December 4, 2015

    Critical Access Permissions Your SFTP Provider Must Have

    One of the key areas of SFTP providers that people tend to not pay enough attention to until it's far too late has to do with critical access permissions. Folder access permissions SFTP provider oversight could potentially open your file server not just to external threats, but internal ones as well. If an employee accidentally deletes a mission-critical file, the issue will be that much worse if you quickly realize that they shouldn't have had delete access to that particular directory in the first place. Out of all the critical access permissions that your SFTP provider must have, there are a few in particular you'll definitely want to pay attention to.

    The Top Permissions Your SFTP Provider Must Have

    Prevent Visibility of Non-Assigned Folders

    In layman's terms, your ability to prevent the visibility of non-assigned folders means that not only will people who shouldn't have access to a particular directory not be able to enter it, but they won't even be able to see that it is located on your file server in the first place. Not only does this help keep mission-critical information away from prying eyes, but this is one of the access permissions SFTP examples that make the technology so great in the first place. FTP Today gives you this level of control over your folder access permissions - others do not. Smart File and FTP Worldwide are two leading SFTP providers that do not give users the ability to prevent this type of visibility in any way.

    Upload, Download, Delete and List Permissions

    As their name suggests, this gives you the ability to determine who can upload a file to a directory on the file server, who can download the contents of a particular directory and who can change the contents of that directory depending on the position within your company that they hold. List directory permissions is a function of FTP and SFTP that gives you the ability to control who can view the contents of a directory.

    FTP Today gives you the ability to set separate upload, download, delete and list permissions on a user-by-user level. Brick FTP and FTP Worldwide use the operating system permissions of read, write or read/write. Since the “write” permission includes delete and both the read and write permissions include “list”, these two SFTP providers lack sufficient granularity to truly protect your data files.

    Depending on the business that you're in (healthcare and the legal profession are two prime examples), just giving an unauthorized user the ability to view a particular directory as it relates to a client could be a HIPAA or regulatory violation in and of itself. FTP Today gives you the ability to not only determine who can perform which functions on your file server, but also who can see what information in the first place. Smart File and FTP Worldwide offer similar functionality, but it is much more basic in nature.


     

    Tag(s):

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts