Could SFTP Be Costing Your Business?
The modern business runs on data. And moving data around so it is available to the right people at the right time is critical for businesses. In fact, even today, more than 50% of all systems integration is still done through file transfers1. But studies show that 88% of organizations have difficulty moving big data quickly and efficiently.*
Thousands of businesses worldwide use Secure FTP (or SFTP) as a means to transfer confidential or sensitive data. The appeal is easy to understand. SFTP is free. It is easily available. It doesn’t have the attachment limits one if confronted with when using email. And it is arguably more secure than public file cloud transfer services such as WeTransfer, Dropbox, or evenOneDrive.
Today, SFTP is practically ubiquitous on most Linux and Unix systems. It is primarily a command-line tool around which some 3rd party wrappers have been developed to make it a bit more user friendly.
SFTP is an enhancement over the traditional FTP (File Transfer Protocol), a network protocol that was developed in 1971 to transfer data from one computer to another. Today, SFTP is practically ubiquitous on most Linux and Unix systems. It is primarily a command-line tool around which some 3rd party wrappers have been developed to make it a bit more user friendly.
SFTP solutions are ideal for modest data movement requirements and to meet occasional file transfer needs. However, it was never designed to address enterprise-level requirements, such as high-volume and mission-critical file transfers.
How SFTP can be problematic
1. Security?
Interestingly, one of the important objections to Secure FTP today comes from security teams. While SFTP does secure data in transit, it is built on top of Secure Shell (SSH) which requires the opening of port 22 in corporate firewalls. In today’s security climate, a request to open any port for incoming traffic (save port 443) is bound to be met with suspicion and resistance from most security teams – and with good reason.
Also, being that it is an open and well-known protocol, and anybody out there can easily download an ftp client – it can be a target for attackers. In fact, recent research reveals that more than 400 million files from FTP servers are publicly available online***. Also, breaches are expensive for enterprises. The average cost per lost or stolen record is $1462.**
It is therefore no wonder that a number of organizations are actively looking for SFTP alternatives.
Recent research reveals that more than 400 million files from FTP servers are publicly available online.
– Digital Shadows
2. Encryption? Yes, but…
SFTP does secure data in transit – but only in transit. The data kept on the SFTP server is not encrypted – unless you take additional steps to perform your own encryption for the data at rest.
3. Lack of Enterprise Control
Once files are shared over SFTP, the sender (or the sending organization) has effectively relinquished all control over that data. There is no way to subsequently know who that data was sent to, shared with, how it might have been modified etc.
Also, there is also no way in SFTP to discriminate between types of files that should or should not be shared. Any such checks and controls would have to be put in place externally by the organization.
There is also no central dashboard, reporting or auditing, which can inform the enterprise what sharing activity occurred, by whom, when, and what was shared.
This lack of enterprise control is many times viewed as a serious shortcoming from the point of view of regulations such as GDPR.
There is also no central dashboard, reporting or auditing, which can inform the enterprise what sharing activity occurred, by whom, when, and what was shared.
4. Reliability
SFTP transfers can fail. It is estimated that they fail around 8% of the time, even under regular loads, and SFTP does not scale well beyond 30 connections. Being that it was designed originally to be a command-line tool – there are no automatic retry mechanisms built into SFTP. Any retries would have to be built into the surrounding scripting / automation that the organization has written around it, or have to be provided via a 3rd party wrapper.
5. Ease of Administration
Being that it is a peer-to-peer transfer, setting up a new recipient takes effort. Every new recipient would need to be configured or scripted into the automation the organization has built. Joe in Legal would like to transfer something to the new law firm that the company just retained? Well, that’ll take a minute. Please hold on while we configure or script that for you.
6. Accessibility
SFTP servers also lost appeal in the last couple of years since the pandemic started. With people working from home, and having limited VPN connectivity – their access to SFTP servers was cut off and file transfers naturally became problematic. Unlike other applications which could be ‘digitally transformed’ into cloud-served applications, SFTP doesn’t lend itself well for a cloud-based content transfer mechanism.
Do you have specific requirements or enterprise needs?
Secure Managed File Transfer
So, what does one replace SFTP with? Fortunately, there are Managed File Transfer alternatives which overcome a lot of SFTP’s limitations. Here are a few things to look for when selecting a modern managed file transfer solution for your enterprise.
1. Security and Encryption
For encryption in transit, look for solutions that exclusively work on SSL/TLS using port 443. They shouldn’t require the opening of additional ports on either end, and should utilize at least TLS 1.2 with strong ciphers.
If the solution also handles encryption at rest, that’s great. If not, ensure that you store files on an encrypted file system when at rest, or have the files pass through an encryption filter before being uploaded for sharing.
