What is the most secure protocol for transferring files?
The ability to securely share and synchronize files across systems is a cornerstone of enterprise IT. Millions of transfers occur every day, involving files of all types, sizes and structures. Show At its most basic, file transfer technology moves data from one system to another system over a network. Unfortunately, legacy file transfer mechanisms, such as email and FTP, have historically lacked built-in security features. Today's organizations need confidence that file transfers will not compromise their data's confidentiality, integrity and availability (CIA), the primary requirements of information security. The stakes are especially high in large-scale enterprises, where massive amounts of potentially sensitive information constantly move among internal and external users and systems. Secure file transfer services aim to protect an organization's data while moving it from point A to point B. How secure file transfer worksSecure file transfer services all have a common approach to protecting files: access control. How this access control is achieved may vary widely among classes of products, not to mention individual products within each class. But the basic idea is that there is some sort of shared secret between the sender and the recipient. It could be as simple as a hard-to-guess URL transferred via email or an agreed-upon password. Or it could be as complex as integration with an enterprise identity and access management system. This shared secret is used to encrypt the file before it is transferred from the sender to the recipient. After getting the encrypted file, the recipient's computer uses the shared secret to decrypt the file. To meet the CIA requirements of today's enterprises, secure file transfer services need a two-pronged approach:
Types of secure file transfer servicesThe most basic secure file transfer services, such as those based on Secure Copy Protocol (SCP), have command-line interfaces only, making them best suited for IT rather than end users. They offer few features but are relatively inexpensive to set up and use, compared to other classes of file transfer systems. Some consider this type of transfer advantageous because the organization maintains full control, with no third-party -- e.g., cloud provider -- involvement. Secure file transfer services based on SFTP are typically more feature-rich than those based on SCP. SFTP-based file transfers often have GUIs available, which make them easier to use. In general, however, both SCP- and SFTP-based systems lack many of the features of more sophisticated file transfer systems. Another IT system that enables file transfer security is the file hosting service. Originally intended for end-user collaboration, file hosting services also typically offer access control and encryption features that enable a user to email a link to a person that grants them secure access to a file hosted on the service. The most advanced type of file transfer platform today is managed file transfer (MFT). Secure file transfers typically work directly between a sender and a recipient. In contrast, MFT provides an intermediary system, which may be a dedicated server within the organization's facilities or a cloud-provided service. The file travels from the sender to the MFT repository, where it is strictly protected through access control measures, including encryption of the stored file. The transfer to the recipient from the MFT repository occurs at a later time. This isolates the sender's system from the recipient's system and also permits easier monitoring and tracking of repository and transfer usage by all parties. Email also provides basic file transfer capabilities and should, therefore, be encrypted for security. Email encryption products can support large file transfers through email messages. Secure file transfer service featuresOrganizations investing in secure file transfer services should consider whether they need the following advanced features, which are typically available with MFT offerings and, sometimes, from other types of file transfer services as well:
8 enterprise-level secure file transfer servicesThe following section lists eight of the top enterprise-level secure file transfer services. These products offer a variety of features, ranging from basic to advanced. 1. Box BusinessBox product page Type: File hosting service Delivery: SaaS. Accessible via a browser-based UI; optional local application download for desktops and mobile devices. OSes: Android, iOS, macOS, Windows Protocols and standards supported: TLS, passive FTP/FTP Secure/Explicit FTPS (Business and Enterprise tiers only; vendor does not recommend FTP/FTPS/FTPES as primary access method). Active FTP is not supported. Features: Active Directory (AD) and single sign-on (SSO); audit logging; cloud storage; enterprise-friendly design; file synchronization and versioning; HIPAA and FedRAMP compliance (Enterprise tier); integrations with Microsoft 365, Google Workspace, Slack and 1,500+ other enterprise apps; threat detection (Enterprise Plus tier); workflow automation. Max file size: 150 GB (Enterprise Plus tier) 2. Citrix ShareFileCitrix product page Type: MFT Delivery: SaaS. Accessible via a browser-based UI; optional local application download for desktops and mobile devices. OSes: Android, iOS, macOS, Windows Protocols and standards supported: TLS/SSL, FTP/FTPS. Features: AD integration; SSO; activity logging; advanced security features, including remote device lock and wipe options; cloud access security broker integration for data loss prevention; centralized management platform; encrypted email (Advanced+ tiers); enterprise-friendly design; file synchronization and versioning; integration with Microsoft 365; HIPAA compliance configuration (Premium tier); plugins for Gmail and Outlook (Advanced+ tiers); unlimited cloud storage. Max file size: 100 