Getty Images/iStockphoto
8 secure file transfer services for the enterprise
With a plethora of options, finding the best secure file transfer service for your business can pose a challenge. Learn how to make an informed decision.
The ability to securely share and synchronize files across systems is a cornerstone of enterprise IT. Millions of transfers occur every day, involving files of all types, sizes and structures.
At its most basic, file transfer technology moves data from one system to another system over a network. Unfortunately, legacy file transfer mechanisms, such as email and FTP, have historically lacked built-in security features.
Today's organizations need confidence that file transfers will not compromise their data's confidentiality, integrity and availability (CIA), the primary requirements of information security. The stakes are especially high in large-scale enterprises, where massive amounts of potentially sensitive information constantly move among internal and external users and systems. Secure file transfer services aim to protect an organization's data while moving it from point A to point B.
How secure file transfer works
Secure file transfer services all have a common approach to protecting files: access control.
How this access control is achieved may vary widely among classes of products, not to mention individual products within each class. But the basic idea is that there is some sort of shared secret between the sender and the recipient. It could be as simple as a hard-to-guess URL transferred via email or an agreed-upon password. Or it could be as complex as integration with an enterprise identity and access management system. This shared secret is used to encrypt the file before it is transferred from the sender to the recipient. After getting the encrypted file, the recipient's computer uses the shared secret to decrypt the file.
To meet the CIA requirements of today's enterprises, secure file transfer services need a two-pronged approach:
- Secure data. The data itself should have embedded security. Encryption, for example, ensures no one else on a network can access, read or modify the contents of a file as it moves between systems.
- Secure delivery. Secure file transfer also involves some sort of reliable delivery, even if it's just provided by TCP/IP Secure file transfer services use a variety of protocols and standards, ranging from established ones, such as Secure FTP (SFTP) and AES, to vendor-specific proprietary protocols.
Types of secure file transfer services
The most basic secure file transfer services, such as those based on Secure Copy Protocol (SCP), have command-line interfaces only, making them best suited for IT rather than end users. They offer few features but are relatively inexpensive to set up and use, compared to other classes of file transfer systems. Some consider this type of transfer advantageous because the organization maintains full control, with no third-party -- e.g., cloud provider -- involvement.
Secure file transfer services based on SFTP are typically more feature-rich than those based on SCP. SFTP-based file transfers often have GUIs available, which make them easier to use. In general, however, both SCP- and SFTP-based systems lack many of the features of more sophisticated file transfer systems.
Another IT system that enables file transfer security is the file hosting service. Originally intended for end-user collaboration, file hosting services also typically offer access control and encryption features that enable a user to email a link to a person that grants them secure access to a file hosted on the service.
The most advanced type of file transfer platform today is managed file transfer (MFT). Secure file transfers typically work directly between a sender and a recipient. In contrast, MFT provides an intermediary system, which may be a dedicated server within the organization's facilities or a cloud-provided service. The file travels from the sender to the MFT repository, where it is strictly protected through access control measures, including encryption of the stored file. The transfer to the recipient from the MFT repository occurs at a later time. This isolates the sender's system from the recipient's system and also permits easier monitoring and tracking of repository and transfer usage by all parties.
Email also provides basic file transfer capabilities and should, therefore, be encrypted for security. Email encryption products can support large file transfers through email messages.
Secure file transfer service features
Organizations investing in secure file transfer services should consider whether they need the following advanced features, which are typically available with MFT offerings and, sometimes, from other types of file transfer services as well:
- Auditing. Audit logs provide detailed activity and performance data that organizations can use to demonstrate compliance with data privacy standards and regulations. This is especially important if personally identifiable information, such as financial or health data, is in play.
Legacy file transfer methods, such as SCP, have historically lacked auditing features. File hosting services typically offer at least some file transfer auditing capabilities, while most MFT platforms provide comprehensive audit logs. - Automated scheduling. Secure file transfer services offer a range of scheduling capabilities. Basic functionality might mean a user can schedule the transfer of a certain file for a particular time.
