Skip to main content

Agent Security

The Files.com On-Premise Agent is a powerful tool designed to integrate on-premise networks with the Files.com platform. Security is a primary concern for many organizations considering its use, as the agent operates within your corporate network. We believe the On-Premise Agent is the most secure way to connect your internal systems to Files.com, offering significantly more protection than relying on FTP servers or third-party tools that weren’t designed specifically for this purpose.

A Proven Security Record

The Files.com On-Premise Agent boasts a flawless security track record, with no known vulnerabilities ever reported. This strong security history is part of Files.com’s overall commitment to keeping your data safe. We conduct annual penetration testing to identify and mitigate potential risks, ensuring that any weaknesses are addressed before they can be exploited.

Files.com runs an active bug bounty program that incentivizes independent security researchers to rigorously test our systems—including the On-Premise Agent—for vulnerabilities. Because the agent is part of this program, it undergoes continuous scrutiny from top experts in the security field.

Key Security Features of the On-Premise Agent

The On-Premise Agent has several key security features that ensure it integrates securely with your systems while maintaining strict control over access.

Strict Access Controls

One of the most critical security features is the strict access controls the agent provides. It allows for root folder path restrictions, which you configure locally in a file you create and manage. This configuration file cannot be modified or overridden by the Files.com cloud system. The agent is limited to only the paths you explicitly specify, which means it cannot inadvertently access other parts of your network. This ensures that Files.com only has access to what you allow, providing peace of mind that no other data is exposed.

No Open Ports, Encrypted Connectivity

Unlike FTP servers, the Files.com On-Premise Agent does not open any ports on your machine. Instead, connectivity is established through an encrypted tunnel, which is initiated via an outbound connection to Files.com’s network. The agent uses public key cryptography to validate that it is indeed connecting to the correct Files.com services. Once the tunnel is established, only Files.com’s production services—responsible for real-time file access and automation tasks—are permitted to communicate with the agent. These production services are fully isolated from other environments at Files.com, including our staging systems and employee workstations, further enhancing security.

Clients Never Connect Directly To Your Agent

Another critical security advantage of the Files.com On-Premise Agent is that external requests to upload or download files are never made directly to your agent. All such requests are routed through Files.com’s cloud infrastructure, which acts as a proxy. Only Files.com has direct access to the encrypted tunnel to your agent, ensuring that your internal systems are never directly exposed to external users. This provides a significant security improvement over FTP servers, which allow external clients to observe information about your network and servers.

No Automatic Updates by Design

The Files.com On-Premise Agent does not feature an automatic update mechanism. This decision was made to prevent unauthorized updates from being pushed to your systems, eliminating the risk of a compromised update reducing security. No third party—including Files.com—can introduce unexpected changes to your agent installation. While we do plan to offer optional automatic updates in the future, they will be entirely opt-in, meaning that organizations will have the flexibility to enable or disable them based on their own security policies.

Dual Logging

To ensure that all actions are properly logged and monitored, the Files.com On-Premise Agent provides dual logging streams. Operations are logged both locally, on the machine hosting the agent, and to Files.com’s cloud log infrastructure. The cloud logs can be configured to be forwarded to a SIEM (Security Information and Event Management) platform of your choice through our SIEM integration. Additionally, the local log file can be ingested into any logging or SIEM system you prefer, in the same way you would manage any other local log file. This dual logging approach ensures that all activity is documented and available for review, which is crucial for maintaining security and compliance.

Security is Our Priority

The Files.com On-Premise Agent is built with security as a top priority. From strict access controls and encrypted connectivity to dual logging and the intentional restriction of automatic updates, it provides a secure, reliable solution for integrating on-premise systems with the Files.com platform.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.