SolarWinds recently acquired a set of products that provide a self-hosted solution for securely transferring files both within and outside the the corporate firewall. These products provide a secure alternative to cloud-based solutions like Dropbox. "But Dropbox is so convenient and easy to use," you say. Read on.
Dropbox has had its fair share of issues over the past couple of years, shining a big, ugly spotlight on security vulnerabilities with respect to sensitive customer data. First of all, the exposure to potential security risks and service disruption from Dropbox is enormous. According to a recent survey of 1300 business users, one in five are using Dropbox to transfer corporate files, effectively circumventing any safeguards their IT departments have put in place with respect to file transfers. In August of last year, usernames and passwords of Dropbox accounts were compromised that resulted in a spamming campaign to a number of Dropbox users. Unfortunately for Dropbox, this isn't the first time something like this has happened. Another breach occurred in June of 2011 that was the result of a breakdown in the service's authentication software, exposing accounts without requiring proper authentication for a period of time. If the security issues aren't scary enough, the service was completely unavailable for a period of time in January of this year.
These breaches beg a fundamental question to be answered when assessing a cloud-based versus a self-hosted solution for securely transferring files: is the cloud secure enough for the needs of my business? The cloud certainly provides a valuable level of convenience and simplicity that's just fine for most individual consumer users, but it's evident that this convenience has a cost in terms of security. Businesses, both large and small, often have stricter security requirements around file transfers and the users participating in those transfers that a cloud-based solution won't be able to provide. When it comes to sensitive and confidential files, convenience is nice, but security is a must-have.
There is a Better Way
FTP Voyager is a free FTP client that supports a number of different protocols for secure file transfer. Serv-U MFT Server is a managed file transfer server that provides a secure alternative to the cloud-based solutions for transferring files inside and outside the enterprise. Let's take a look at some of the security based features and protocols that these products provide.
In addition to FTP, FTP Voyager supports both the FTPS and SFTP protocols. This includes strong authentication with both X.509 client certifications and public key authentication. FTP Voyager uses cryptography that has been FIPS 140-2 validated by NIST, and Voyager has been granted the Certificate of Networthiness by the US Army.
Like FTP Voyager, Serv-U MFT Server supports the FTPS and SFTP protocols. It also supports secure file transfers through a web browser or from a mobile device (iPad, iPhone, Android, Kindle Fire) via HTTPS. Serv-U MFT Server also provides a number of different user management options, including the ability to authenticate against Active Directory.
Serv-U also provides a number of encryption options for transferring files. Individual ciphers and MACs can be enabled or disabled based on your specific security requirements. Serv-U also provides the ability to run in FIPS-140-2 mode.
A separate module called the Serv-U Gateway provides reverse proxy capabilities, preventing data from ever being at rest in your DMZ or opening connections directly from the DMZ to your internal network. Using Serv-U MFT Server in conjunction with the Serv-U Gateway provides an architecture that is PCI DSS 2.0 compliant as well as satisfying other high security requirements. See reference architecture below for an example.
You don't have to be a conspiracy theorist or even a security expert to have legitimate concerns about your data in the cloud. Sometimes the nature of the data being transferred warrants consideration of a level of security that cloud-based solutions simply can't provide. While Dropbox has made managed file transfer more accessible, it can introduce unnecessary risks to your organization. FTP Voyager and Serv-U MFT Server provide secure alternatives to cloud-based solutions, giving you the best of both worlds. For more information on Serv-U you can check out some of our videos here. You can also find a number of security-focused knowledge base articles here.