SafetyDetectives spoke with the CTO of Crazy Ant Labs, Moty Michaely, about two of his projects, SFTP To Go and Cron To Go. Moty explained the benefits of a cloud-based SFTP service, how to ensure the safe transfer of sensitive data, the benefits of the Cron product, and more.
Can you tell me about your background and your current role at Crazy Ant Labs?
Hi, My name is Moty Michaely and I’m Crazy Ant Labs’ CTO.
I’ve been writing code since I remember myself, and I love creating products that solve a problem efficiently and with the best user experience, so that the value is immediately apparent. I teamed up with Saggi Neumann to start Crazy Ant Labs to do exactly that- build, buy, and collaborate to build such products.
What is SFTP To Go and what makes it special?
SFTP To Go is a secure cloud storage service that supports only secure protocols such as SFTP, FTPS, S3, and HTTPS. It utilizes Amazon S3 as the storage layer so that you get all the benefits of S3 (durability, high availability, infinite scalability, versioning, etc) together with support for popular secure file transfer protocols that allow immediate integration with legacy software.
As a bit of background: 11 years ago, we founded (together with another partner) a cloud data integration platform which was acquired in 2018 (now called Integrate.io). What we’ve learnt from customers we’ve worked with back then, was that quite a few of them needed a secure cloud file storage solution to integrate with 3rd parties that have the resources to integrate using APIs. I cataloged this piece of information for future endeavors, and as we started Crazy Ant Labs, this evolved into SFTP To Go. We started as a tiny bootstrapped team of two, not in full capacity, and we opted to use the Heroku marketplace as our sole sales channel in the beginning for a few reasons: We’ve known Heroku (and the team) for a while and knew that it’d be easy for us to do zero touch sales and get to the market without investing too many resources and time; As a developer, I feel most comfortable building solutions for developers – I know what they’re like and what they’re looking for.
This meant that SFTP To Go was built with developers in mind from the beginning – with rest APIs to manage any part of the product, webhook notifications to kick off data processing as soon as files are uploaded to allow real-time integration, and code snippets in the app itself to simplify usage. Offering a secure cloud storage solution, in addition to ease of use and productivity, we focus on security with features such as inbound network rules, static IP addresses, public key authentication, and password rotation.
As the product evolved and we spun it out of the Heroku marketplace, we’ve been adding value for the less-technical folks too, like a web file browser and options to share and request files over the web.
Can you explain the key features and benefits of a cloud-based SFTP service compared to traditional on-premises SFTP solutions?
The nice thing about SFTP is that it is bundled with every OS nowadays (yes, even Windows!). Setting up an on-premises SFTP is almost as easy as booting up a computer. However, connectivity is just a tiny bit of the problem. Our customers are looking for a simple way to manage access to their data, and also all the things we’ve grown accustomed to with the cloud – high availability, durability, security, and more importantly – make sure it’s all somebody else’s problem. They don’t want to manage, patch, and maintain servers.
How does your cloud-based SFTP service handle security and encryption to ensure the safe transfer of sensitive data?
SFTP To Go only supports secure protocols in order to make sure that all communications between the clients and servers are encrypted. We occasionally have to turn down a prospect who needs plain old FTP, because we don’t want to take responsibility for that. We also make sure that files are transparently encrypted at rest in the storage. Our team doesn’t have access to customer files unless they connect with elevated permissions and any such actions are audited (in addition to file access logs).
How does a cloud-based SFTP service integrate with existing systems and workflows?
The nice thing about a cloud-based SFTP service, is that on the one hand, the SFTP protocol has been around for over 20 years, and so any IT person feels incredibly comfortable with using it to integrate and automate flows with existing systems. On the other hand, you can use webhook notifications and the Amazon S3 SDK (which is slightly more developer friendly than SFTP libraries) in order to build real-time integrations on top of SFTP.
I see that you have another product called Cron To Go. Can you tell me a little about what it is and some of the advantages it brings to its users?
Sure! Cron To Go is our enterprise grade process scheduler for Heroku. Just like SFTP To Go, it was born out of necessity. Heroku’s own scheduler is free, but is not recommended for production use, and offers limited functionality – no status or execution logs, no notifications, and you can only run jobs once a day, once an hour, or every 10 minutes. Just for context, running good old crontab is not really feasible in Heroku because of its built-in scaleout architecture.
We decided to allow our users (developers again) to use cron expressions, which they’re familiar with (at least the ones who have experience with Linux; for the rest of them, we have tools and guides to generate cron expressions to do things even cron can’t do 🙂), throw in time zone support, and add notifications and execution history for easy debugging. One of our latest additions that developers love, is the option to define jobs in a simple manifest file as part of their code so that whenever they deploy code, they can update their job configuration as well.