8 secure file transfer services for the enterprise

How secure file transfer works

Secure file transfer services all have a common approach to protecting files: access control.

How this access control is achieved may vary widely among classes of products, not to mention individual products within each class. But the basic idea is that there is some sort of shared secret between the sender and the recipient. It could be as simple as a hard-to-guess URL transferred via email or an agreed-upon password. Or it could be as complex as integration with an enterprise identity and access management system. This shared secret is used to encrypt the file before it is transferred from the sender to the recipient. After getting the encrypted file, the recipient's computer uses the shared secret to decrypt the file.

To meet the CIA requirements of today's enterprises, secure file transfer services need a two-pronged approach:

1. Secure data. The data itself should have embedded security. Encryption, for example, ensures no one else on a network can access, read or modify the contents of a file as it moves between systems.
2. Secure delivery. Secure file transfer also involves some sort of reliable delivery, even if it's just provided by TCP/IP Secure file transfer services use a variety of protocols and standards, ranging from established ones, such as Secure FTP (SFTP) and AES, to vendor-specific proprietary protocols.

Types of secure file transfer services

The most basic secure file transfer services, such as those based on Secure Copy Protocol (SCP), have command-line interfaces only, making them best suited for IT rather than end users. They offer few features but are relatively inexpensive to set up and use, compared to other classes of file transfer systems. Some consider this type of transfer advantageous because the organization maintains full control, with no third-party -- e.g., cloud provider -- involvement.

Secure file transfer services based on SFTP are typically more feature-rich than those based on SCP. SFTP-based file transfers often have GUIs available, which make them easier to use. In general, however, both SCP- and SFTP-based systems lack many of the features of more sophisticated file transfer systems.

Another IT system that enables file transfer security is the file hosting service. Originally intended for end-user collaboration, file hosting services also typically offer access control and encryption features that enable a user to email a link to a person that grants them secure access to a file hosted on the service.

The most advanced type of file transfer platform today is managed file transfer (MFT). Secure file transfers typically work directly between a sender and a recipient. In contrast, MFT provides an intermediary system, which may be a dedicated server within the organization's facilities or a cloud-provided service. The file travels from the sender to the MFT repository, where it is strictly protected through access control measures, including encryption of the stored file. The transfer to the recipient from the MFT repository occurs at a later time. This isolates the sender's system from the recipient's system and also permits easier monitoring and tracking of repository and transfer usage by all parties.

Email also provides basic file transfer capabilities and should, therefore, be encrypted for security. Email encryption products can support large file transfers through email messages.

Secure file transfer service features

Organizations investing in secure file transfer services should consider whether they need the following advanced features, which are typically available with MFT offerings and, sometimes, from other types of file transfer services as well:

• Auditing. audit logs provide detailed activity and performance data that organizations can use to demonstrate compliance with data privacy standards and regulations. This is especially important if personally identifiable information, such as financial or health data, is in play.
  
  Legacy file transfer methods, such as SCP, have historically lacked auditing features. File hosting services typically offer at least some file transfer auditing capabilities, while most MFT platforms provide comprehensive audit logs.
• Automated scheduling. Secure file transfer services offer a range of scheduling capabilities. Basic functionality might mean a user can schedule the transfer of a certain file for a particular time.
  
  More sophisticated systems can also intelligently stagger the transfer of files that are not time-critical to reduce demands on bandwidth or processing. By managing resource use, this intelligent scheduling can save the organization money and prevent inadvertent denials of service.

8 enterprise-level secure file transfer services

The following section lists eight of the top enterprise-level secure file transfer services. These products offer a variety of features, ranging from basic to advanced.

1. Box Business

Box product page

Type: File hosting service

Delivery: SaaS. Accessible via a browser-based UI; optional local application download for desktops and mobile devices.

