Most Secure File Transfer Protocol (SFTP) hosting services can handle basic file transfer tasks, but not all are suitable for advanced workflows. For instance, if you just want the ability to upload files from a local system to a remote server or download files from that server, almost any SFTP hosting service should suffice. However, if you also need robust automation, integration and regulatory compliance capabilities, you have to be more selective in picking the right service.
In this post, we’ll examine the limitations of traditional SFTP hosting services and guide you through the essential questions to ask when evaluating prospective hosting solutions. Before we do that though, allow me to explain why you would choose an SFTP hosting service over an SFTP server deployed on-premises. Not interested in that? You may skip ahead to the sections that address your current concerns.
- When to choose SFTP hosting over an on-premises SFTP server
- Why not use hosted FTP servers?
- How to identify basic SFTP hosting solutions
- Does the hosting service provide additional security functionality?
- Can it support business-to-business (B2B) file transfers?
- How easily can you implement automation?
- Is the SFTP service scalable and highly available?
- Can it easily integrate with other applications and services?
- Does the provider perform regular backups?
- Discover JSCAPE MFTaaS
When to choose SFTP hosting over an on-premises SFTP server
Both an on-premises SFTP server and a hosted SFTP server enable you to move files from point A to point B across a secure connection. That said, SFTP hosting offers distinct advantages. You may want to choose SFTP hosting over an on-premises SFTP server in the following situations:
1. You want to minimize upfront costs
SFTP hosting allows you to avoid the substantial upfront costs associated with an on-premises SFTP server. These upfront costs typically cover:
- physical server and networking equipment,
- operating system license,
- SFTP software license,
- and other infrastructure components.
Your SFTP hosting provider will have already invested in and deployed all this underlying infrastructure in their data center. As a result, they cover the initial costs and then charge you through a more affordable subscription-based pricing model. In most cases, they’ll bill you monthly or annually.
2. You lack IT staff
As part of your ongoing subscription, your hosting provider also manages and maintains the underlying infrastructure. These responsibilities involve applying software updates/security patches and troubleshooting issues as they arise. In an on-premises model, these responsibilities would fall on your IT team.
In other words, SFTP hosting frees your IT staff from the burden of managing and maintaining your SFTP solution’s underlying infrastructure. This can help prevent IT staff burnout and allow them to focus on more pressing tasks.
3. You want a faster roll-out
Unlike on-premises SFTP servers, which require lengthy hardware and software procurement and deployment times, hosted SFTP servers are readily available as soon as you’ve set up your account. Thus, you can start providing SFTP services to your end users more quickly. What may normally take days or weeks to roll out can be done in just a couple of hours.
Why not use hosted FTP servers?
There was a time when most hosting providers offered hosted FTP services for transferring files. That time has long passed. Today, most providers have replaced plain FTP with more secure file transfer protocols like SFTP and File Transfer Protocol Secure (FTPS).
Although FTP provides basic end-user password authentication, which mitigates the risk of unauthorized access to a certain degree, it lacks critical security controls like data-in-transit encryption and server authentication. The absence of data-in-transit encryption makes FTP sessions vulnerable to man-in-the-middle attacks, while the absence of server authentication renders FTP clients incapable of validating the identity of the server they’re connecting to.
SFTP comes with data-in-transit encryption and server authentication functionality. It derives those capabilities from its underlying cryptographic protocol — Secure Shell (SSH). FTPS, the secure version of FTP, has these capabilities as well. FTPS inherits these capabilities from Secure Sockets Layer/Transport Layer Security (SSL/TLS), its underlying cryptographic protocol.
It is worth noting, however, that FTPS suffers from the same firewall issues that plague FTP. Those issues arise from FTP’s, and consequently FTPS’s, dual data connection mode. The specific ports that need to be opened on your firewall depend on whether you’re using active mode or passive mode. By contrast, to support SFTP connections, you only need to open a single port (usually port 22) on your firewall.
Not only that, but SFTP also allows you to implement two-factor authentication (2FA) by requiring users to submit a password and an SSH key, a.k.a. SFTP key, when they log on to your server. 2FA adds another layer of security that makes it difficult for a hacker to log on to your server, even with a stolen password.
How to identify basic SFTP hosting solutions
As indicated earlier, most SFTP hosting solutions only support basic data transfer tasks. These solutions are usually offered as part of web hosting packages. In these offerings, their main purpose is simply to provide web administrators with the means to upload files to a web server. One way to identify these types of SFTP hosting services is by inspecting accompanying offerings.
If you see SFTP hosting bundled with web hosting-related offerings like WordPress hosting, VPS hosting and domain name registration, you’re likely looking at an SFTP hosting solution with only basic file transfer capabilities.
These SFTP services usually rely solely on the security features found in SFTP, which may not be enough if you have more stringent security requirements. Moreover, these services usually lack tools that simplify automation initiatives.
So, how can you identify advanced SFTP hosting services? You can start by asking these questions during the evaluation process.
Does the hosting service provide additional security functionality?
The SFTP protocol already provides functionality for protecting sensitive data. For instance, it already comes with client/user authentication, server authentication, data-in-transit encryption and data integrity checking. That being said, you’ll want additional layers of security if your organization is subject to laws and regulations like the Healthcare Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS) or the European Union General Data Protection Regulation (GDPR).
