Businesses that deal with large files such as high-definition videos, 3D CAD models, and so on, sometimes need to transfer these files to another department or to a trading partner located in another state, country, or continent. In situations like this, it pays to know how to securely transfer large files over the Internet.
Why does your file transfer have to be secure?
Unless you've been living under a rock, transferring files over the Internet is par for the course in almost any business process. It's fast, easily accessible, and convenient. But does it really have to be secure? Well, if those files contain sensitive information, like personal data, financial information, trade secrets, top secret marketing strategies, etc., you wouldn't want them to fall into the wrong hands, would you?
Alas, the Internet is full of malicious entities who might take an interest in those large files you're about to send. So, in the following sections, we discuss some of the things you need to consider before picking a solution for transferring large files over the Internet.
Recommended read: How to Prevent Sniffer Attacks with Encrypted FTP
Avoid using email or cloud-based file sharing solutions
Two of the most common methods for sending files over the Internet is email and cloud file sharing solutions like Dropbox and Google Drive. Unfortunately, these solutions have file size limits for the files you upload through them. Gmail, for example, limits file attachments to 25MB. If you're sending files via a self-hosted mail server, the limits might even be more stringent.
Granted, any file attachment that exceeds that file size limit in Gmail is automatically uploaded to Google Drive, which does have larger file size limits, you still can't completely avoid file size limitations issues. As of this writing, Google Drive has file size limits for uploads depending on the file type. For example, an uploaded text document that needs to be converted to Google Docs should not exceed 50MB.
If you transfer large files on a regular basis, it would be much better to use a file transfer server like a FTPS server or SFTP server, as these servers don't have any file size limitations (unless the server admin deliberately sets them). Just make sure you use the right protocol.
Use secure file transfer protocols
File transfer servers can be had in different protocols. In the context of file transfers, a protocol is basically a set of rules that file transfer clients and file transfer servers adhere to. So, FTP clients and servers adhere to the FTP protocol and SFTP clients and servers adhere to the SFTP protocol. For the most part, you don't need to know what those rules are. The usual protocols choices are FTP, FTPS, SFTP, HTTP, HTTPS, and WebDAV. These file transfer protocols allow you to transfer files individually or in bulk.
Recommended read: 12 File Transfer Protocols for Businesses
While most of these file transfer protocols have no file size limits, they do differ in the level of security they provide. To be safe, pick a file transfer protocol that has at least some built-in data-in-motion encryption. This would prevent any eavesdropper in the network from acquiring any sensitive data you transmit through the file transfer connection.
Unencrypted protocols like FTP and HTTP will send data in plaintext, so eavesdroppers could intercept your connection and retrieve, say, your users' usernames and passwords and then use those login credentials to gain access to your server. Examples of file transfer protocols that have built-in data-in-motion encryption capabilities include FTPS, SFTP, HTTPS, and WebDAVS.
Recommended read: Understanding Key Differences Between FTP, FTPS and SFTP
Apply multi-factor authentication
Data-in-motion encryption is certainly a critical component for any secure file transfer method. However, it's not the only one. Data-in-motion encryption will protect data you transmit from threat actors who are eavesdropping on the network. In other words, it will secure your data as it traverses across the Internet.
But the thing is, not all threat actors are going to be aiming for data that's already in transit. In fact, most of them will be aiming for your servers themselves because that's where the bulk of your digital assets will be. Threat actors can employ a variety of methods to break into your server but one of the most commonly used is the brute force attack.
A brute force attack is a method wherein the attacker attempts to 'guess' a user account's password by inputting a series of character combinations until a match is made. Most of these attacks employ password cracking tools that generate passwords and automatically enters them in rapid succession into a login interface until a match is made.
Because brute force attacks are designed to crack passwords, one way to counter them is to add one or more methods a.k.a. 'factors' of authentication that don't require users to submit username/password combinations. Examples of other factors of authentication is SFTP's public key authentication and Google Authenticator's Time-based One Time Password.
An additional factor of authentication will prevent a hacker from breaking into your server even if he/she somehow acquires a user account's password.
Apply data-at-rest encryption
Strong security is all about employing multiple layers of protection, so that if one layer gets breached or circumvented by an attacker, another layer can still stand in its way. For example, if an attacker can't get through your login interface because you employed strong passwords and multi-factor authentication, that attacker might resort to physically removing your hard drives and taking off with them. This situation won't be so far-fetched if your dealing with a malicious insider.
One layer of security that you can employ to counter this particular threat is data-at-rest encryption. Data-at-rest encryption is a security measure wherein you encrypt data located in storage devices or systems like USB sticks, databases, or hard drives. For a more detailed discussion on how to secure data-at-rest, click that link.
Automate file transfer processes
Automation might seem unrelated to file transfer security but when you incorporate it into certain areas in a file transfer system, automation can actually enhance it (security). First off, automation can significantly reduce human errors. For example, as long as you configured it correctly the first time, a file transfer will never end up with the wrong recipient — a slip up that can happen to a human sender (think wrong email address).
Secondly, automation can ensure all security measures are enforced. If you want PGP-encryption or an antivirus scan to be applied each time a file is uploaded or receive an email notification if a virus is detected, you can automate those parts of your file transfer process. No need to rely on a human to perform those tasks.
Use JSCAPE MFT Server
All these capabilities can be had if you use JSCAPE MFT Server, a managed file transfer server that supports a wide range of file transfer protocols, including secure protocols like SFTP, FTPS, HTTPS, and WebDAVS. JSCAPE MFT Server also supports several multi-factor authentication options like public key authentication (for SFTP file transfers), TOTP and others.
In addition, JSCAPE MFT Server also features data-at-rest encryption capabilities as well as a comprehensive suite of automation-enabling features collectively known as triggers.
If you wish to give JSCAPE MFT Server a test run and see how it can securely transfer large files over the Internet, download the FREE, fully-functional Starter Edition of JSCAPE MFT Server now.