2. Controls
Good MFT solutions should not only encrypt data in transit, but they should also allow you control over actions before and after the file transfer. Policy based mechanisms should exist which let you choose which users can share, what (file types) they are allowed to share, who they can share with, and how they are shared.
Good MFT solutions should not only encrypt data in transit, but they should also allow you control over actions before and after the file transfer.
You should also be able to control recipient experience. What can the recipients do with the file once they access it? Can they download it? Save it? Print it? Take a screenshot of the contents? How long do they get to have access? Hours? Days? Forever?
The solution should also be able to give you a complete audit log of all actions. Who logged in/out, who shared what file, when, and from which system? And who received/downloaded these files. You should be able to get such reports by time interval, by user, or by user groups. These abilities could be critical for your organization to meet compliance requirements.
3. Reliability
Look for solutions that are not session based, where network glitches can leave the session failed with no state information for retries. Enterprise class MFT solutions that are purpose built for secure transfers, using modern protocols, won’t usually have the type of failure limitations that SFTP demonstrates.
4. Administration
Adding new recipients should be as simple as just specifying a new email address. If Joe in Legal wants to share a file with someone in the new law firm, he should be able to do so from a simple interface where he specifies the email ID for the recipient that he wishes to share data with. Unless that email domain is blocked by the MFT solution, it shouldn’t require him to approach anyone for configuration or set up.
Organizations serious about collaboration, one of the best steps to take is adopting an commercial grade Enterprise File Sync & Share (EFSS) solution
5. Accessibility
And last, but not least, find a solution that is served from the cloud, in a SaaS model, or at least pick a solution you can easily host in a cloud data center. The days of hosting on-premise servers are soon coming to an end.
Other nice-to-have features
1. Enhanced Security
Solutions that share data via a URL or link are inherently more secure than those that send across the file right away. A secure link or URL is typically protected, and the file is made available to the recipient only after the recipient successfully passes a security challenge.
Another nice feature is automatic malware scanning. The solution should be able to scan files for malware even as they’re getting uploaded for sharing. Anything infected can be caught and disallowed right away.
2. Enhanced controls
Look for solutions which allow you to mandate controls your users should have in place when sharing files. Your users should ideally be able to share a file in a ‘view-only’ mode, effectively disabling the recipient’s ability to download, save, or print the file. You should also be able to mandate safeguards like a complex password, multi-factor authentication, and an expiration date on the secure link.
Look for solutions which allow you to mandate controls your users should have in place when sharing files.
3. Collaboration
Some MFT solutions have more sophisticated features that allow more than simply sharing a file. Some allow for folder sharing or even 2-way or multi-way sharing and collaboration. If your requirements go beyond simple one-way file sharing, you may want to look at solutions that offer these features.
4. Automation
Remember that one of the appeals of SFTP it is fundamentally a command-line tool – and it is therefore easy to script and automate around it. Companies usually have business processes that create files as an output of a series of automated steps, which in turn needs to be securely transferred.
SFTP is relatively easy to adapt for these use cases, although, over time, it leads to a lot of homegrown code which is loosely held together using scripts. Any modern MFT solution you look for should also lend itself to automation and easy integration with your business processes.
5. Ease of Use
Last, but still important. Make sure the solution is easy to use for your users. It should have an intuitive UI, accessible via the web, or for those less tech savvy, look for a solution which provides an agent you can install on user endpoints to do the file uploads automatically for them.
Look for solutions which allow you to mandate controls your users should have in place when sharing files.aLook for solutions that will integrate with your Active Directory or Azure Active Directory name space and support SSO to make it as seamless an experience as possible for the users.
Also look for solutions that will integrate with your Active Directory or Azure Active Directory name space and support SSO. Make it as seamless an experience as possible for your users.
At Parablu, we build data management solutions – which include solutions for content collaboration and secure file sharing. Our BluSync™ offering is specially designed for secure file sharing and collaboration and satisfies a number of the requirements listed above for a modern Managed File Transfer solution.
To learn more about BluSync, request for a free trial here or contact us for a demo.
At Parablu we build solutions focused on protecting enterprise data. Parablu’s BluVault and BluSync™ solutions are designed to enable robust data backup and secure file sharing. Our patented integration with Microsoft 365 and OneDrive for Business also means that you can deploy our solutions and leverage your existing OneDrive storage. Sound interesting? Reach out to us and learn more.
* – IBM Supply Chain Data Report
** -Ponemon Cost of a Data Breach study
*** -Digital Shadows, Too Much Information Misconfigured FTP, SMB, Rsync, and S3 Buckets Exposing 1.5 Billion Files