Before integrating a secure file sharing solution into your business operations, there’s some groundwork to do. You have to understand a few things about the nature of secure file sharing, and the criteria you should use to evaluate solutions. Here are a few answers to common questions that can help you start the search process.
What is Secure File Transfer Protocol (SFTP)?
SFTP provides a layer of protection that the basic FTP protocol does not. By using SFTP, companies can ensure that their data is protected as it is transmitted from one party to another. When using the basic FTP protocol, data is sent in unencrypted plain text. This means anyone can intercept and read this information with ease. Most organizations have confidential and sensitive files that should never be compromised by sending files via nonsecure methods. Thus, SFTP and secure file transfer solutions that use this protocol are the best options for transfers.
Are EFSS (Enterprise File Sync & Share) solutions the same as secure file sharing solutions?
The Internet has changed the way nearly every company operates. Instead of handing documents back and forth, files can be instantly shared for enhanced collaboration. EFSS solutions were designed primarily for simple internal collaboration, and you may be tempted to adopt this type of solution. Using these solutions different parties can live edit documents from anywhere around the globe. However, these solutions are ideal for internal collaboration, making secure sharing to external partners a challenge. While these solutions, like Dropbox or ShareFile, may be appealing due to their popularity and price point, they often fail to facilitate traditional file transfer methods like FTP, SFTP, or FTPS.
How should you evaluate secure file sharing solutions before you buy?
Adopting a secure file sharing solution can be a major decision for your organization. So, before you buy, make sure to evaluate your options based on the following features:
- Security - In terms of security, more is generally better. If you’re worried that your data will be compromised, you should look for a secure file transfer solution that has the appropriate security measures in place to keep data protected and hackers at bay.
- Compatibility - Are you working with legacy systems? Many organizations are, and that makes it essential to adopt a file transfer solution that is compatible with all other solutions you use on a daily basis. Also, ensure that the solution you choose facilitates all common file transfer protocols, such as FTP, FTPeS, FTPS, SFTP, and HTTPS.
- Control - Finally, from both security and usability standpoints, you need a secure file transfer solution that provides administrators with the needed controls. This means limiting solution and file access to approved users, and further limiting access based on user role and need.
Using these three areas, you can evaluate your options to determine which secure file transfer solution is best for your needs.
A Comparison of the Top 5 Secure File Transfer Solutions
BrickFTP
Security
When looking at the security offered by BrickFTP, you’ll find that this solution has a variety of features in place, though there are some areas where it still falls short. On one hand, it provides some features, like allowing you to enable and disable protocols, apply user-level IP address restrictions, and provide at-rest encryption. On the other hand, it doesn’t provide other essential features like restricting site access by country or custom SSL cipher strength such as FIPS 140-2. With a $1000 per month subscription, BrickFTP is compliant with:
- SSAE-18 SOC1, SOC2, SOC3
- ISO 27001
- PCI-DSS
- HIPAA / HITECH (w/ signed BAA)
- GDPR PRIVACY (w/ signed DPA)
Compatibility
BrickFTP is compatible with nearly all standard FTP protocols, including FTP, FTPeS, FTPS, SFTP, and SFTP with key authentication. You can also access the solution via a web browser.
Control
BrickFTP does allow you to grant permissions for such as read, write and list, but the permission to Delete files is only available when a user is granted all permissions in the folder. For example, you cannot grant write-but-not-delete.
SmartFile Cloud
Security
With SmartFile Cloud, users are unable to enable or disable protocols, which allows administrators to manage this security standard. It also provides at-rest encryption, though that is basically the extent of its security measures. SmartFile is compliant with:
- SSAE-18 SOC1, SOC2, SOC3
- HIPAA / HITECH (w/ signed BAA)
- GDPR PRIVACY (w/ signed DPA)
Compatibility
SmartFile is compatible with all standard FTP protocols (FTP, FTPeS, FTPS, SFTP, and SFTP with key authentication).
Control
SmartFile does offer all you need in terms of solution control. You can apply file upload, download, delete, and list directory permissions to all users.
ExaVault
Security
ExaVault does offer some security measures, like dedicated network firewalls, vulnerability scanning, and full off-site backup of your data. However, it does not cover important compliance regulations such as HIPAA. ExaVault is compliant with:
- SSAE-18 SOC1, SOC2, SOC3
- ISO 27001
- GDPR PRIVACY (w/ signed DPA)
Compatibility
ExaVault is also compatible with all essential protocols, including FTP, FTPeS, FTPS, SFTP, and SFTP with key authentication. So, there is no need to be concerned with the impact it will have on legacy solutions.
Control
ExaVault, unfortunately, does not offer some essential controls needed to protect data, like multiple different user and administrative roles and multi-factor authentication methods. It does allow you to grant upload, download, delete, and list permissions.
Sharetru
Security
Sharetru surpasses many of the other solutions when it comes to security. This solution offers all the needed security measures to keep your data secure, including the unique ability to restrict access based on the country and IP address, and advanced encryption methods such as TLS 1.2 and meeting FIPS 140-2 compliance. Sharetru also uses proprietary intrusion detection and prevention firewalls automatically blacklist nefarious parties. This solution is compliant with:
- SSAE-18 SOC1, SOC2, SOC3
- ISO 27001
- PCI-DSS
- HIPAA / HITECH (w/ signed BAA)
- GDPR PRIVACY (w/ signed DPA)
Compatibility
Sharetru also meets all the protocol requirements you could possibly have(FTP, FTPeS, FTPS, SFTP, and SFTP with key authentication). It provides seamless web browser access and is compatible with legacy systems, as well, meaning you won’t have to do a massive overhaul of your entire operations.
Control
Sharetru provides the granular control your administrators need to keep your solution secure. For example, when you use Sharetru, you’re able to separately set file upload, download, delete, and list directory permissions, granting your administrators full control over what end users can do in their respective folders.
GovFTP
Security
In terms of security, GOVFTP can’t be beaten. It is compliant with all major government regulations, and regulations specific to a variety of industries, including:
- SSAE-18 SOC1, SOC2, SOC3
- ISO 27001
- PCI-DSS
- HIPAA / HITECH (w/ signed BAA)
- GDPR PRIVACY (w/ signed DPA)
- FedRAMP JAB P-ATO
- NIST SP 800-53
- NIST SP 800-171
- DFARS 252.204-7012
- DoD Impact Level 2 P-ATO
- CJIS
- ITAR / EAR
GOVFTP (from Sharetru), unlike any other solution, is equipped to meet all of your high-level security needs, with features like advanced malware protection, dedicated network firewalls, vulnerability scanning, standby disaster recovery and more.
Compatibility
When you adopt GOVFTP, you won’t face any challenges in terms of compatibility. This solution is compatible with all encrypted FTPS and SFTP protocols, and should not present any problems integrating with legacy systems. It also has a very robust web browser interface.
Control
GOVFTP also grants your administrators granular control over user permissions and file access. You have separate and distinct control over all upload, download, delete, and list permissions (per user, per folder).
If you’re looking for a solution that goes above and beyond in terms of compliance, security, controls, and compatibility with your existing solutions, Sharetru or GOVFTP could both work for your needs. Think carefully about the compliance restrictions that you’re subject to before making your choice.