Question

How is the secure file transfer protocol (SFTP) offered by Everbridge secured?

Answer

The Everbridge SFTP system is designed to provide a secure keypair for our clients using the same model as many other well-established providers, such as Amazon EC2 (for more information see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html).

Clients can make use of SFTP which makes use of port 22 when uploading data to Everbridge. This port value cannot be changed.

Everbridge is aware that there are other accepted methods of key exchange, but we assure this model is completely secure. Directly from the Everbridge Manager Portal your administrator can generate and download the private key that is specific for your organization. If desired, you can password protect the key yourself, and many of our clients elect to do this. The downloaded private key, along with the organization ID, provide your organization with secured access to the Everbridge SFTP service.

To enhance security for your integration with Everbridge, you can use SSH and PGP encryption instead of just a username and password. After downloading the Everbridge encryption key from your organization, you can use it to encrypt your files before uploading them via SFTP. Everbridge supports SSH key-based authentication, so you'll need to configure your SFTP connection to use SSH keys instead of a username and password.

For more information regarding security compliance, see knowledge article EBS: Everbridge Suite Security & Privacy Compliance.