Is Your SFTP Server-Based File Transfer Secure Enough?
What is secure FTP?
Secure FTP (SFTP) is among the most widely used methods for file sharing. It is appealing because it is simple to use and often free or very inexpensive. Over the years, SFTP has come to be viewed as a “good enough” solution for transfer and sharing. But in the current security climate, rife with malware and ransomware attacks, most enterprises have adopted a more conservative stance and are actively looking for enterprise-class alternatives.
Some benefits of secure FTP
1. Strong Encryption
SFTP uses a strong encryption mechanism that helps to prevent unauthorized access during file transfers. Encryption scrambles the content of files while in transit which makes them indecipherable.
2. Free software
There are Secure FTPs software and it is, therefore, an inexpensive way to exchange files, Check how much does SFTP costing your business. It easily fulfills basic file transfer needs like user authentication, encryption, and unlimited file transfers per server connection.
3. Can be easily scripted
Secure FTP can easily be scripted around. This allows businesses to customize a workflow around it for automation. Many businesses have integrated SFTP using scripts into their business workflow, in order to automate what would otherwise be manual, repetitive, and error-prone file transfer tasks.
4. Stable
SFTP has been around at least for 20 years and is a well-tested and well-understood mechanism. It originally started out as a protocol built over SSH to efficiently transfer files in a secure way. It utilizes SSH to transfer information with a higher level of protection. and is no a utility in its own right.
5. Can easily be maintained on-premises
SFTP servers can easily be maintained on-premises without the need for any cloud-based services, due to which they have the following advantages:
- Administrators get full control over all data and file retention policies.
- Logging and reporting of file-sharing activities can be fully customized based on the organization’s requirements (although this work is usually home-grown in every enterprise)
Problems and limitations with SFTP
1. Requires opening special ports
This is one of the more important objections to SFTP that one is likely to encounter from security teams. Undoubtedly, SFTP does secure data transfer in transit, but because it is built on top of Secure Shell (SSH), it mandatorily requires the opening of port 22 in corporate firewalls. But, in today’s security climate, a request to open any ports outside of port 443 (for web traffic via HTTPS ) for incoming traffic is bound to be met with suspicion and resistance from most security teams.
2. SFTP servers may not be effective for mobile workforce
People working from home, or mobile workers have limited VPN connectivity and due to this, their access to SFTP servers is limited. File transfers naturally become problematic in such scenarios. Unlike other applications which can easily be ‘digitally transformed’ into cloud-served applications, SFTP doesn’t lend itself easily to a cloud-based content transfer mechanism and is thus, is not a reliable option for file transfers when it comes to remote workforces.
3. Only basic file transfer facilities
With SFTP, there is no way to really manage the file transfer activity. There are no features like limiting access to files beyond a certain time period, or IRM controls to limit recipient capabilities. It also lacks features like anti-malware scanning, which is something enterprises increasingly look for, in order to keep threats like ransomware at bay.
4. Encrypted in transit, but…
SFTP does secure data in transit – but only in transit. The data kept on the SFTP server while it is at rest, is not encrypted – unless the business takes additional steps to perform their own encryption for the data at rest. Also, many homegrown applications or scripts developed around SFTP may lack the rigor of commercial-grade applications and unwittingly provide an increased attack surface for hackers.
5. Lack of audit and reporting trail
SFTP natively does not provide much of an audit and reporting trail. Enterprises usually face difficulty in tracking what has been uploaded, by when, and by whom. Such auditing or reporting is usually left as an exercise for the business’s IT team – with varying degrees of success.
6. No collaboration or versioning capabilities
Secure FTP is not designed for collaboration. Once again, IT teams end up writing home-grown scripts around SFTP to fashion basic collaboration – but such solutions don’t tend to be sustainable in the long term. SFTP also may not integrate with enterprise namespaces (like Active Directory, Azure AD, or Okta) making it inconvenient for business use.