More sophisticated systems can also intelligently stagger the transfer of files that are not time-critical to reduce demands on bandwidth or processing. By managing resource use, this intelligent scheduling can save the organization money and prevent inadvertent denials of service.
8 enterprise-level secure file transfer services
The following section lists eight of the top enterprise-level secure file transfer services. These products offer a variety of features, ranging from basic to advanced.
1. Box Business
Type: File hosting service
Delivery: SaaS. Accessible via a browser-based UI; optional local application download for desktops and mobile devices.
OSes: Android, iOS, macOS, Windows
Protocols and standards supported: TLS, passive FTP/FTP Secure/Explicit FTPS (Business and Enterprise tiers only; vendor does not recommend FTP/FTPS/FTPES as primary access method). Active FTP is not supported.
Features: Active Directory (AD) and single sign-on (SSO); audit logging; cloud storage; enterprise-friendly design; file synchronization and versioning; HIPAA and FedRAMP compliance (Enterprise tier); integrations with Microsoft 365, Google Workspace, Slack and 1,500+ other enterprise apps; threat detection (Enterprise Plus tier); workflow automation.
Max file size: 150 GB (Enterprise Plus tier)
2. Citrix ShareFile
Type: MFT
Delivery: SaaS. Accessible via a browser-based UI; optional local application download for desktops and mobile devices.
OSes: Android, iOS, macOS, Windows
Protocols and standards supported: TLS/SSL, FTP/FTPS.
Features: AD integration; SSO; activity logging; advanced security features, including remote device lock and wipe options; cloud access security broker integration for data loss prevention; centralized management platform; encrypted email (Advanced+ tiers); enterprise-friendly design; file synchronization and versioning; integration with Microsoft 365; HIPAA compliance configuration (Premium tier); plugins for Gmail and Outlook (Advanced+ tiers); unlimited cloud storage.
Max file size: 100 GB (Advanced and Premium tiers)
3. IBM Sterling Secure File Transfer
Type: MFT
Delivery: Containerized software. Deployed on enterprise-grade servers, either on premises, in the cloud or hybrid.
OSes: Linux, Linux on IBM Z, macOS, multiple Unix platforms, Windows
Protocols and standards supported: Applicability Statement 2 (AS2), FTP, FTPS, Odette FTP 2 (OFTP2), Pretty Good Privacy, SFTP
Features: Automated inbound and outbound file transfers that work across protocols; file synchronization; intelligent, centralized management platform; RESTful APIs that support third-party integrations; scalable offering that supports a wide range of B2B file transfer requirements, for small businesses, midsize businesses and large enterprises.
Max file size: Depends on the protocol: AS2 (2 GB), FTP (10 GB), FTPS (10 GB), OFTP2 (5 GB), SFTP (10 GB)
4. pCloud Business
Type: File hosting service
Delivery: SaaS. Accessible via a browser-based UI; optional local application download for desktops and mobile devices.
OSes: Android, iOS, Linux, macOS, Windows
Protocols and standards supported: TLS/SSL, AES-256; optional additional encryption uses 4,096-bit RSA for users' private keys and 256-bit AES for per-file and per-folder keys
Features: Activity logging; cost-effective; support for enterprise-scale requirements; optional zero-knowledge client-side encryption; option to encrypt or not encrypt individual files; file sharing, synchronization and versioning; data backups; digital asset management; team-by-team and user-by-user access control; unlimited cloud storage.
Max file size: No limit
5. Peer Global File Service
Type: Cloud-based distributed file management service
Delivery: SaaS. Management hub is accessible via local application or browser. Software installation required for both management hub and agents.
OSes: Linux, Windows
- Management hub -- Linux or Windows dedicated server
- Agents -- Windows file servers
Protocols and standards supported: TCP/IP, TLS/SSL
Features: Automated large file transfers; support for multisite file sharing across cloud, hybrid and on-premises environments; integrations with all major storage platforms; central management console; comprehensive activity logs; AD integration; file synchronization; anomalous event detection.
Max file size: No limit
6. Resilio Connect
Type: Peer-to-peer (P2P) file transfer and synchronization service
Delivery: SaaS. Software installation required for both management console and endpoint agents. Browser-based UI.