OSes: Android, iOS, macOS, Windows

Protocols and standards supported: TLS, passive FTP/FTP Secure/Explicit FTPS (Business and Enterprise tiers only; vendor does not recommend FTP/FTPS/FTPES as primary access method). Active FTP is not supported.

Features: Active Directory (AD) and single sign-on (SSO); audit logging; cloud storage; enterprise-friendly design; file synchronization and versioning; HIPAA and FedRAMP compliance (Enterprise tier); integrations with Microsoft 365, Google Workspace, Slack and 1,500+ other enterprise apps; threat detection (Enterprise Plus tier); workflow automation.

Max file size: 150 GB (Enterprise Plus tier)

2. Citrix ShareFile

Citrix product page

Type: MFT

Delivery: SaaS. Accessible via a browser-based UI; optional local application download for desktops and mobile devices.

OSes: Android, iOS, macOS, Windows

Protocols and standards supported: TLS/SSL, FTP/FTPS.

Features: AD integration; SSO; activity logging; advanced security features, including remote device lock and wipe options; cloud access security broker integration for data loss prevention; centralized management platform; encrypted email (Advanced+ tiers); enterprise-friendly design; file synchronization and versioning; integration with Microsoft 365; HIPAA compliance configuration (Premium tier); plugins for Gmail and Outlook (Advanced+ tiers); unlimited cloud storage.

Max file size: 100 GB (Advanced and Premium tiers)

3. IBM Sterling Secure File Transfer

IBM product page

Type: MFT

Delivery: Containerized software. Deployed on enterprise-grade servers, either on premises, in the cloud or hybrid.

OSes: Linux, Linux on IBM Z, macOS, multiple Unix platforms, Windows

Protocols and standards supported: Applicability Statement 2 (AS2), FTP, FTPS, Odette FTP 2 (OFTP2), Pretty Good Privacy, SFTP

Features: Automated inbound and outbound file transfers that work across protocols; file synchronization; intelligent, centralized management platform; RESTful APIs that support third-party integrations; scalable offering that supports a wide range of B2B file transfer requirements, for small businesses, midsize businesses and large enterprises.

Max file size: Depends on the protocol: AS2 (2 GB), FTP (10 GB), FTPS (10 GB), OFTP2 (5 GB), SFTP (10 GB)

4. pCloud Business

pCloud product page

Type: File hosting service

Delivery: SaaS. Accessible via a browser-based UI; optional local application download for desktops and mobile devices.

OSes: Android, iOS, Linux, macOS, Windows

Protocols and standards supported: TLS/SSL, AES-256; optional additional encryption uses 4,096-bit RSA for users' private keys and 256-bit AES for per-file and per-folder keys

Features: Activity logging; cost-effective; support for enterprise-scale requirements; optional zero-knowledge client-side encryption; option to encrypt or not encrypt individual files; file sharing, synchronization and versioning; data backups; digital asset management; team-by-team and user-by-user access control; unlimited cloud storage.

Max file size: No limit

5. Peer Global File Service

Peer product page

Type: Cloud-based distributed file management service

Delivery: SaaS. Management hub is accessible via local application or browser. Software installation required for both management hub and agents.

OSes: Linux, Windows

• Management hub -- Linux or Windows dedicated server
• Agents -- Windows file servers

Protocols and standards supported: TCP/IP, TLS/SSL

Features: Automated large file transfers; support for multisite file sharing across cloud, hybrid and on-premises environments; integrations with all major storage platforms; central management console; comprehensive activity logs; AD integration; file synchronization; anomalous event detection.

Max file size: No limit

6. Resilio Connect

Resilio product page

Type: Peer-to-peer (P2P) file transfer and synchronization service

Delivery: SaaS. Software installation required for both management console and endpoint agents. Browser-based UI.

