The zone in your network where all external connections end is called the demilitarized zone (DMZ). The DMZ is the external point of contact for your core business applications, business data and file transfers. What’s more, since it is the point of contact with the outside world, hackers will attempt to sabotage network security by attacking this zone; consequently, the servers that reside here need to know who is who, how to authenticate and when to grant access.
Sounds obvious. But what about the data that move through these points of contact? Where do they reside? How can services in the DMZ protect the data that power your business?
If data security and regulatory compliance are important to your organisation, you need to expertly manage these capabilities with robust DMZ security. Axway’s edge solutions – SecureTransport Edge and Secure Relay – protect your data, your customers and your networks, whilst enabling critical Managed File Transfer services between approved parties.
Axway Edge (for SecureTransport) and Axway Secure Relay (for Axway Interchange and Axway Gateway) prevent storage of sensitive information in the DMZ, adding another layer of security to data as they flow into your company from the Internet and out of your company through your firewall. By deploying Axway Secure Relay or Axway Edge in the DMZ, companies can deploy any Axway MFT gateway behind their internal firewall in a protected network, securing TCP/IP connections coming from the Internet to the gateway, and vice versa.
Using Axway Edge, you can create a multi-tier file exchange infrastructure with multi-protocol managed file transfer, SSL termination and back-end authorisation that streams data across the DMZ to SecureTransport. You can deploy multiple Edge gateways in the DMZ to balance loads and optimise performance. Furthermore, Axway Edge safeguards compliance with SOX, GLBA, HIPAA and other business, industry and government directives governing the security and privacy of sensitive information.
Deployed with Axway Interchange and Axway Gateway, Secure Relay supports Active-Active clustering environments and is available for all TCP/IP connection types and protocols, including FTP. With Secure Relay, all TCP sessions are outbound, allowing bi-directional real-time data flow with no data storage in the DMZ. Secure Relay receives all configuration setup directly from Axway Gateway, and all file transfer dialogue (protocol, authentication, etc.) is handled by the gateway, thus avoiding any permanent or temporary storage of critical data in the DMZ, including files, configuration information (such as keys and certificates) and critical back-end processing (such as digital signing or envelope decryption).