December 13, 2016

    3 Key Factors of Secure File Transfer

    As digital innovation evolves, so does the threat of cybercriminal activity and other dangerous risks to valuable and sensitive information. It’s no wonder that when organizations seek to find a file sharing process that best suits their needs, the phrase “secure file transfer” is often a key component.

    Unfortunately, there are many factors that get in the way of ensuring secure file transfer across entire organizations.

    “Today, it’s more challenging than ever for IT teams to protect critical business data because more data resides in more places, from mobile phones and tablets to notebooks, USB drives and the cloud. So many enterprises are embracing cloud storage or working practices in which employees work on the road, from home or at a local Starbucks. As a result, a considerable amount of corporate data either resides outside the company firewall temporarily or permanently. This situation presents a challenge for overburdened IT teams that already find it hard enough to manage data on local network hard drives and enterprise content management (ECM) systems.” (Data Center Journal)

    If you’re looking to protect your organization by making secure file transfer a reality, there are three critical factors to address. Be sure to prioritize these elements in your search for a file sharing solution that enables productivity while safeguarding your digital assets.

    1. Security

    When it comes to secure file transfer, you need to be thinking about a lot more than just password-protecting your digital files. This effort is far from sufficient in terms of mitigating the harmful effects of data theft, data loss, information leakage and human error. It’s actually true that in the cybercriminal world, cracking passwords is one of the easiest means of accessing so-called “secure” files. Yes, the enforcement of password length, strength and expiration is an important aspect of secure file transfer, but efforts must extend way beyond this component.

    Intrusion Detection & Prevention

    One of the best ways for enterprises to protect their users and assets is by working with an FTP provider that features intrusion detection and prevention. Your provider should be able to:

    • Actively monitor connections
    • Detect suspicious activity
    • Instantly blacklist offending IP addresses
    • Immediately distribute the blacklist across the FTP site's entire network of servers to ensure the offending IP address never harms its original victim or any other users
    • Stop a simple intrusion attempt before it has a chance to become a full-fledged cyber attack

    Banning Insecure Options

    If your users are using email or consumer-grade file sharing options (with or without the authorization of your IT department) to transfer sensitive data over an Internet connection, that data has the potential to be intercepted or accessed by anyone with the right software and a little know-how. Many traditional file sharing programs are vulnerable to attackers who hijack file transfers and steal confidential information.

    When your confidential information is compromised due to an insecure mode of transfer, the costs can significantly impact your organization in terms of monetary costs, productivity losses, government violations and reputational damage.

    Looking to FTP

    FTP is the smarter option, as it offers advanced security features. Here are some of the benefits you should expect to gain when working with a secure FTP provider:

    • At-rest encryption to ensure that your data is secure while on a server's hard drive
    • In-transit encryption to ensure that your data is secure while in motion during the uploading or downloading process
    • A strong focus on compliance parameters to help you meet regulations like HIPAA, PCI-DSS or ITAR.
    • Password enforcement with policies that foster password strength and expiration parameters.

    2. Accessibility

    An essential element of secure file transfer is the ability to manage access on a very granular level. You must be able to deny permissions to certain files based on employees who shouldn't have access to them, as well as prevent sensitive data from falling into the wrong hands, even those of employees within your organization.

    Providers like Sharetru give you this control, empowering administrators to manage how people use your files down to the individual user account. Safely securing all your files on your FTP server, you can restrict access to certain directories or individual files within a directory based on the users who need that information to do their jobs.

    The following accessibility characteristics should be staples of your file sharing solution:

    User Authentication

    • By default, all users require password authentication
    • For SFTP users, public SSH keys can be managed on a per-user basis to facilitate secure, password-less authentication that is typically used for scripted connections
    • Administrators can set whether or not a user with an SSH-key can also use password authentication. Hackers can crack a username/password combination if SSH key is the only allowed method of authentication.

    Workspace Access

    Every user has only visibility into those workspaces to which they have been assigned:

    • Home Directory -- Each user's default directory upon login, with optional jailing (chroot)
    • Nested Workspaces -- Any directory structure you can imagine can be created and managed, with different user permissions at any sub-level
    • Private Workspaces -- Only they can see and access these workspaces (along with administrators)
    • Shared Workspaces -- More than one user assigned, and users may have different permissions

    Workspace Permissions

    With only read or write permissions, you can't allow someone to upload without also allowing them to delete. Therefore, your provider should enable distinct permissions (upload, download, delete, list) for each user within each workspace.

    User IP/Protocol Enforcement

    This is a powerful security layer that allows site administrators to create user-level access rules that restrict individual user connections by remote IP address and/or by protocol. This feature is about the only way to meet requirements for two-factor authentication (username and IP address) over protocols such as FTP or SFTP. It can therefore be used to restrict certain users to certain locations or protocols. In other words, even if a user's password is compromised, it cannot be used from another location.

    3. Compliance

    Last but certainly not least is the issue of compliance. Secure file transfer that protects your organization must also keep you in compliance with the government regulations established in your industry. The government takes data security and information privacy very seriously, which means you can’t afford to be in violation of compliance laws. The penalties and repercussions for noncompliance could put your organization at risk.

    As such, a compliance-focused FTP provider ensures that the way your files are stored, accessed, shared and distributed is designed to be compliant with all relevant regulatory bodies. Some of these regulations include:

    • HIPAA
    • ITAR
    • GLBA
    • DSS
    • SOX 

    Don’t gamble with regulatory compliance. Implement a secure file transfer solution that makes this factor a top priority.

    Now that you understand the keys to secure file transfer at your organization, it’s time to compare your file sharing options. Inform your decision with A Comparison Guide of the Top 7 File Sharing Softwares.

     

    Tag(s): FTP

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts