Top Enterprise SFTP Software for Clients & Servers

SFTP software works in tandem with your SFTP server, but both can add value to your current file transfer protocols in your enterprise.

What is SFTP client software? An SFTP client is software that lets you connect to an SFTP server to upload or download data from the server. This way, users can be allowed to access the SFTP server and retrieve the data they need.

What Is SFTP Software?

Secure Shell (or SSH) File Transfer Protocol (SFTP) is an encrypted file transfer method that businesses and users worldwide utilize to help them move data between computers. Modeled off of traditional FTP, SFTP uses the Secure Shell encryption protocol and encrypted servers to protect data at rest in the server and during transit between computers.

Like FTP, SFTP is built on a file/server model:

1. SFTP Servers are systems that host files and use software to allow outside users to access those files securely.
2. SFTP Clients are programs or devices that users install on their systems to connect to SFTP servers. These clients will, at minimum, allow the user to input a domain or address to connect to the server, view and navigate the structure of the file system that is visible to software, and ultimately download shared data.

This model is the most basic form of SFTP and, in some cases, you’ll find these configurations in use on consumer systems or small businesses exchanging unclassified or non-sensitive information. In these cases, SFTP can accomplish a lot. With strong encryption at the server (something like AES-128) and during transit (like TLS 1.1+), data is strongly protected from theft or eavesdropping.

Enterprise SFTP Features

This definition speaks to SFTP more generally and will resonate with consumers and generalists. Enterprise SFTP will include a much different set of features, with an approach focusing on organizational use and security.

When it comes to adapting this technology for enterprise uses, however, we find more features added to the package:

• More robust encryption, the type that can withstand the strongest attacks or meet the most rigorous compliance requirements
• Data management and analytics, including dashboards and logs that can support system optimization and help report compliance and meta-analyses of data for business and operational strategies
• Backup and recovery can range from simple data backups on local servers to several layers of cloud redundancy and rapid-loading disaster recovery systems

SFTP remains popular for enterprise use at its core because it is fast and configurable and can function as a transfer method for more complex suites of software like managed file transfer (MFT) solutions.

What Features Should I Look for in an SFTP Client?

Clients are quite common, and several consumer-grade solutions exist. However, when it comes to enterprise solutions, the type of client you use will often be determined by the server environment available.

We will avoid discussing freeware or consumer client features here. Our focus instead will be on the features that most benefit business and enterprise users.

Some features to look for in an SFTP client include the following:

• Streamlined Connection Interface: Some clients are text-driven, or use clunky interfaces that are more idiosyncratic than helpful. Solid clients, particularly those intended to work with a specific platform, make users feel like they are simply accessing a local filesystem or network web folders, with coherent navigation, design choices, and accessibility cues.
• Drag-and-Drop Support: Something that deserves special attention is having a graphical user interface with drag-and-drop capabilities. Users should have the ability to manipulate files over SFTP much as they do on their local system without a break in the experience.
• Automation: Automation is a powerful tool on the server side. With a solid client, your users should be able to harness automation features to accomplish complex tasks. Automation can include setting complex or straightforward triggers based on events or plan file transfers for specific times (for example, large batch transfers in the evening).

An SFTP desktop client, however, has trouble meeting typical enterprise requirements, which include:

• Auditing: These clients often do not include a complete audit trail of all file transfers for compliance reporting.
• Security Reporting: Additionally, you typically won’t see log forwarding to security operations for intrusion detection and forensics.
• Archiving: Legal applications of SFTP will include document archiving to meet evidentiary or Bar Associate requirements.
• Certificate-Based Authentication: Certificate authentication is an expensive process, one that most consumer SFTP clients don’t offer or support out of the box.
• File Size: Enterprise SFTP software will usually include unlimited file sizes to handle modern terabyte payloads like DNA sequences, legal evidence videos, analytics datasets, and CAD files.
• Data Loss Prevention: Enterprises often rely on DLP scans that log and block accidental or intentional data leaks in file uploads.
• Additionally Security: Anti-virus, ATP (Advanced Threat Prevention), and CDR (Content Disarm and Reconstruct) scans that quarantine and log malware found in file downloads

What Features Should I Look For in an SFTP Server?

SFTP servers are one-half of this software equation and have several features and capabilities that you should consider for enterprise use. These capabilities include the following:

1. Enterprise Encryption: As mentioned above, you want a minimum of AES-128 (ideally AES-256) for server storage and TLS 1.2+ for data-in-transit. Note that many open-source and commercial SFTP servers leave encryption of the file system — as well as hardening of the OS — up to you.
2. Compliance Capabilities: Your solution should be able to work within the bounds of your compliance regulations. That means the proper user access controls, encryption, domain block-listing and allow-listing, certificate-based authentication, automatic file and folder expiration, and other security measures. Comprehensive, flexible logging and audit reporting are paramount, and clients should be able to support the same level of encryption on workstations.
3. User Management and Authentication: You don’t want to manage your enterprise users in your SFTP server; you want it instead to integrate with your LDAP or MS AD systems. For the back end (the file system side, not the SFTP protocol side), employees should also be able to use your enterprise SSO. If you don’t manage external users such as business partners in LDAP, you’ll need to manage them in the SFTP server. The SFTP interface should support certificate-based authentication. For compliance, the server must provide a complete audit trail and logging for all privileges granted, and policies that automatically expire users who become inactive. Clients should include the same level of authentication as well as any additional features like Multi-Factor Authentication.
4. Business Self Service: Admins should be able to designate and enable business owners to create folders/directories, invite external users and grant their data access privileges, thus avoiding time wasted on help desk tickets. The back-end interface to the server should be simple enough for end users to access files without IT assistance. IT admins should be able to configure governance controls that give them confidence they can let critical business users operate independently.
5. Scalable: Many organizations stand up an SFTP server silo for each use case, and this sprawl creates excessive work for sysadmins. A centralized, managed SFTP system that scales up to your capacity needs enables efficiency and flexibility, reducing costs while it speeds the onboarding of each new business partner.
6. Support for Automation: Automation can alleviate micromanaging job workflows by managing repeatable tasks across all transmissions, especially when integrated with an MFT solution. For business-critical data flows between supply chain partners, reliable automation is essential.Many organizations also automate the back-end transfers between their customer-facing SFTP server and internal repositories such as SharePoint or applications that will post-process the data.
7. High-availability configuration with fail-over: Keep your critical business-to-business operations up and running.
8. Backup and Disaster Recovery Functionality: This can be either local backups or more flexible and resilient, high-performance cloud backups. If users handle information that needs archived on workstations, this should be included either with the client or in addition to it.
9. Hosted SFTP: Speaking of the cloud, get a cloud SFTP solution that doesn’t force you to have a local server setup. Cloud is more resilient and accessible than on-premise in most cases and can make compliance and cybersecurity priorities much easier to manage—with the right provider, of course.

