Choosing a Secure FTP Provider for Your Business

Published on 02 Dec 2019 - Updated on 16 Feb 2021

Data security is a critical part of doing business, and its importance will only grow as many of us continue to work remotely. So how do you make sure your data is secure, even during transfer? It all starts with choosing the right FTP provider. And it’s easier than you think – just answer a few key questions.

Ask the right questions about secure FTP providers.

1. What Is FTP, and Is It Secure?

FTP, i.e., File Transfer Protocol, is not inherently secure. That’s because data sent via FTP is unencrypted, and users access the FTP server via plaintext password. These vulnerabilities leave you open to brute force attacks, FTP bounce, packet capture, port stealing, spoofing, and username enumeration.

Luckily, modern FTP providers have an extensive list of powerful security features. ExaVault’s number one priority is our client’s security, so we provide the most critical of those security features at no additional cost to our clients.

2. Why Would I Use FTP in 2021?

Look, we totally get it. FTP is nearly 50 years old! So why do you even need an FTP provider?

You might be required to use FTP due to legacy system integrations or restrictions on software upgrades. 

(Does that description sound like you? Don’t feel trapped – when you choose a modern FTP provider like ExaVault, you’re not limited to connecting via FTP! Check out our extensive features and web app access for more information beyond secure FTP.)

Common Business Needs

Another common business need is transferring large files. In this use case, FTP shines as a very reliable and scalable option. 

Whether you’re in IT, a scientist, a graphic designer, a photographer, or even a bike shop – sending large files is a necessary part of the job. And FTP is perfect for sending and receiving large files with clients and customers, coworkers and employees, contractors, and other contacts. (If you need unlimited users, ExaVault has you covered.)

So when you need FTP, how do you ensure your data stays secure during every transfer?

Secure file transfer via FTP between client and server.

3. How Do I Ensure My FTP Connection Is Secure?

There are so many ways to ensure security when transferring data.

First, it’s essential to find an FTP provider that offers secure connections. Without this feature, your data transfers have little hope of being safe. 

ExaVault not only lets you connect via SFTP and FTP-SSL, but admins can also enable secure-only mode. Data transfers are restricted to secure connections via applications like FileZilla and HTTPS for shares transferred through our web interface.

Second, look for features that let you improve or even abandon plaintext passwords altogether, which are notoriously insecure for the majority of users. One way to accomplish this goal is to restrict users to complex passwords, i.e., requiring certain character types and specifying a password length.

Log in screen requiring complex password.

Another method is to use SSH keys instead of passwords, which works by creating a pair of keys – a public key known by the server and a private key known only to the user. You can generate SSH keys for any user, and they’re commonly used for automation. (ExaVault offers both complex password enforcement and SSH keys!)

Permissions & Bonus Security Features

Next, think about how your users will access the FTP provider’s server. Do your users need persistent access to some folders, but not others? Should some users be restricted to download-only or upload-only functionality? Consider how to structure your file directory and user permissions so that you can segment users to only the access level necessary to perform their tasks.

ExaVault also includes a few bonus security features for all users, regardless of the pricing tier. For instance, admins can control whether users can view, share, delete and modify files and folders. We even let you restrict whether users can set their own passwords, ensuring secure passwords are assigned and can be rotated as needed.

These features like granular user permissions and key-based access ensure that you meet both the Principles of Least Privilege and Separation of Privilege, respectively.

4. Help, I Need Even More Security Features!

If you enable the features we’ve mentioned above, your data transfers will be very secure. But some users need to go the extra mile on data security and are looking for a secure FTP provider who can get them there.

ExaVault offers some advanced security features for a low fixed monthly cost. These features will take your security from “great” to “excellent.” Let’s check them out and see why some users opt-in for extra protection!

Additional Security

One additional security feature is timing out a user’s access after a certain number of days. This feature is handy if you work with a large number of individuals who only need temporary or one-time access (for instance, a photographer could grant access to their client’s folder containing all of the originals for 30 days).

Another add-on security feature is the ability to whitelist specific IP addresses. This feature is perfect for an organization that wants to restrict access to specific people at specific locations based on their IP address.

Both of these features will help you take your FTP security to the next level. If you need an FTP provider that values security, look no further than ExaVault. 

5. How Do I Get Started?

If you’re an IT manager, business owner, entrepreneur, or anyone else who’s looking for a secure FTP solution, getting started with ExaVault is easy. We have extensive help documentation available online. We also offer free 1:1 integration consultations and support webinars with our tech-savvy support team (that’s true even after you sign up for our service).


Secure your data during transfer today – you’ll be happy you did!

Start your free trial of ExaVault


Recent Related Blogs

Share via:
  • Facebook
  • Twitter
  • LinkedIn

© 2021 ExaVault. All Rights Reserved. ExaVault is a registered trademark of ExaVault, Inc.