Security Overview
Security Overview
Section titled “Security Overview”Xferity is designed for file exchange environments where partner endpoints must be verified explicitly, credentials must be handled carefully, and transfer activity must remain traceable.
How security is built into the product
Section titled “How security is built into the product”Protocol trust enforcement: every connection requires an explicit trust basis. SFTP connections require SSH host verification. FTPS connections require TLS validation. AS2 exchanges require certificate roles. Insecure patterns are explicitly configured and logged — not silent defaults.
Payload protection: OpenPGP encryption and decryption runs as part of the flow. AS2 messages can be signed and encrypted with partner certificate roles. Payload protection is part of the workflow definition, not a manual step.
Secrets management: credentials are resolved from secret references at runtime — environment variables, files, HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, or local encrypted vault in Postgres-backed deployments. Plaintext credentials in sensitive fields are rejected in hardened mode.
Security posture engine: evaluates crypto, secrets, transport, auth, and flow security state across platform, partner, and flow scope. Produces Active Findings, Suppressed Findings, hourly snapshots in Postgres-backed mode, trend analysis, and regression alerts.
Audit logging: structured JSONL with file lifecycle tracing and optional tamper-evidence hash chaining.
Hardened mode: configuration enforcement that blocks insecure patterns at startup — not just warnings.
What Xferity does not do
Section titled “What Xferity does not do”Xferity does not replace infrastructure hardening, network security controls, SIEM, identity governance, or immutable external evidence retention. Its scope is transfer workflow security and traceability.