A note about hosted solutions: When you use a hosted server, you will use the server technology provided by your partner. Likewise, if that SFTP service comes with instructions for client access, there is a good chance that they will provide their interface. Rather than a standalone app, this interface will most likely combine web, mobile, and light desktop apps connected to web services that maintain the security and integrity of their systems.

This is a good thing. The ability to use a built-in client takes some of the guesswork out of what products to use. Likewise, leveraging all aspects of that provider’s services (for example, if they offer expanded MFT products) will be easier. Finally, you can expect whatever integration they use to connect interfaces to their servers or other services to your account will optimize the service.

The Accellion Kiteworks® Platform: SFTP Functionality with MFT Capabilities

The Accellion Kiteworks platform contains robust and secure capabilities to support advanced enterprise file sharing and file transfer capabilities:

Kiteworks SFTP Server

The SFTP server in the Kiteworks content firewall platform meets the needs of enterprises around the world, with its hardened, scalable server, centralized governance, and tracking of every user and automated action.

• Security and Compliance: Our systems utilize AES-256 encryption for data-at-rest and TLS 1.2+ for data-in-transit. Its hardened virtual appliance, granular controls, authentication and other security stack integrations, and comprehensive logging and audit enable you to efficiently achieve compliance with data privacy regulations like PCI, HIPAA, and GDPR.
• Audit Logging: PCI-DSS, ANSSI, IRAP, HIPAA, or any other compliance regulation requires logging events in your system. With the Kiteworks platform’s immutable audit logs, you can detect attacks sooner and maintain the correct chain of evidence to perform forensics. Since the system merges and standardizes entries from all the components, its unified syslog and alerts save your SOC team crucial time and helps your compliance team prepare for audits.
• Private Cloud: Your file transfers, file storage, and access will occur on a dedicated Kiteworks instance, deployed on your own premises, on your IaaS resources, or hosted in the cloud by Accellion. That means no shared runtime, databases or repositories, and no potential for cross-cloud breaches or attacks.
• FedRAMP Moderate Authorized SFTP hosting: U.S. Government agencies and contractors require FedRAMP authorization for all cloud applications. Commercial organizations benefit, as well, from its 3rd-party certified and monitored compliance with NIST 800-53 and FISMA.
• Scalability and Cost Consolidation: You can centralize your SFTP servers in a single Kiteworks system, meeting your throughput, response time, availability, and compliance requirements around the world. Centralized governance, logging and administration will save you administrative time and costs as well. All Kiteworks servers also come seamlessly equipped with secure, best-of-breed file sharing and secure email.
• File Size Limit of 16 Terabytes: The Kiteworks server handles massive files reliably.
• Seamless automation: The Kiteworks platform also supports Managed File Transfer (MFT) to automate content transfer into and out of SFTP and other repositories like file shares and AWS S3.
• Self-Service Ease of Use: Business users access the back end of the Kiteworks SFTP server through familiar web file sharing folders. Employees the admins have delegated to manage the folders can create new folder trees for new partners, or nest new folders in them for new data subjects. They can invite external parties who meet the constraints of the compliance policies. Any invited user can upload and download files from the SFTP or Web interface based on the level of access granted to them.
• Data Visibility and Management: Our CISO Dashboard gives you an overview of your data: where it is, who is accessing it, how it is being used, and if it complies. Help your business leaders make informed decisions and your compliance leadership maintain regulatory requirements.

Kiteworks SFTP Connector (Client)

The Kiteworks SFTP platform also includes a compliant and secure SFTP client to connect to our server that includes critical features like:

• Security and Compliance: Part of the beauty of the Kiteworks server is that it’s a fully-featured platform, so security hardening, security stack integrations, governance controls, logging, and others also carry over to the client.
• Employee Ease of Use: The remote SFTP server appears as a set of web folders your end users access in exactly the same way as web file sharing. Access is easy, frictionless and intuitive across your entire user base.
• Automation: The Kiteworks MFT can automatically transfer content in and out of your business partners’ SFTP servers at scale, with scheduling, analytics, graphical no-code workflow authoring and data orchestration.

If you’re ready to adopt an advanced enterprise file-transfer service, then learn how you can modernize SFTP. Sign up for the Accellion newsletter to stay ahead of news, events, and releases.

*** This is a Security Bloggers Network syndicated blog from Cyber Security on Security Boulevard – Accellion authored by Vince Lau. Read the original post at: https://www.accellion.com/secure-file-transfer/sftp-software/