Brian Liu leads the product and technique department for Cloud file transfer for GOVTECH, Singapore. In this article, he discusses their Cloud File Transfer (CFT) Story for the Government of Singapore.
Our story begins with a simple vision to provide a secure and reliable file transfer solution for the whole government. CFT provides reliability, security, and efficiency, facilitating seamless exchanges between agencies and stakeholders. It is scalable, adaptive, and prioritizes data integrity, empowering agencies to streamline operations and elevate collaboration across the entire government ecosystem.
But how do we come about creating these products? Are there not existing costs and SAS products that agencies could purchase? And yes, indeed, there were. However, opting for these solutions would have led to a depleted use of resources; agencies would have needed to procure and restrict additional components such as malware scanners, encryption modules, and hosting infrastructure, just to name a few. This approach will incur additional costs and complicate the integration process, especially for larger systems and user bases. Now, you might wonder, this cannot be the first time anyone in the government thought of this. And, of course, there was an incumbent whole of government solution in place. However, as time passed, it became evident that the product was aging and less able to keep up with our agencies’ evolving needs and expectations.
So, let’s look at the challenges with the previous incumbent and other self-source solutions from our agencies. These are some very loud feedback that we have heard. Number one was that many of these services could only handle file transfers up to a limited file size, often a maximum of 72 GB per file transfer. It requires our users to resort to splitting their files. They were finding creative methods to overcome cross-zone transfers, even for the smaller file transfers. We even observed many users tapping on our WG API gateway product Apex for file transfers. Secondly, agencies were constrained to use proprietary and data encryption methods. There was a clear demand for more secure and cost-effective options. Monitoring was lacking, too. Our interviews found that subscribers had to raise service requests after an incident to understand what went wrong with log retrievals, often taking up to three working days. So, this delay was far from ideal for users troubleshooting critical systems. Email notifications were the predominant method for receiving file transfer status updates. However, users expressed a desire to move away from the manual monitoring of their inboxes. But the most important point they brought up was that they hesitated to invest additional time, effort and money into building and maintaining their own transfer services. A central, reliable File Transfer Service would allow ministries and agencies to redirect their resources towards improving core agency functions, ultimately benefiting our nation, Singapore.
Despite these challenges, the vision for a modernized file transfer solution persisted. In the first week of our design interview, we discovered that the security and user requirements were challenging.
As a file is sent, it is assigned a unique file ID and uploaded through a webform by the sender, ensuring traceability and accountability through the file transfer process. The uploaded file undergoes power malware scanning, and if it is clean, it is held in the CFT S3 storage for retrieval. The web form and the uploaded file are seamlessly transmitted to the relevant agencies’ intranet or web server through an API gateway, facilitating smooth and secure data transfer. Finally, the receiver retrieves the file from CFT S3 storage, confidently and efficiently completing the finer transfer process.
CFT also caters to modern needs, such as single-page applications. Leveraging our SDKs, we have facilitated the reliable and secure transfer of text documents uploaded by members of the public and corporations via MyTaxPortal to the Inland Revenue interactive network. This integration ensures that tax submissions are processed smoothly and securely without hiccups.
CFT achieved full GA for its HTTPS and SFTP transfers in February 2024. We are already serving more than 70 subscribed projects. We have more than 1500 workflows across different systems. This number will only grow as we onboard more users this year. It reflects the growing adoption and trust in our solution by government agencies. But we are not stopping here; we will continue to innovate and evolve the changing landscape of governance services.