Secure exchange of customer data for digital forensics

As one of the leading specialists in the fields of digital forensics and eDiscovery, Swiss FTS places particularly high demands on the protection of confidential customer data that the company receives for digital forensics investigations. To make data exchange as secure as possible, the renowned Swiss company has recently started using PROSTEP's proven OpenDXM GlobalX data exchange platform.

Swiss FTS AG was founded in 2010 and employs acknowledged digital forensics experts at its head office in Zurich and in its branch offices in Lausanne and Singapore. They help companies and law firms investigate suspected data theft or other fraudulent activity by securing and analyzing electronic data and tracking down evidence in IT systems. They also prepare clients for digital forensic investigations and electronic discovery in the context of eDiscovery processes. eDiscovery is a legal process that involves identifying and preserving e-mails, business communications and other data and making it available to the opposing party in the event of legal disputes.

In addition to law firms, the company's customers comprise primarily banks and insurance companies but also companies from other industries that need help investigating activity seen as suspicious. A typical case of suspected misconduct involves employees in management positions taking customer data with them to their new company when they leave the company, says Roy Weiss, head of the Zurich office of Swiss FTS. "We often act as liaison between the lawyers and the IT departments of the companies, who don't speak the same language."

Trust is absolutely crucial in the field of digital forensics. Swiss FTS often receives vast amounts of confidential data and documents for evaluation from its clients, and in eDiscovery processes it has to send increasingly large volumes of data to law firms in the USA or elsewhere in a secure manner. The volume of data alone means that this can no longer be done via e-mail. That being said, data attachments are often sent unprotected. Which is why the company has been using a data transfer solution for some time now, but that solution was not developed further. The licensing costs were also quite high and creating new users was extremely complex, says Weiss.

A key requirement for the new solution was that it be cloud capable but could be hosted at Swiss FTS. "Our customers are still a bit cloud shy," says Weiss. "For many, it's the first time that they’ve carried out a digital forensics investigation. That's why it helps if we can tell them that the entire infrastructure in which their data will end up is completely under our control. Our data center and Swiss FTS AG are certified according to ISO/IEC 27001:2013."

Operation is impressively easy

The ease of use of PROSTEP's data exchange platform impressed users and administrators at Swiss FTS. The ability to create new user profiles quickly is important to the company because it works on a project-by-project basis and the exchange partners are constantly changing. Another advantage of the solution is that exchange partners can be temporarily deactivated rather than having to be deleted, which avoids paying unnecessary licensing costs.

PROSTEP implemented the solution in close collaboration with the infrastructure team at Swiss FTS. Immediately after upload, incoming data is automatically transferred to a directory in the internal network and then deleted from the server. A hash value, i.e. a kind of fingerprint, can be calculated for each file so that it is possible to prove later that it has not been subsequently modified. The PROSTEP experts have set up the corresponding automation mechanisms.

Weiss adds that OpenDXM GlobalX’s high level of configurability is one of its great strengths. "Everything that we can imagine can be specified down to the last detail, such as when which data is deleted, whether a ZIP file is created automatically, or how recipients are informed of the data exchange." The solution also provides very good reporting functions, which makes system administration easier. The only area in which there is still some room for improvement is speed, but this is something that PROSTEP is already working on. "It’s very nice working with the team from PROSTEP. We've found a partner who knows what their talking about."

Proven data exchange platform

OpenDXM GlobalX is currently being used at Swiss FTS without integrations to other IT systems. This is partly due to the fact that the internal network is heavily segregated for security reasons. "The area in which the customer data is stored and processed in particular is isolated from the rest of the network," Weiss explains. "We don't know what we're getting and have to assume that the data could contain viruses." However, the plan is to integrate OpenDXM GlobalX into the Windows clients with the aim of making it as easy as possible for users to send data securely via the platform.

Users use automatic encryption for uploads and downloads by default, and the public and private keys are generated by the software. OpenDXM GlobalX also offers the option of protecting the data with a personal key generated by the recipient. Since only the recipients know this key, only they can read the data. Weiss thinks this is an interesting option for the future in the context of sensitive projects with particularly high security requirements.

The new data exchange platform has been in use for approximately three months and has already proven its worth in more than 20 projects. "With OpenDXM GlobalX, we make it possible for our customers to send us large amounts of data, comprising 200 or 300 gigabytes, easily and quickly,” says Weiss. "We have a stable solution that is subject to ongoing further development and one that we can be sure will still be working well in five years’ time.”