How to Choose an FTP Alternative
Questions to Ask When Assessing Secure File Transfer Solutions
- What is the process, asset, or information you are trying to share or deliver securely?
- Who performs these file transfer operations and how often?
- What kind of security and compliance requirements do your organization have?
- What technology or method are you using today?
Financial statements, medical records, ePHI, PII, intellectual property, source code, and other private and confidential documents are often shared out through email, FTP, or other insecure methods. Take some time to discuss, understand, and determine the information assets you work with and how that information needs to be shared.
How technical are the people who need to share files? For many people, a system that is complex to use has a low adoption rate – and people will find another (usually less secure) way to accomplish their tasks. Consider a system that is simple, intuitive, and doesn’t require IT assistance – if end users can send file securely themselves, they’ll more likely comply with security policies for file sharing.
HIPAA, Sarbanes-Oxley, SEC regulations, and many other compliance requirements exist for different industries and verticals. What specific requirements are important to your firm? How do you achieve this today? Statistically, people are the most likely way that data breaches occur – not malicious intent, but through accidental exposures. Make sure you provide tools that can assist in locking down your critical files and data. While many regulations do not specify the technologies to use, look for FIPS 140-2 compliant encryption (which the federal government requires), encryption that is implemented in transit and at rest, and a system that records the history of all transaction for audit purposes.
You may be using an SFT or MFT solution already – is it meeting your needs? More likely, you are sending email attachments, using an insecure FTP server, or burning CDs and mailing them out. Solutions like Biscom SFT are easy to implement and deploy, have very high adoption rates, and take the burden of security off IT’s shoulder.