Secure Transfers of Large Files Over the Internet Using YouSendIt

Secure Transfers of Large Files Over the Internet Using YouSendIt
Ahsan Haque - October 23, 2004

1.	Introduction
2.	What is it and how does it work?
3.	Security Features of the YouSendIt Free Web Service
4.	Security Features of the YouSendIt Enterprise Server
5.	Conclusion

Introduction

Does the following situation sound familiar to you? You have to send a large PowerPoint presentation document to an overseas customer, and the customer’s e-mail system will not accept large file attachments. Your customers need the file as soon as possible. You try different options, different e-mail clients, sending a CD by post, or even setting up your own FTP server. If security isn’t your biggest concern, setting up the FTP server is generally a manageable option. All you have to do is get permission to open up the appropriate ports on your network, set up the FTP service, send the file over, close the connection, and then shut down the server. It’s a lot of work, creates a lot of potential security holes, and if you have to send large files on a regular basis, it can become a very cumbersome process.

If you’ve faced the challenge of sending a large file over the Internet, I’m sure you’ve told yourself that “There must be a better way”. There is. Developed by a group of McGill University graduates residing in California, YouSendIt is a free, secure, on-line service that conveniently allows you to send large files over the Internet. Their free web service can be accessed at www.yousendit.com. For large-scale secure enterprise-level file transactions, YouSendIt also offers a turnkey solution called the YouSendIt Enterprise Server. The Enterprise Server is a dedicated server package that can be customized to integrate with your organization’s security infrastructure.

What is it and how does it work?

YouSendIt’s service offerings consist of a free public-use web service, and the specialized Enterprise Server. Both services use the same underlying technology to handle the file transfers. To send non-sensitive data, the free service works very well. Both the Enterprise Server and the free service use the following basic procedure to send files: To send a file using YouSendIt, simply go to the web site and enter the e-mail of the person you want to sent the file to, select a file to send from your computer, and click on Send. The system uploads your file to the YouSendIt server, and then sends an e-mail notification for file pickup to the recipient. The recipient clicks on the link, and downloads the file. There’s no software to install, no account creation process, and your e-mail inboxes never fill up with large files.

The main difference between the two offerings is that the Enterprise Server is a customized offering that can integrate with your existing security infrastructure and runs on a dedicated server, whereas the free service runs on the YouSendIt public servers.

TEC spoke with Amir Shaikh, vice president of business development at YouSendIt with regards to the system security options, and the company’s goals for the YouSendIt service. “We want to become the de facto standard for large file transfers over the Internet. We saw a market that stemmed out of our own needs to transfer large files, and we were frustrated by the fact that there was no easy way to achieve this. We initially decided to come up with our own system that filled our personal needs, and then developed it into the commercial service on the site.” With regards to e-mail protection of users, Amir says, “We want to ensure that the system is fast, non-intrusive, and easy to use. YouSendIt does not redistribute any e-mail addresses to anyone and advertising on the site is limited to the file download portion of the site. This way the user can focus on transferring their files without any cumbersome advertising to detract them.”

Security Features of the YouSendIt Free Web Service

The free web service, which is available at www.yousendit.com, offers quite a few security features. The upload process for the file transfer between your computer and the YouSendIt server is handled via a secure sockets layer (SSL) connection. This commonly-used Internet encryption process will protect your data from interception during transit. To access the SSL upload option, simply click on the “Need Secure Transfers?” link on the main page. This will bring you to the secure transfer page. It should be noted that sending a file with SSL encryption requires additional time and processing. You can send files of up to one gigabyte in size. The recipient will receive an e-mail notification which contains a link to the file and a secure token allowing access to the file download. The file recipient then visits the site, inputs their secure recipient token, and gains access to download the file. Recipients can even lock the file for deletion after the file transfer process is complete. If the file is not marked for deletion it is kept on the YouSendIt servers for a period of seven days. The process is as simple as sending an e-greeting card—minus the card and the advertising.

Security Features of the YouSendIt Enterprise Server

In addition to the free public service, YouSendIt also has an enterprise server for dedicated secure file transfers. If your enterprise needs to send a lot of files to customers, the enterprise server provides for a powerful solution. This service becomes especially useful when you have to transfer sensitive documents back and forth that may contain non-disclosure agreement ( NDA) level material. The system can even be used as a billable dedicated service for customers if required.

The YouSendIt Enterprise Server includes use of a standalone application server that contains the same scalable architecture of the free service, but with additional privacy and security options. The Enterprise Server offers multi-tiered end user security including SSL encryption for data transfers, S/MIME for notifications, and optional SGC 128-bit encryption for even stronger protection. Also available is a “Straight Through Processing” option which allows users to receive a file as it is being uploaded by the sender. Files themselves can be password protected and MD5 filename encryption is available. All of the above security features can be customized according to your enterprise needs.

Administrators can maintain their enterprise server through secure authentication tokens including RSA SecurID and CryptoCard. This provides additional security for system administrators who want to manage their server remotely. The Enterprise Server service is highly customizable and scalable according to business requirements. There are many reporting and logging options available for administrators as well. The Enterprise Server edition can also automatically integrate into your enterprise’s own network authentication if desired.

With all of these security features in place, the YouSendIt Enterprise Server provides your organization with the necessary tools to handle a secure large file transfer infrastructure.

Conclusion

YouSendIt fills a much-needed niche in the file transfer space. As a simple web service, it’s very effective and fast. The fact that there’s no software to install, no account to create, and no security risk in creating and maintaining an FTP server, makes the YouSendIt web service so compelling to use. It should be noted that the free service does have some limitations in terms of security options. Also, the fact that files are kept on the server for only seven days means that the free service cannot really be used as an FTP service replacement for persistent files. However, these issues are addressed in the YouSendIt Enterprise Server edition. Enterprises looking for a complete secure file transfer infrastructure, the Enterprise Server, with its vast array of customizable security options, can easily scale to meet your organization’s needs.