cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Secure File Transfer and Dropbox - There is a Better Way

Product Manager

SolarWinds recently acquired a set of products that provide a self-hosted solution for securely transferring files both within and outside the the corporate firewall.  These products provide a secure alternative to cloud-based solutions like Dropbox.  "But Dropbox is so convenient and easy to use," you say.  Read on.

Dropbox has had its fair share of issues over the past couple of years, shining a big, ugly spotlight on security vulnerabilities with respect to sensitive customer data.  First of all, the exposure to potential security risks and service disruption from Dropbox is enormous.   According to a recent survey of 1300 business users, one in five are using Dropbox to transfer corporate files, effectively circumventing any safeguards their IT departments have put in place with respect to file transfers.  In August of last year, usernames and passwords of Dropbox accounts were compromised that resulted in a spamming campaign to a number of Dropbox users.  Unfortunately for Dropbox, this isn't the first time something like this has happened.  Another breach occurred in June of 2011 that was the result of a breakdown in the service's authentication software, exposing accounts without requiring proper authentication for a period of time.  If the security issues aren't scary enough, the service was completely unavailable for a period of time in January of this year.

These breaches beg a fundamental question to be answered when assessing a cloud-based versus a self-hosted solution for securely transferring files: is the cloud secure enough for the needs of my business?  The cloud certainly provides a valuable level of convenience and simplicity that's just fine for most individual consumer users, but it's evident that this convenience has a cost in terms of security.  Businesses, both large and small, often have stricter security requirements around file transfers and the users participating in those transfers that a cloud-based solution won't be able to provide.  When it comes to sensitive and confidential files, convenience is nice, but security is a must-have.

There is a Better Way

FTP Voyager is a free FTP client that supports a number of different protocols for secure file transfer.  Serv-U MFT Server is a managed file transfer server that provides a secure alternative to the cloud-based solutions for transferring files inside and outside the enterprise.  Let's take a look at some of the security based features and protocols that these products provide.

In addition to FTP, FTP Voyager supports both the FTPS and SFTP protocols.  This includes strong authentication with both X.509 client certifications and public key authentication.  FTP Voyager uses cryptography that has been FIPS 140-2 validated by NIST, and Voyager has been granted the Certificate of Networthiness by the US Army.

FTP_Voyager.png

Like FTP Voyager, Serv-U MFT Server supports the FTPS and SFTP protocols.  It also supports secure file transfers through a web browser or from a mobile device (iPad, iPhone, Android, Kindle Fire) via HTTPS.  Serv-U MFT Server also provides a number of different user management options, including the ability to authenticate against Active Directory.

Serv-U_Administration.png

Serv-U also provides a number of encryption options for transferring files.  Individual ciphers and MACs can be enabled or disabled based on your specific security requirements.  Serv-U also provides the ability to run in FIPS-140-2 mode.

Serv-U Encryption Settings.png

A separate module called the Serv-U Gateway provides reverse proxy capabilities, preventing data from ever being at rest in your DMZ or opening connections directly from the DMZ to your internal network.  Using Serv-U MFT Server in conjunction with the Serv-U Gateway provides an architecture that is PCI DSS 2.0 compliant as well as satisfying other high security requirements.  See reference architecture below for an example.

serv-U+gateway_architecture.png

You don't have to be a conspiracy theorist or even a security expert to have legitimate concerns about your data in the cloud.  Sometimes the nature of the data being transferred warrants consideration of a level of security that cloud-based solutions simply can't provide.  While Dropbox has made managed file transfer more accessible, it can introduce unnecessary risks to your organization.  FTP Voyager and Serv-U MFT Server provide secure alternatives to cloud-based solutions, giving you the best of both worlds.  For more information on Serv-U you can check out some of our videos here.  You can also find a number of security-focused knowledge base articles here.

2 Comments

If you're interested in learning more about ad hoc file sharing with Serv-U, please join our Webinar on July 25th (2013): https://www1.gotomeeting.com/register/666423776

Level 11

is there an ipad app planned to provide same functionally like dropbox, one drive

About the Author
Let me introduce myself.  My name is Craig McDonald, and I come from the land of video games and stock trading, sprinkled with identity management, and, by the way, I like to write.  Checkered past, you say?  How did you end up in network management, you ask?  Perfectly valid questions; I will connect the dots for you and it will all make sense shortly. I studied journalism at the University of Texas at Austin where I had the opportunity to write for The Daily Texan and Texas Monthly.  Upon graduation I was faced with two options: move to a small town and start my career at an even smaller newspaper, or make a home in Austin and see where this crazy tech town would take me.  I chose the latter, and ended up working in support and managing QA for a popular MMORPG called Ultima Online (this was before WoW was a sparkle in Blizzard's eye). After a few years of policing the haXXorZ, overseeing a few in-game weddings, and shipping several expansion skus, I decided it was time for a change.  I remember the advice from one of my journalism professors when I asked about pursuing a graduate degree; his suggestion, "Go to business school!"  I heeded his advice, got accepted to the McCombs School of Business at the University of Texas, and started working on my MBA. While finishing my MBA at McCombs, I was presented with an opportunity to work for a company that developed online trading software (Charles Schwab, formerly CyberTrader).  This may seem a stretch from video games, but the client/server infrastructure and the uptime requirements for an MMORPG and a securities trading engine are quite similar.  Although the content and use cases are obviously very different, both require fast connections and the ability to allow users to log into the service at any time.  My next career move was into the enterprise software arena where I worked as a product manager for Sun Microsystems in the Identity Management space. Fast forward to today, I'm your newest product manager at SolarWinds.  I will be managing Toolset, VoiP, and eventually the Kiwi products.  Outside of the SolarWinds 'Borg' (assimilation is swift and definitive), I keep busy with my lovely wife, two beautiful kiddos, and a pug named Marley.  When they go to bed, I'm either watching a movie, reading a book (working on Atlas Shrugged, and it is work, indeed), or staring at the red circle of death on my XBOX 360.