Choosing a business SFTP provider can certainly seem overwhelming on the surface, but in reality it is actually quite straightforward - provided you know what you're looking for. There are six key tips for choosing a business SFTP provider that you should always keep in mind moving forward.
Business SFTP Provider Options to Look For
1. Focus on Security Or You Will Definitely Come to Regret It
If your business falls under the HIPAA or PCI umbrella, make sure that the security controls offered by your SFTP provider allow you to remain compliant - even when they're in control of your data.
2. Go Beyond "Standard" Security Features
You should also make sure that any SFTP provider you choose to work with allows you to go "above and beyond" standard security features, taking things to the next level and making sure you stay protected at all times. At-rest encryption is an important one in this regard - it helps make sure your data is protected while it is sitting on a server or hard drive, not just when it is being transferred.
Being able to enforce the use of transfer encryption on your end users is also paramount. Some FTP providers may leave both unencrypted and encrypted protocols open at all time, thereby letting your end users make their own decisions. Leaving the choice to the end user is definitely against most industry regulations such as HIPAA.
Protecting your SFTP site from hackers may seem like it should be a standard practice among SFTP providers, but I can tell you point blank that it is not. Make sure your data is protected by more than just encrypted transport and encryption at rest. Multiple firewalls and security traps should also be in place.
3. High Availability is Key
High availability means that your SFTP provider has put a plan in place to guarantee that you will have access to your data at all times - even if something goes wrong. If a server goes down, traffic is automatically redirected to a second one, meaning that you probably won't even realize something happened at all. SFTP providers built on public clouds do not have this feature.
4. Customization
An SFTP provider shouldn't try to force you to change your workflow to adapt to the service it offers - it should always allow for a deep level of customization to bring you the features you need in the way that you need them. Look for things like custom user interfaces, specific access controls and more to make sure you're picking the right provider.
5. Logs and Analytics
Look at what type of logging and analytical features the SFTP providers offer. An SFTP provider should always be able to give you a detailed report regarding traffic including who it is, where it's coming from and more. Historical analytics also help you identify certain suspicious activities to prevent small problems from becoming big ones. Detailed historical (perpetual) logging is normally an industry compliance requirement as well.
6. Backups and Disaster Recovery
Above all else, any SFTP provider that you choose to work with (like FTP Today) should offer daily backups of all your critical data to a third party location. They should also have a plan in place, along with a detailed recovery time objective, outlining exactly how you'll get back up and running again if something goes wrong -- with no loss of data.