OSes:
- Management console -- CentOS, Linux, macOS, Ubuntu, Unix, Windows
- Agents -- Android, FreeBSD, Linux, macOS, Windows
Protocols and standards supported: Proprietary P2P protocol based on BitTorrent
Features: Audit logging; support for transferring or replicating millions of files across multiple locations and diverse networks and systems; automated, intelligent scheduling; central management console; integrations with other enterprise IT tools; file sharing, synchronization and versioning; job prioritization; cloud storage support; remote endpoint agent upgrades; effective for large, multilocation enterprises; can scale to support thousands of endpoints and millions of files.
Max file size: No limit
7. SpiderOak CrossClave
Type: File hosting service
Delivery: Hosted and on-premises options. Local application installation required. Browser-based access available but discouraged by the vendor for security reasons.
OSes: Android, iOS, Linux, macOS, Windows
Protocols and standards supported: Private blockchain platform running on proprietary distributed ledger technology; Commercial National Security Algorithm Suite
Features (Pro tier): Zero-knowledge end-to-end encryption (E2EE) in desktop and mobile apps but not browser-based web access; HIPAA-compliant; cost-effective; cloud storage; file sharing and versioning; data backups; point-in-time recovery; support for enterprise applications.
Max file size: No hard limit on file size when sharing, backing up or syncing. The vendor recommends limiting individual files to 10 GB or less for backup and 3 GB or less when synchronizing, however.
8. Tresorit
Type*: Cloud storage and file hosting service
Delivery: SaaS. Accessible via desktop application, mobile application and a browser-based UI.
OSes: Android, iOS, Linux, macOS, Windows
Protocols and standards supported: TLS; proprietary cryptography protocols; AES-256
Features: Zero-knowledge E2EE, including browser-based access; Gmail and Outlook integrations; enterprise application support; file synchronizing and versioning; encrypted cloud storage; compliant with HIPAA and GDPR (Business Plus and Enterprise tiers).
Max file size: 20 GB (Enterprise tier)
*Tresorit has a free, standalone file transfer app called Tresorit Send, which includes E2EE. Users can upload up to 100 files at a time, as long as they don't exceed 5 GB. Recipients can download a shared file only 10 times, in total.
Each of the above secure file transfer services provides a wide range of features. Pricing varies, with tiered options ranging from single user to multilocation enterprise.
How to choose a secure file transfer service
The following list offers guidance on selecting the appropriate system for file transfer requirements:
- Review business requirements. Data management teams should periodically discuss technology requirements with business unit leaders and senior management. This helps identify possible trends and prepare IT for any special events, such as mergers.
- Review historical performance data. Analyze data from existing file transfer systems to flag metrics and identify trends that might inform the selection process.
- Prepare forecasts of file transfer and other IT trends. Use historical performance data to generate forecasts, which can be invaluable when preparing for a change in a major IT system. Compelling forecast data can help justify costly future investments.
- Discuss secure file transfer services with other IT leaders. It is useful to speak with IT leaders in other organizations to see what they use for file transfers and how their experiences have been.
- Research and examine available systems. Vet suitable file transfer system candidates, including current vendors.
- Prepare a request for proposal (RFP). If a competitive bid is advisable, prepare a formal RFP that specifies the organization's current file transfer activities, plus short-, medium- and long-term needs. The RFP should include the requirements for a service-level agreement.
- Send out the RFP, and consider having a bidders' conference. It is sometimes useful to gather bidders in person or by video conference to discuss the RFP and to get a feel for each vendor and its commitment to service and support.
- Select the best product, and initiate a project plan. Once the new or updated system has been selected, complete the necessary paperwork, and prepare a project plan to facilitate the installation, testing, acceptance and rollout of the new system.
- Organize and conduct user training. Working with the vendor, prepare and deliver training to all employees on the new system.
- Complete acceptance testing prior to official rollout. This ensures that the new system performs as stated and that users are comfortable with it.
Use the software development lifecycle as a framework for selecting and implementing a new file transfer system. Once the system is in production, set regular times to review and audit the system's performance, and brief management on the findings.