Secure file transfer services: Types, tools and selection tips

How secure file transfer works

Secure file transfer services all have a common approach to protecting files: access control. How access control is achieved varies widely among products, but the basic idea is a shared secret between the sender and the recipient -- a hard-to-guess URL transferred via email, a password or integration with an enterprise identity and access management system, for instance. This shared secret encrypts the file before transfer, and the recipient's computer uses the shared secret to decrypt the file.

To satisfy security requirements of today's enterprises, secure file transfer services need a two-pronged approach:

1. Secure data. The data should have embedded security. Encryption, for example, ensures no one else on a network can access, read or modify the contents of a file as it moves between systems.
2. Secure delivery. Secure file transfer involves reliable delivery, such as TCP/IP. Secure file transfer services use a variety of protocols and standards, ranging from Secure FTP (SFTP) and Advanced Encryption Standard (AES) to vendor-specific proprietary protocols.

Pros and cons of secure file transfer services

Secure file transfer services provide strong security for files and other data, and support compliance requirements such as GDPR and HIPAA. Services are highly scalable and reliable, making collaboration smoother.

The downside, however, is the technology's cost and complexity. Security teams often find the service difficult to deploy, experiencing compatibility issues across security protocols and performance issues during large-scale data transfers.

Types of secure file transfer services

Basic secure file transfer services, such as those based on Secure Copy Protocol (SCP), have command-line interfaces and are best suited for IT rather than end users. They offer few features and are relatively inexpensive compared to other file transfer systems. Some consider this type of transfer advantageous because the organization maintains full control with no third-party -- e.g., cloud provider -- involvement.

Secure file transfer services based on SFTP are typically more feature-rich than those based on SCP. SFTP-based file transfers often have GUIs available, making them easier to use. However, both SCP- and SFTP-based systems lack many of the features of more sophisticated file transfer systems.

Originally intended for end-user collaboration, file hosting services offer access control and encryption features that enable users to email a link and be allowed secure access to a file hosted on the service.

The most advanced type of file transfer platform, managed file transfer (MFT), provides an intermediary system between sender and receiver, such as a dedicated server within the organization's facilities or a cloud-provided service. The file travels from the sender to the MFT repository, where it is strictly protected through access control measures, including encryption of the stored file. Transfer to the recipient from the MFT repository occurs later. This isolates the sender's system from the recipient's system and permits easier monitoring and tracking of repository and transfer usage.

Email also provides basic file transfer capabilities and should, therefore, be encrypted for security. Email encryption products support large file transfers via email.

Secure file transfer service features

Organizations investing in secure file transfer services should consider whether they need advanced features typically available with MFT offerings and, sometimes, from other types of file transfer services.

Auditing

Audit logs provide detailed activity and performance data that organizations can use to demonstrate compliance with data privacy standards and regulations. This is especially important if personally identifiable information, such as financial or health data, is in play.

Legacy file transfer methods, such as SCP, have historically lacked auditing features. File hosting services typically offer at least some file transfer auditing capabilities, while most MFT platforms provide comprehensive audit logs.

Automated scheduling

Secure file transfer services offer a range of basic scheduling capabilities.

More sophisticated systems can stagger file transfers to reduce demand on bandwidth or processing. By managing resource use, intelligent scheduling can save money and prevent inadvertent service denials.

AI

Many secure file transfer services include AI capabilities that can quickly identify and mitigate security threats before files are affected. AI can enhance the functionality of encryption algorithms and security key management, preventing many cyberattacks. Predictive capabilities analyze performance data to reduce downtime. AI also improves the organization's ability to comply with critical standards and regulations.

Enterprise-level secure file transfer services

The following enterprise-level secure file transfer services have a variety of features, ranging from basic to advanced, and some offer free demos as part of their pricing plans.

The tools profiled in this article were selected based on market research. Each has a sizable customer base, is under active development, and has numerous publicly available user reviews from verified purchasers. This list is organized alphabetically.

Box Business

Type: File hosting service with optional AI-powered features

Delivery: SaaS. Accessible via a browser-based UI; optional local application download for desktops and mobile devices.

