Government: Preventing Malicious File Uploads

Against a backdrop of austerity and ever-reducing budgets, this major government authority has taken on responsibility for delivering a vast range of benefits to over five million citizens.

It is considerable challenge. Service provision relies on complex, means tested benefits and citizens need access to the service in an accessible and timely manner if they are to provide accurate information on their circumstances. 

The authority wanted to encourage citizens to upload evidence in support of their benefit entitlement via a state-of-the art cloud-native Web application featuring a number of benefit portals but needed to be certain it couldn’t be used as a “backdoor” for malicious file uploads.

Business Challenge

Protect the Cloud Web Application

The government authority decided to implement application in the cloud, taking advantage of the potential costs savings to be gained from having no infrastructure to support and maintain.

However, against the backdrop of many high profile cyberattacks on government using malware concealed in everyday files, the team needed to be certain that the documents and images being uploaded in support of benefit claims were free of malware.

 “We know that zero-day malware cannot be detected using anti-virus and that it can be concealed in documents and images and uploaded via a portal.”

Mindful of the potential pitfalls, the team elected to take advice from GCHQ’s National Cyber Security Centre (NCSC).

Following a consultation, the organisation decided to follow the recommendations laid down in the NCSC “Pattern: For Safely Importing Data”, a set of best practice guidelines for accepting documents and images from untrusted sources.

“The benefit portals are a potential vector for the introduction of malware. We needed to be certain we had taken every possible step to ensure we were safely importing citizen data into the organisation and sanitising any malicious file uploads.


Deep Secure Cloud APIs

The government authority chose to integrate Deep Secure Threat Removal as a Service (TRaaS) directly into their cloud-based portal application to transform and verify uploaded documents and images.

Every time a citizen submits a document or image via a benefit portal it is stored in a “dirty” Amazon S3 storage bucket assigned to all untrusted content. TRaaS automatically transforms the file, extracting only the valid business information from it, verifying it, discarding the original and creating a wholly new file, formatted to match the original, and placing this in a “clean” Amazon S3 storage bucket where the application can access it.

TRaaS is built on a serverless computing architecture and is accessed via cloud APIs built-in to the application, so the authority has been able to remove the cost of ownership associated with a virus scanner in terms of updates and maintenance. 

Because the service runs in Amazon AWS with industry-leading 99.95% reliability levels, the authority can meet its targets for reliability and availability and the team can be confident that file uploads cannot be used as a vector for attack.

“Documents and images allowed in via the portal are all transformed and verified to ensure they are 100% threat-free.”


Complete Confidence and Cost Savings

The government authority enjoys complete confidence in a solution that conforms to the NCSC recommendations for safely importing data - using transformation and verification - to render documents and images uploaded by citizens 100% threat-free.

Integrating Threat Removal as a Service into the solution has also proved highly cost-effective. The team are seeing savings of over 60% per annum over detection-based anti-virus alternatives and there are no remediation costs associated with attacks via the portal.

The unique way that Threat Removal as a Service is delivered via the cloud means there is no requirement to allocate resource for patching or maintenance and because the solution is built on a serverless computing model, the high-availability application scales effortlessly to cope with peaks in demand.


Case Studies

Government: Preventing Malicious File Uploads