GB (Advanced and Premium tiers) 3. IBM Sterling Secure File TransferIBM product page Type: MFT Delivery: Containerized software. Deployed on enterprise-grade servers, either on premises, in the cloud or hybrid. OSes: Linux, Linux on IBM Z, macOS, multiple Unix platforms, Windows Protocols and standards supported: Applicability Statement 2 (AS2), FTP, FTPS, Odette FTP 2 (OFTP2), Pretty Good Privacy, SFTP Features: Automated inbound and outbound file transfers that work across protocols; file synchronization; intelligent, centralized management platform; RESTful APIs that support third-party integrations; scalable offering that supports a wide range of B2B file transfer requirements, for small businesses, midsize businesses and large enterprises. Max file size: Depends on the protocol: AS2 (2 GB), FTP (10 GB), FTPS (10 GB), OFTP2 (5 GB), SFTP (10 GB) 4. pCloud BusinesspCloud product page Type: File hosting service Delivery: SaaS. Accessible via a browser-based UI; optional local application download for desktops and mobile devices. OSes: Android, iOS, Linux, macOS, Windows Protocols and standards supported: TLS/SSL, AES-256; optional additional encryption uses 4,096-bit RSA for users' private keys and 256-bit AES for per-file and per-folder keys Features: Activity logging; cost-effective; support for enterprise-scale requirements; optional zero-knowledge client-side encryption; option to encrypt or not encrypt individual files; file sharing, synchronization and versioning; data backups; digital asset management; team-by-team and user-by-user access control; unlimited cloud storage. Max file size: No limit 5. Peer Global File ServicePeer product page Type: Cloud-based distributed file management service Delivery: SaaS. Management hub is accessible via local application or browser. Software installation required for both management hub and agents. OSes: Linux, Windows
Protocols and standards supported: TCP/IP, TLS/SSL Features: Automated large file transfers; support for multisite file sharing across cloud, hybrid and on-premises environments; integrations with all major storage platforms; central management console; comprehensive activity logs; AD integration; file synchronization; anomalous event detection. Max file size: No limit 6. Resilio ConnectResilio product page Type: Peer-to-peer (P2P) file transfer and synchronization service Delivery: SaaS. Software installation required for both management console and endpoint agents. Browser-based UI. OSes:
Protocols and standards supported: Proprietary P2P protocol based on BitTorrent Features: Audit logging; support for transferring or replicating millions of files across multiple locations and diverse networks and systems; automated, intelligent scheduling; central management console; integrations with other enterprise IT tools; file sharing, synchronization and versioning; job prioritization; cloud storage support; remote endpoint agent upgrades; effective for large, multilocation enterprises; can scale to support thousands of endpoints and millions of files. Max file size: No limit 7. SpiderOak CrossClaveSpiderOak product page Type: File hosting service Delivery: Hosted and on-premises options. Local application installation required. Browser-based access available but discouraged by the vendor for security reasons. OSes: Android, iOS, Linux, macOS, Windows Protocols and standards supported: Private blockchain platform running on proprietary distributed ledger technology; Commercial National Security Algorithm Suite Features (Pro tier): Zero-knowledge end-to-end encryption (E2EE) in desktop and mobile apps but not browser-based web access; HIPAA-compliant; cost-effective; cloud storage; file sharing and versioning; data backups; point-in-time recovery; support for enterprise applications. Max file size: No hard limit on file size when sharing, backing up or syncing. The vendor recommends limiting individual files to 10 GB or less for backup and 3 GB or less when synchronizing, however. 8. TresoritTresorit product page Type*: Cloud storage and file hosting service Delivery: SaaS. Accessible via desktop application, mobile application and a browser-based UI. OSes: Android, iOS, Linux, macOS, Windows Protocols and standards supported: TLS; proprietary cryptography protocols; AES-256 Features: Zero-knowledge E2EE, including browser-based access; Gmail and Outlook integrations; enterprise application support; file synchronizing and versioning; encrypted cloud storage; compliant with HIPAA and GDPR (Business Plus and Enterprise tiers). Max file size: 20 GB (Enterprise tier) *Tresorit has a free, standalone file transfer app called Tresorit Send, which includes E2EE. Users can upload up to 100 files at a time, as long as they don't exceed 5 GB. Recipients can download a shared file only 10 times, in total. Each of the above secure file transfer services provides a wide range of features. Pricing varies, with tiered options ranging from single user to multilocation enterprise. How to choose a secure file transfer serviceThe following list offers guidance on selecting the appropriate system for file transfer requirements:
Use the software development lifecycle as a framework for selecting and implementing a new file transfer system. Once the system is in production, set regular times to review and audit the system's performance, and brief management on the findings. What is the safest file transfer protocol?SFTP. SFTP is a secure file transfer protocol that uses SSH to encrypt files. The connection is encrypted before any files are shared. SFTP is one of the most used protocols for file transfers.
Which is the best protocol use to transfer a file?FTP. The original file transfer protocol, FTP, is a popular file transfer method that has been around for decades. FTP exchanges data using two separate channels known as the command channel to authenticate the user, and the data channel to transfer the files.
|