While this mixed process — AWS-backed instance and physical mail — worked at the time, it still lacked the ability to track user and file transfer activity. Having an audit trail was important to the business. When auditing also became a client requirement, SES looked for a way to streamline, structure, encrypt, and audit the exchange of data.
SES handled a high volume of file transfers and needed robust security practices for the data it processed and stored every week. So the it was time to find a centralised solution which could do all of this and meet its trading partners’ needs.
The tracked-and-signed file transfer processes SES used led to an evaluation of GoAnywhere MFT, a robust and fast-growing product which used similar techniques (tracking, signing, and a clear chain of custody) for sensitive file transfers.
GoAnywhere was a hit. It took Tom Sweet mere days to learn the product. He attended two webinars, then jumped in and followed his intuition.
The turnaround had to be quick, but the learning curve was straightforward. SES implemented GoAnywhere across its Linux systems and has depended on it ever since for day-to-day file transfers, streamlined encryption, and consistent auditing.
Benefit#1: File Encryption and Security
With GoAnywhere fully implemented, SES has been able to ensure all file transfers sent by its clients are encrypted in transit and sent to the right place. SES has also ensured that encryption keys are held separately. These are just two of the strict requirements SES needs to follow for its clients in order to stand out in a sea of escrow and backup service platforms.
"It’s risk versus security," Tom said. "With HR and payroll data, the risk is high, so the security needs to be high as well."nearly 2,000 uploads for clients per day — a mix of small and large files — as well as help monthly and quarterly businesses with their source code deposits.
Benefit#2: Fast File Transfer & Trading Partner Setup
New trading partners and file transfer users can be set up in minutes.
"Less than that if I’m rushed," Tom said. "The quickest ones we’ve had people test: I’ve sent the email saying here’s your username, sent the password out over SMS, and people test the log-in within 10 minutes."
Sweet uses private and public keys to ensure the encryption and validity of the new transfers he creates. When the file transfers are executed, most run, start to finish, in less than 30 minutes.
Benefit #3: Ease of Use & Automation
"The main thing we use GoAnywhere for is managing users, auditing the logs, and giving users a secure gateway into our systems that would normally be firewalled," Tom, said. All of this is simple with GoAnywhere, and he believes the product’s biggest strength is its ease of use. Whether he needs to streamline, update, or re-deploy the product across systems and users, the process has been painless.
Automation is another huge benefit of GoAnywhere. SES use GoAnywhere to do the heavy lifting for SaaS-based clients. These clients transfer large amounts of source code end data that are pushed into a SaaS escrow and captured in real time.
"We help these clients configure a script that connects over SFTP to a GoAnywhere service," Tom said. "GoAnywhere then audits those transfers." The product securely transfers and audits at the same time, all automatically for nearly 60 clients who need their source code updated on a daily or monthly frequency. This enables SES to automate on Windows and Linux to meet the security requirements of each client.
GoAnywhere’s granular security controls enabled Sweet to make GoAnywhere as safe and security-driven as possible against internal risks and user errors.
"I stripped it back to who can do what," he said. Previously shared passwords were locked down. Web users were restricted to only the areas of the product they needed, and file storage was controlled — files could only be stored in the right areas of the network.
"If someone in a company wanted access to the transfers, or to the systems, they could break the loop to that cycle. So that’s why we vault [client data] and back it up in an encrypted format. We make sure the file transfers are encrypted; that’s key too."
Benefit#4: Regulation Compliance
Many SES clients have compliance requirements which SES must meet. To achieve these needs, SES has applied ISO 27001 compliance across all clients to ensure all information sent between SES and other companies is secure.
"ISO 27001 mandates that we create policies, processes, and procedures which we can prove using evidence-based systems," Tom said. "This says, ‘Okay, by default, you [the client] get all of this [security]. All files will be encrypted, and all second factor messages will be sent out-of-band so they aren’t sent over the same method of communication, and so on."
Meanwhile, while encryption is the same and applied for everyone, clients can choose if they want to use multi-factor authentication (MFA) with passwords or SSH keys for an extra layer of security. GoAnywhere offers multi-factor authentication methods, including keys and certificates, for increased file protection. SES also uses GoAnywhere to encrypt every backup of escrow data that is then kept in offline vaults.
"This ensures there’s 99.9% availability," Tom said. "No one thinks escrow is important until it’s too late," he added, so SES provides these offline backups with GoAnywhere’s help to give organisations peace of mind.
Benefit#5: Auditing and Administration
One of the biggest justifications for purchasing GoAnywhere was its auditing functionality. Tom and his team uses these audit logs to see who is connecting to their SFTP servers, what they’re doing on those servers, and how much they’ve done. This level of detail is critical, especially when dealing with sensitive escrow documents, software assets, and source code.
"The log-in and auditing process in GoAnywhere is important for our information security standards. We audit the transfers not just to be able to take them securely, but also to prove who has been on and transferred what and when. The audit trail is important."
If Sweet needs to change something, GoAnywhere makes it easy. Admins can make modifications or adjustments to their processes to keep constant with security requirements. "We can do this with GoAnywhere very easily," he said. "Then we just send out a new host key to our clients."
What’s Next: Remote Agents and Advanced Workflows
Right now, SES retrieves files from clients. But in the near future, it hopes to roll out GoAnywhere Remote Agents and GoAnywhere Advanced Workflows for customers who want zero involvement in the file transfer process.
With these features enabled, Sweet and his team will be able to pull data from each client when needed without requiring manual work or engagement on their end. "Remote agents and advanced workflows will enable us to go out, talk to, and pull the requests for daily, weekly, or monthly file transfers," Tom explained.
One Admin, One Product
Tom Sweet has used GoAnywhere for four years. As the main product administrator, he’s always looking for new ways to implement the software, integrate it with other web and cloud services, roll it out as part of security-client processes, and improve the success of GoAnywhere at SES.
"I want to get as much out of the product as I can," Tom said, reflecting on being the singular admin for GoAnywhere. "The more I push it out, the more we get a better return from our customer experience." And for any organisation — SES included — customer satisfaction is top priority.
GoAnywhere’s encryption, automation, and ease of use help make that happen.
bottom of page