For instance, you’ll want it to also have capabilities such as:
- Data-at-rest encryption: Encrypts files when stored.
- IP address whitelisting: Limits server access to user accounts connecting from specific IP addresses or geolocations.
- Virtual path permissions: Limits what legitimate users can do in specific folders.
- Password policy enforcement: Enables admins to configure and enforce password best practices.
- And many others.
For a more comprehensive list, read our blog post: 10 Essential attributes of secure file transfer systems
Can it support business-to-business (B2B) file transfers?
Common SFTP hosting services can easily support user-initiated file transfers. These refer to manual file management tasks, such as uploads and downloads, that end users perform using SFTP clients like FileZilla or WinSCP. While user-initiated file transfers are certainly common in business environments, they’re not the only type of file transfer workflow that exists.
For instance, if you’re a manufacturing company, your file transfer workflows may likely include automated B2B data exchanges. These transfers occur when you exchange electronic business documents, like purchase orders, invoices and advance ship notices, with customers, suppliers and other trading partners through an automated process. So, if the SFTP hosting provider you’re evaluating can’t support these types of file transfers, you need to look elsewhere.
How easily can you implement automation?
Many SFTP hosting services claim to support automated file transfers. However, once you look closer, you may find that they only support script-based automation. This method entails writing sophisticated code through scripting languages like Python, PowerShell, Bash and .NET. If you subscribe to these hosting services but don’t have the in-house talent to write automation scripts, you’ll have to hire people who do to make things work.
An easier option would be to choose a secure FTP hosting service that supports low-code or no-code automation tools. These tools allow you to build automated workflows with very minimal, if not zero, programming knowledge. With such tools, even junior IT staff can create automated file transfer workflows in just a few clicks.
Can it integrate seamlessly with other applications and services?
A file transfer solution used in business processes usually does not operate in isolation. The data that goes through its ports are normally retrieved from or forwarded to other applications and network services within your IT infrastructure. For instance, you might want to forward inbound files to a cloud storage like Amazon S3. Or you might want to retrieve outbound files from an SMB share.
Ideally, you want the movement of data between these applications/services and your file transfer solution to be devoid of user intervention. By integrating your file transfer solution with the rest of your infrastructure, you can avoid human errors, delays and inefficiencies inherent in manual processes.
To simplify integration efforts, look for an SFTP hosting solution that’s equipped with easy-to-use connectors, application programming interfaces (APIs) and other integration features. Check out these integration examples to gain insight into the type of features you should be looking for:
- Set up automated file transfers with a Windows SMB share
- How to retrieve email messages & attachments using a file transfer solution
- How to automatically transfer files from SFTP to Azure Blob Storage
- How to sync a Linux directory with an Amazon S3 bucket
Is the SFTP service scalable and highly available?
When you deal with business-critical file transfer processes, you can’t afford those processes to suffer any extended downtime. Unfortunately, there are several factors that can lead to extended downtime. A surge in inbound traffic, computationally demanding processes, large file transfers and Distributed Denial of Service (DDoS) attacks are just a few factors that may cause lengthy downtimes.
To minimize the risk of downtimes, look for SFTP hosting providers that run their infrastructure on top of reputable cloud service providers such as AWS, Google Cloud or Microsoft Azure. These providers offer provisions for high availability, load balancing and auto-scaling. Cloud servers running in these environments can be easily configured to maintain high degrees of uptime.
Does the provider perform regular backups?
Even if you institute multiple safety measures that minimize the risk of downtime, you can never guarantee 100% uptime. Thus, it’s important to also plan for the eventuality of an unexpected downtime. This typically involves establishing a backup and disaster recovery plan.
Seek out SFTP hosting providers that perform regular backups of configuration data and offer functionality for backing up user files. Assess their Recovery Point Objective (RPO) and Recovery Time Objective (RTO) and make sure they align with your organization’s own objectives.
One solution that meets all these advanced criteria is JSCAPE MFTaaS by Redwood.
Discover JSCAPE MFTaaS
JSCAPE MFTaaS by Redwood is a managed file transfer (MFT) solution delivered through a Software-as-a-Service model. This cloud-based MFT solution is designed to handle practically any file transfer and file sharing workflow, regardless of whether they’re basic or advanced workflows.
JSCAPE MFTaaS supports multiple file transfer protocols, including SFTP. Currently, its supported protocols include:
- SFTP
- Hypertext Transfer Protocol (HTTP)
- Hypertext Transfer Protocol Secure (HTTPS)
- Odette File Transfer Protocol (OFTP)
This means you can transfer files with JSCAPE MFTaaS using these other protocols, not just SFTP.
As with all modern MFT solutions, JSCAPE MFTaaS has an extensive selection of security features that allow you to meet stringent corporate security policies and data privacy/data protection laws and regulations. It also comes with an easy-to-use low-code/no-code automation platform, coupled with a wide array of integration options.
Since JSCAPE MFTaaS is deployed on a cloud-based infrastructure, it’s highly available and highly scalable. It’s also backed by a robust backup and disaster recovery plan. JSCAPE MFTaaS’ Service Level Agreement (SLA) commits up to 99.95% uptime, while its RPO is set to zero and its RTO is 15 minutes.
The best way to experience JSCAPE MFTaaS without spending a dime is through a live demo. Book a quick demo now.