Overview
To support both regular and sensitive data transfers, businesses typically reinforce their FTP service with a secure file transfer protocol like SFTP. But while these secure network protocols do a good job in protecting data during transmission, data-in-motion security isn't the only thing trading partners require from a file transfer system.
Equally important to trading partners are characteristics like high availability, timeliness, flexibility, reliability, and data-at-rest security.
In this post, we'll share with you some tips to help you choose an SFTP FTP server that can meet the demands of most businesses.
1. Determine whether it supports business process automation
In a rapid-paced business environment, automation capabilities are a must-have. By reducing human intervention, data can be delivered much faster, more efficiently, and with a higher degree of accuracy and reliability. Because IT environments normally consist of different applications, letting data flow seamlessly and automatically from one application to another can be a challenge. In most cases, you would need a great deal of system integration.
Thus, if an application already comes with automation-enabling capabilities right out-of-the-box, it would be much easier for system integrators to do their job. An example of a business process automation-enabling feature is a trigger. Triggers can automate various secure file transfer processes like PGP-encryption upon file upload, virus scanning, or even the main file transfer process itself, like in a server to server file transfer.
The figure below illustrates how two companies take advantage of automated file transfers to exchange EDI (electronic data interchange) documents.
To read more articles about triggers and automated file transfers, click that link.
2. Find out if it supports data-at-rest encryption
As mentioned earlier, SFTP is quite capable of protecting data during transmission. SFTP does this mainly through data-in-motion encryption, which renders data unreadable as it flows through the network. However, as soon as the files reach the server, this encryption no longer applies. As a result, files stored on the server are going to be vulnerable to attacks.
Therefore, it is necessary to employ some kind of data-at-rest encryption on the server itself. One thing you might want to consider in choosing an encryption technology for your server is whether it's based on an open standard. An open standard cryptographic system is developed by a diverse community of experts (as opposed to a closed, proprietary system which is developed by only one company). Hence, an open system can be subjected to suggestions and criticisms which in turn help in perfecting it.
Arguably, the most widely accepted cryptographic system is OpenPGP, which is incidentally based on an open standard and it is what we highly recommend. Combined with an automated mechanism like a trigger (see previous section), OpenPGP can be very effective in keeping files safe from attackers even if the they manage to steal the entire server itself.
3. Look for DLP functionality
Once a file reaches your server, it can be easily downloaded by anyone who has been granted access rights to it. That can be a problem if the file is stored in a shared folder accessible to a group of users. What if the sender unintentionally included confidential information that wasn't really meant to be shared? Accidental data leakages like this are quite common and, unfortunately, can lead to serious violations of privacy and unauthorized disclosures.
If your company belongs to an industry governed by regulations like PCI-DSS or HIPAA, it is imperative that your SFTP FTP server implement a Data Loss Prevention (DLP) mechanism that would automatically detect sensitive data such as credit card numbers, social security numbers, or protected health information, and likewise automatically perform a risk-mitigation action to protect them. For example, DLP can encrypt the file or, better yet, simply lock the file and prohibit anyone from downloading it.
I suggest you read the article "Using DLP to Protect Credit Card Data" to gain a deeper appreciation of the benefits of DLP to business operations.
4. Determine whether it can run on your companyβs platforms/operating systems
Does your company use a single platform (say, Microsoft) for all its servers? Not all businesses do. In fact, many companies actually run their servers on a collection of Windows, Unix, Linux, and (in some cases) Mac OS X machines.
Taking this into consideration, it would be wise to look for an SFTP FTP server that's platform-independent, i.e., can run on any of these platforms. That way, you wouldn't have to be forced to use a platform that's not already in your organization just to accommodate your new server.
5. Ask for high availability capabilities
Trading partners who frequently exchange business-critical data cannot afford downtimes. Downtimes can cause delays, which in turn can lead to customer dissatisfaction, missed opportunities, and heightened risks. As much as possible, your FTP and SFTP services should be available all the time.
Since there's no such thing as a server that never fails, you will want to choose a server that has failover capabilities. Failover capabilities ensure that if the active server bogs down, file transfer services can be smoothly redirected to a backup server a.k.a. a failover server. This will allow users to continue transferring files almost as if nothing happened.
If high availability really means a lot to your organization, then you would probably want to deploy two or more SFTP FTP servers in a cluster configuration, insert a reverse proxy/load balancer in front of the cluster, and a shared storage like a NAS behind it. Here's how such a set up would look like.
If the active server goes down, the second server can take its place. And because all files are stored in a shared storage, the users can still access their files as shown below.
You can read a more detailed explanation of this configuration in the article "Setting Up a NAS Shared Storage for Your File Transfer Servers"
We also have a nice collection of high availability-related blog posts. If you would like to read them, feel free to click that link.
Highly Recommended Download
JSCAPE MFT Server is an SFTP FTP server that also supports other file transfer protocols like FTPS, WebDAV, HTTP/S, and AFTP. Being Java-based, it is also platform-independent. And yes, it's also got OpenPGP and has DLP and High Availability features. The latest version even comes with Single Sign-On (OpenID and SAML) for easy user access.