OSes: Android, iOS, macOS, Windows

Protocols and standards supported: TLS, passive FTP/FTP Secure/Explicit FTPS (Business and Enterprise tiers only; vendor does not recommend FTP/FTPS/FTPES as primary access method). Active FTP is not supported.

Features: Active Directory (AD) and single sign-on (SSO); audit logging; cloud storage; enterprise-friendly design; file synchronization and versioning; HIPAA and FedRAMP compliance (Enterprise tier); integrations with Microsoft 365, Google Workspace, Slack and 1,500+ other enterprise apps; threat detection (Enterprise Plus tier); workflow automation.

Max file size: 150 GB (Enterprise Plus tier)

Pricing options: Multiple plans are available for individuals and businesses. Basic individual plans range from free to $15/user/month; business plans start at $15/user/month up to $50/user/month.

IBM Sterling Secure File Transfer

Type: MFT

Delivery: Enterprise software supporting traditional installation and containerized deployment; on-premises, cloud or hybrid.

OSes: Linux, Linux on IBM Z, macOS, multiple Unix platforms, Windows

Protocols and standards supported: Applicability Statement 2 (AS2), FTP, FTPS, Odette FTP 2 (OFTP2), Pretty Good Privacy, SFTP

Features: Automated inbound and outbound file transfers that work across protocols; file synchronization; intelligent, centralized management platform; RESTful APIs that support third-party integrations; scalable offering that supports a wide range of B2B file transfer requirements, for small businesses, midsize businesses and large enterprises. Key components include File Gateway, Connect:Direct, Control Center and Secure Proxy.

Max file size: Depends on the protocol: AS2 (2 GB), FTP (10 GB), FTPS (10 GB), OFTP2 (5 GB), SFTP (10 GB)

Pricing options: Monthly and perpetual licensing options are available for three packages: Essentials, Standard and Premium. Contact IBM for pricing.

pCloud Business

Type: Cloud-based file hosting service

Delivery: SaaS. Accessible via a browser-based UI; optional local application download for desktops and mobile devices.

OSes: Android, iOS, Linux, macOS, Windows

Protocols and standards supported: TLS/SSL, AES-256; optional additional encryption uses 4,096-bit RSA for users' private keys and 256-bit AES for per-file and per-folder keys

Features: Activity logging; cost-effective; support for enterprise-scale requirements; optional zero-knowledge client-side encryption; option to encrypt or not encrypt individual files; file sharing, synchronization and versioning; data backups; digital asset management via pCloud Branding; team-by-team and user-by-user access control.

Max file size: No limit

Pricing options: pCloud Business offers monthly and annual licenses at $9.99/user/month and $7.99/user/month; Business Pro is available monthly and annually at $14.98 per user/month and $11.98/user/month. 30-day free trial available.

Peer Global File Service

Type: Cloud-based distributed file management service

Delivery: Software platform. Management hub is accessible via local application or browser. Software installation required for both management hub and agents.

OSes: Linux, Windows

• Management hub -- Linux or Windows dedicated server
• Agents -- Windows file servers

Protocols and standards supported: TCP/IP, TLS/SSL

Features: Real-time and scheduled file replication; support for multisite file sharing across cloud, hybrid and on-premises environments; edge caching; integrations with all major storage platforms; central management console; comprehensive activity logs; AD integration; active-active file synchronization;  anomaly detection.

Max file size: No limit

Pricing options: Custom pricing; contact Peer Software for more information.

Progress ShareFile

Type: Secure file sharing and content collaboration platform, with some MFT-like capabilities

Delivery: SaaS. Accessible via a browser-based UI; optional local application download for desktops and mobile devices.

OSes: Android, iOS, macOS, Windows

Protocols and standards supported: TLS/SSL, FTP/FTPS.

Features: AD integration; SSO; activity logging; advanced security features, including remote device lock and wipe options; cloud access security broker integration for data loss prevention; centralized management platform; encrypted email (Advanced+ tiers); enterprise-friendly design; file synchronization and versioning; integration with Microsoft 365; HIPAA compliance configuration (Premium tier); plugins for Gmail and Outlook (Advanced+ tiers).