OSes:

• Management console -- CentOS, Linux, macOS, Ubuntu, Unix, Windows
• Agents -- Android, FreeBSD, Linux, macOS, Windows

Protocols and standards supported: Proprietary P2P protocol based on BitTorrent

Features: Audit logging; support for transferring or replicating millions of files across multiple locations and diverse networks and systems; automated, intelligent scheduling; central management console; integrations with other enterprise IT tools; file sharing, synchronization and versioning; job prioritization; cloud storage support; remote endpoint agent upgrades; effective for large, multilocation enterprises; can scale to support thousands of endpoints and millions of files.

Max file size: No limit

7. SpiderOak CrossClave

SpiderOak product page

Type: File hosting service

Delivery: Hosted and on-premises options. Local application installation required. Browser-based access available but discouraged by the vendor for security reasons.

OSes: Android, iOS, Linux, macOS, Windows

Protocols and standards supported: Private blockchain platform running on proprietary distributed ledger technology; Commercial National Security Algorithm Suite

Features (Pro tier): Zero-knowledge end-to-end encryption (E2EE) in desktop and mobile apps but not browser-based web access; HIPAA-compliant; cost-effective; cloud storage; file sharing and versioning; data backups; point-in-time recovery; support for enterprise applications.

Max file size: No hard limit on file size when sharing, backing up or syncing. The vendor recommends limiting individual files to 10 GB or less for backup and 3 GB or less when synchronizing, however.

8. Tresorit

Tresorit product page

Type*: Cloud storage and file hosting service

Delivery: SaaS. Accessible via desktop application, mobile application and a browser-based UI.

OSes: Android, iOS, Linux, macOS, Windows

Protocols and standards supported: TLS; proprietary cryptography protocols; AES-256

Features: Zero-knowledge E2EE, including browser-based access; Gmail and Outlook integrations; enterprise application support; file synchronizing and versioning; encrypted cloud storage; compliant with HIPAA and GDPR (Business Plus and Enterprise tiers).

Max file size: 20 GB (Enterprise tier)

*Tresorit has a free, standalone file transfer app called Tresorit Send, which includes E2EE. Users can upload up to 100 files at a time, as long as they don't exceed 5 GB. Recipients can download a shared file only 10 times, in total.

Each of the above secure file transfer services provides a wide range of features. Pricing varies, with tiered options ranging from single user to multilocation enterprise.

How to choose a secure file transfer service

The following list offers guidance on selecting the appropriate system for file transfer requirements:

1. Review business requirements. Data management teams should periodically discuss technology requirements with business unit leaders and senior management. This helps identify possible trends and prepare IT for any special events, such as mergers.
2. Review historical performance data. Analyze data from existing file transfer systems to flag metrics and identify trends that might inform the selection process.
3. Prepare forecasts of file transfer and other IT trends. Use historical performance data to generate forecasts, which can be invaluable when preparing for a change in a major IT system. Compelling forecast data can help justify costly future investments.
4. Discuss secure file transfer services with other IT leaders. It is useful to speak with IT leaders in other organizations to see what they use for file transfers and how their experiences have been.
5. Research and examine available systems. Vet suitable file transfer system candidates, including current vendors.
6. Prepare a request for proposal (RFP). If a competitive bid is advisable, prepare a formal RFP that specifies the organization's current file transfer activities, plus short-, medium- and long-term needs. The RFP should include the requirements for a service-level agreement.
7. Send out the RFP, and consider having a bidders' conference. It is sometimes useful to gather bidders in person or by video conference to discuss the RFP and to get a feel for each vendor and its commitment to service and support.
8. Select the best product, and initiate a project plan. Once the new or updated system has been selected, complete the necessary paperwork, and prepare a project plan to facilitate the installation, testing, acceptance and rollout of the new system.
9. Organize and conduct user training. Working with the vendor, prepare and deliver training to all employees on the new system.
10. Complete acceptance testing prior to official rollout. This ensures that the new system performs as stated and that users are comfortable with it.

Use the software development lifecycle as a framework for selecting and implementing a new file transfer system. Once the system is in production, set regular times to review and audit the system's performance, and brief management on the findings.