Most importantly, SFTP solutions usually require an on-premises server that users need to access – and have therefore become impractical in the current Work From Home (WFH) model.
SFTP also lacks any built-in versioning capabilities. Being able to roll forward or back to different versions – or being able to continue making changes to data, even after it has been shared – are sophisticated options that are basically absent with SFTP.
The Solution: BluSync™ for Managed File Transfer
Managed File Transfer solutions have stepped in to fill this gap. Parablu’s BluSync for Managed File Transfer not only provides solutions to the limitations we discussed above with SFTP but does much more.
1. Strong end-to-end encryption over HTTP
With BluSync, all data transfer is over HTTP. Data is encrypted in transit using TLS1.2 with strong ciphers. And data at rest stay safe thanks to strong AES-256 encryption. BluSync is also built on the tenet of Zero-Knowledge Privacy, which means an organization can exclusively control their own encryption keys – ensuring that nobody else has access to their data – not the cloud vendor, not Parablu, not a regulatory authority, or a foreign government!
2. Policy-based control and link expiration
With BluSync organizations can control everything their users can do during file transfers, via simple policies such as – specifying file types that can be shared, setting file size limits, user quota limits, enforcing highly secure sharing, and identifying safe vs unsafe email domains.
Also, organizations can easily enable multi-factor authentication, brute force password protection, and anti-malware scanning. Additionally, BluSync for Managed File Transfer also generates a link for file sharing rather than transporting the whole file over to recipients. As a result, organizations need not worry that the file may end up in the wrong hands. The link is password controlled and can also be shared as a ‘self-destructing’ link which can auto-expire after a set time period elapses.
3. Built-in search, versioning, and collaboration
BluSync offers full-text indexing capabilities that allows for searching of files and folders not only by name, but also via phrases and keywords inside file contents.
Along with this, BluSync also provides version control so employees can track document changes across multiple data sources and devices.
BluSync also boasts its collaboration capabilities via its mini-clouds feature. Mini-clouds are shared folders that enable business users with a simple and secure way to share files and content regardless of their location.
4. No file/data size limitation
BluSync™ provides an organization the ability to transfer files of any size or type, in a safe and controlled manner. It works by protecting the file meant for transfer in a secure cloud container without compromising the integrity or confidentiality of the content. A file or folder can be accessed, edited, and sent back via the same secure ecosystem, protected every step of the way. While an administrator can enforce file size or type limitations via policies, there are no built-in limitations in BluSync around these parameters.
5. Extensive reporting and audit trail
BluSync also provides a complete audit log of all actions. Who logged in/out, who shared what file, when, and from which system and who received/downloaded these files – are all recorded. All reports are always available to administrators and can be downloaded in pdf/xls form or even scheduled to be auto emailed. Reports can be configured to be generated for a given time interval, by username, or by user groups. These abilities are usually critical for organizations to meet compliance requirements.
BluSync™ works by protecting the file meant for transfer in a
secure cloud container without compromising the integrity or
confidentiality of the content.
Other important considerations:
1. Zero storage cost
Parablu’s patented integration with individual user storage allocations like OneDrive for Business and Google Drive means that organizations do not have to incur an additional expense on storage costs. This could mean savings of as much as 70% on Total Cost of Ownership (TCO) when using BluSync as compared with any other Managed File Transfer solution.
2. Choice of deployment model
BluSync not only offers unmatched security and privacy but also supports a range of deployment models. BluSync can be consumed as a fully hosted SaaS service, or on-premises with a local storage target. It can also be deployed in a ‘hybrid’ model with the BluSync compute workloads hosted on-premises, but with the storage repository in the cloud. BluSync. being cloud-agnostic also works with several popular cloud destinations like Microsoft OneDrive for Business, Microsoft Azure, Google Cloud Platform, Amazon S3, Google Drive, IBM Softlayer, etc.
To learn more about BluSync, request a free trial here or contact us for a demo.