Max file size: 100 GB (Advanced and Premium tiers)

Pricing options: Pricing starts at $16/user/month and ranges up to $67.50/user/month

Resilio Connect

Type: Peer-to-peer (P2P) file transfer and synchronization service

Delivery: Software platform. Software installation required for both management console and endpoint agents. Browser-based UI.

OSes:

• Management console -- CentOS, Linux, Ubuntu, Windows
• Agents -- Android, FreeBSD, Linux, macOS, Windows

Protocols and standards supported: Proprietary P2P protocol based on BitTorrent

Features: Audit logging; support for transferring or replicating millions of files across multiple locations and diverse networks and systems; automated, intelligent scheduling; central management console; integrations with other enterprise IT tools; file sharing, synchronization and versioning; job prioritization; cloud storage support; remote endpoint agent upgrades; effective for large, multilocation enterprises; can scale to support thousands of endpoints and millions of files.

Max file size: No limit

Pricing options: Custom pricing; contact Resilio for more information.

Tresorit SecureCloud for Business

Type: Cloud storage and file hosting service

Delivery: SaaS. Accessible via desktop application, mobile application and browser-based UI.

OSes: Android, iOS, Linux, macOS, Windows

Protocols and standards supported: TLS; AES-256; clientside encryption using a zeroknowledge model

Features: Zero-knowledge end-to-end encryption (E2EE), including browser-based access; Gmail and Outlook integrations; enterprise application support; file synchronizing and versioning; encrypted cloud storage; compliant with HIPAA and GDPR (Business and Enterprise tiers).

Max file size: 15 GB (Business tier), 10 GB (Professional tier) 20 GB (Enterprise tier)

Pricing options: Tresorit offers a 14-day free trial. Licenses are available monthly and annually: Business $24/user/month or $19/user/month billed annually, Professional $33.99/user/month or $27.49/user/month billed annually. Custom enterprise-level pricing is also available; contact Tresorit for more information.

Tresorit also offers a free, standalone file transfer app, Tresorit Send, which includes E2EE. Users can upload up to 100 files at a time -- max 5 GB -- and shared each file 10 times. Shared files are available for a maximum of seven days.

How to choose a secure file transfer service

Here's some helpful guidance on selecting the appropriate system for your organization's needs:

• Review business requirements. Data management teams should periodically discuss technology requirements with business unit leaders and senior management to identify trends and initiatives.
• Review historical performance data. Analyze data from existing file transfer systems to flag metrics and identify trends that might inform the selection process.
• Prepare forecasts of file transfer and other IT trends. Use historical performance data to generate forecasts, which can be invaluable when preparing for a change in a major IT system. Compelling forecast data can help justify future investments.
• Discuss secure file transfer services with other IT leaders. Speak with IT leaders in other organizations to gauge their experience with other file transfer services.
• Research and examine available systems. Vet suitable file transfer system candidates, including current vendors.
• Prepare a request for proposal. If accepting competitive bids, prepare a formal RFP that specifies the organization's current file transfer activities, plus short-, medium- and long-term needs. The RFP should include the requirements for a service-level agreement.
• Send out the RFP and consider a bidders' conference. It can be useful to gather bidders in person or virtually to discuss the RFP and understand service and support models.
• Select the best product and initiate a project plan. Once the system has been selected, prepare a project plan to facilitate installation, testing, acceptance and rollout.
• Test before official rollout. A pilot phase ensures the new system performs as stated and that users are comfortable with it.
• Organize and conduct user training. Working with the vendor, prepare and deliver training to all employees.

• Use the software development lifecycle as a framework for selecting and implementing a new file transfer system. Once the system is in production, set regular review and audit times and brief management on the findings.

Paul Kirvan, FBCI, CISA, is an independent consultant and technical writer with more than 35 years of experience in business continuity, disaster recovery, resilience, cybersecurity, GRC, telecom and technical writing.