January 4, 2017

    FTP Hosting: 5 Critical Security Questions for Enterprises

    You’ve read many a horror story about cyber attacks that left businesses facing costly and severe aftereffects. So you know that ensuring the security of your company’s file sharing processes and data assets is of primary concern. But do you know what specific characteristics of an FTP host make it a highly secure option for your organization?

    If you can’t trust a particular FTP host with your mission-critical business data, it’s not the right choice for your enterprise. It’s not enough for the provider to offer the basic security features boasted by just about every solution out there; it must meet the highest levels of data protection and deliver advanced functionality.

    Support your search for a secure enterprise FTP hosting solution by asking these five critical questions, and then use this comparison guide to assess the top seven file sharing softwares on the market

    1. What systems and controls are in place?

    Think password protection of your digital files is all you need to keep security threats at bay? This is a long, LONG way off from the truth. Proper password enforcement is just one part of the equation. Let’s not forget, you’re safeguarding against a multitude of dangers, including:

    • Data theft
    • Data loss
    • Information leakage
    • Human error

    Therefore, your security systems and controls must extend way beyond the password component. An FTP host that delivers strong defenses against the range of threats to your company’s information is likely to feature the following benefits, among others.

    • Intrusion Detection & Prevention: To protect your users and assets, choose an enterprise FTP host that actively monitors connections, detects suspicious activity, instantly blacklists offending IP addresses and distributes the blacklist across the FTP site's entire network of servers.
    • Encryption: Seek options that offer both at-rest encryption (for data on a server's hard drive) and in-transit encryption (for data in motion during the uploading or downloading process).
    • User Authentication by Password or SSH Key: Password policies must foster password strength and expiration parameters, and public keys should be managed on a per-user basis.
    • User IP/Protocol Enforcement: Confirm whether there’s a powerful security layer that allows site administrators to create user-level access rules that restrict individual user connections by remote IP address and/or by protocol.
    • Granular Access Controls: You must be able to govern your company’s file sharing processes with granular user permissions and restrictions.

    2. Do you provide for encrypted transfers?

    Part of your information security effort involves preventing data from getting into the wrong hands, whether internally or externally. That’s why encryption is so important.

    Your FTP host should be able to encrypt data both at rest and in transit. This way, only the sender and the recipient can access the data, even if a file is intercepted by a third party. It should also feature encrypted logins and data channels, including:

    • FTPeS (Explicit SSL encryption)
    • FTPS (Implicit SSL encryption)
    • SFTP (SSH encryption)
    • SCP (SSH encryption)
    • HTTPS (SSL encryption)

    3. How will you protect against unauthorized access, and how will you secure access upon authorized users?

    Find out whether the FTP host has a robust management interface for configuring user authentication via passwords and/or SSH keys. There should be controls to disable the sharing of files using public links, thereby allowing the administrator to require user authentication for all file access.

    Also, make sure it meets requirements for two-factor authentication (username and IP address) over protocols such as FTP or SFTP. This enables you to restrict certain users to certain locations or protocols. Even if a user's password is compromised, it should not be able to be used from another location.

    Finally, ask about the hosting solution’s ability to manage how files are viewed and used, down to the individual user account. You should be able to restrict access to specific directories or individual files within a directory based on the users who need that information to do their jobs. Your provider should also enable distinct permissions (upload, download, delete, list) for each user within each workspace.

    4. Is your FTP service regulatory compliant?

    Not every FTP hosting solution for enterprises is developed with regulatory compliance in mind. But employing an option that doesn’t meet the compliance laws in your industry is a very bad decision. So find out which FTP hosts will help you maintain the required level of compliance.

    A vital factor in secure file transfer is upholding compliance with the government regulations established in your industry. The penalties and consequences for noncompliance could put your organization at risk. A compliance-focused FTP host will make sure that the manner in which your files are stored, accessed, shared and distributed is compliant with all relevant regulatory bodies, such as HIPAA, ITAR, GLBA, DSS and SOX.

    5. Do you offer reliable disaster recovery?

    Threats to the security of your enterprise data can come in the form of accidental deletion by users, complete data center failure and more. As such, you need to be sure that your FTP host can get things back up and running as quickly and smoothly as possible by putting the following measures in place.

    • Full Backup: Your business stands to lose a significant amount of money if you lose even one day’s worth of productivity. Full and incremental backups are a key component of a disaster recovery plan for that reason. Don’t settle for a recycle bin for deleted files masquerading as “backup”.
    • Geo-Redundancies: You need more than a local backup to protect your business from certain disasters. Your FTP host should write data in more than one geo-location to create a series of redundancies that will help protect against the unexpected.
    • Optimal Recovery Time & Recovery Point Objectives: How long will it take for your business to be restored after an interruption, and what is the acceptable age of data that may not be recovered? The answers to these questions should satisfy your company’s needs in the event of a disaster.
    • Recovery of Accidentally Deleted Files: You should be able to store backups for at least five full days, allowing you to recover any files that were accidentally deleted by users as quickly after the incident as it was discovered.

    By using these insightful questions to investigate the various enterprise FTP hosting options available to you, you’ll have a clearer understanding of what you’re getting when you make a decision. The security of your organization’s information is a top priority, so scrutinize each solution with that in mind. If you have related thoughts or questions to share, please add them to the comments below, and don’t forget to download your free copy of A Comparison Guide of the Top 7 File Sharing Softwares.


    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts