Managing Personal Data in IBM Aspera High-Speed Transfer Server, High-Speed Transfer Endpoint, and Desktop Client

The customers who use IBM Aspera High-Speed Transfer Server (HSTS), IBM Aspera High-Speed Transfer Endpoint (HSTE), and IBM Aspera Desktop Client have control over personal data and it is the responsibility of the customer to manage personal data in accordance with all legal requirements.

  1. What are various places where we store user information?

    In general, the Aspera application that initiates a transfer records the transfer user, ip addresses or hostnames, and the pathnames of the source and destination in the log files. The log files rotate based on the amount of data in the log (as configured by the user) or by a log rotation policy defined by the OS. The transfer user is often a generic user, such as "xfer", rather than a user's username. More detailed information might be stored in the tags or cookie, if it is added by the client or if the transfer is initiated by an Aspera web application. Aspera web applications can populate the tags and cookies with web application-specific data.

    For HSTS and HSTE, users can be configured in aspera.conf. This configuration can include SSH usernames, IP addresses, and hostnames.

  2. How can I delete the user’s information from the application?

    System admins can delete logs. For the default log location, see “Log Files” in the Admin Guide.

    System admins can edit aspera.conf to remove users and configuration rules that use peer-ip or peer-domain.

    Users and system admins can delete content that is uploaded to HSTS and HSTE if it contains user information. The user has control over content that is downloaded.

  3. How can I extract full list of users? (HSTS and HSTE)

    All users can be viewed by an admin in the GUI or in aspera.conf.

  4. How can I run search+report on a specific user’s activity over a specified period from the logs?

    HSTS, HSTE, and Desktop Client do not have a built-in log analysis tool.

  5. How do I enforce encryption in transit?

    By default, data is encrypted using AES-128 in transit between the client and HSTS or HSTE. Admins can require a stronger encryption cipher by modifying aspera.conf; for instructions, see “Authorization Configuration” in the Admin Guide.

  6. How do I enforce encryption at rest?

    Admins can configure HSTS and HSTE to encrypt content when it is uploaded; for instructions see “aspera.conf –Server-Side Encryption at Rest” in the Admin Guide.

    Users can encrypt their content before uploading it to HSTS or HSTE or while it is stored on their local computer; for instructions see “Client-Side Encryption at Rest (EAR)” in the Admin Guide.

    Admins can configure HSTS and HSTE to require client-side encryption at rest; for instructions see "aspera.conf - Transfer Configuration".

  7. How can I configure Aspera applications with ability for end users to request for personal data access?

    HSTS and HSTE do not have built-in tools for end users to request personal data. The users must contact the server administrator directly.

Powered by Zendesk