x Close

Take a Tour

Secure File Sharing Blog

B2B File Sharing Blog

Secure file sharing software information, file sharing trends and announcements.

Arvind Mistry

Arvind is Director of Compliance and Programs at FTP Today. He came to FTP Today with 11+ years of experience in offering cloud solutions to the Federal Government and public sector channels at companies such at Rackspace, IBM, UNICOM, A10 and Radware Alteon. He is based in the Washington, D.C. area.

Blog Feature

Compliance Cyber and Data Security FTP Cloud FTP Solutions File Sharing Best Practices Secure File Sharing The Cloud

Authentication 101: Understanding Multi-Factor Authentication (MFA) to Protect Your Business

In the IT industry there are many words used when discussing the topic of authentication. Some of those words often used are multi-factor authentication (MFA), two-factor authentication (2FA), time-based one-time password (TOTP), one-time password (OTP) and more. It is important to understand that here are dependencies and differences amongst these terms. For example, two-factor authentication (2FA) is a subset of multi-factor authentication (MFA) because it requires more than 1 form of authentication - i.e 2FA is under the MFA umbrella. Additionally, there are multiple types of 2FA/MFA such as one-time password (OTP). Lastly, there are variations of OTP methods like TOTP, HOTP, etc. Therefore, all of the above would be considered multi-factor authentication. Your authentication method(s) can thwart would be attackers. It seems like all too often we hear about a different company falling victim to a cyberattack (some of which are massive enterprise corporations/conglomerates). In this blog we take a look at the various methods of authentication available to protect your business. 

Read More

Blog Feature

Compliance Cyber and Data Security FTP Cloud FTP Solutions Government Compliance Secure File Sharing The Cloud

CMMC 2.0 Controls Made Easy for Small & Mid-Sized Contractors

When the Department of Defense initially announced version 2.0 of its Cybersecurity Maturity Model Certification (CMMC), it was meant to be good news for small and mid-sized businesses and contractors that work with the United States Military. CMMC 1.0 put a heavy burden on these smaller organizations to create systems and manage controls that they simply didn’t have the in-house resources to create and manage. But planning for the CMMC 2.0 model brings to light just how challenging compliance remains for small- and mid-sized organizations. While CMMC version 2.0 has been framed as less of a burden for smaller businesses and contractors, there’s still a lot of work to be done to reach full compliance.

Read More
Secure File Sharing

Get the answers to your secure file sharing questions!

Are you trying to select a new file sharing solution, but you have a few questions first? Explore these common questions about file sharing solutions and find out their answers.

Blog Feature

Compliance Cyber and Data Security FTP Cloud FTP Solutions Government Compliance Secure File Sharing The Cloud

DoD SAFE Alternatives: How to Efficiently Share Files with the U.S. Military

The U.S. Department of Defense (DoD) manages an annual budget that stretches into the hundreds of billions. Much of that money is spent with the 100,000-plus third-party contractors that participate in the nation’s defense industrial base (DIB). The DoD and these contractors must share files and information, and they must do so in a secure manner — for obvious reasons. Today, the DoD offers DoD SAFE as a portal where DIB contractors and members of the U.S. military can share PII-, PHI-, and CUI-related files securely. But is DoD SAFE the best option for your organization? There are DoD SAFE alternatives that are easier to use while providing a level of security that meets DoD expectations for files that fall into these categories. If you’re one of the many defense-related contractors searching for DoD SAFE alternatives, continue reading to learn more about the history of DoD SAFE and your other options for securely sharing files with the U.S. Military.

Read More

Blog Feature

CMMC Cyber and Data Security DFARS EAR FTP Solutions GOVFTP Cloud Government Compliance ITAR NIST Secure File Sharing The Cloud

How to Plan for Changes to CMMC Requirements

By now, all contractors that work with the U.S. Department of Defense should be fully aware of the Cybersecurity Maturity Model Certification (CMMC) 2.0 announcement from November 2021. The CMMC 2.0 announcement included updates to CMMC 1.0 that were designed to enhance cybersecurity protections for all entities in the defense industrial base, or DIB, and also streamline protections for contractors already utilizing the NIST 800-171 framework. While the announcement of last November did provide a glimpse at what the DOD’s requirements might be in the future, Congress has yet to codify those requirements into a law to be followed. Unfortunately, that leaves contractors and others in the DIB in a limbo period where they know that new CMMC requirements are coming — but they don’t know exactly what those requirements will be. We’ve written previously about the proposed CMMC 2.0 framework and what it might require of contractors. Now we’ll address what contractors and others in the DIB can be doing right now during this limbo period to set their organizations up for future success under CMMC 2.0 once codified by law. While there’s a lot of confusion about what can be done presently, it’s best for DIB members to focus first on Level 1 requirements as outlined by the CMMC 2.0 announcement late last year. The following 17 specific practices are required for Level 1 compliance. They represent basic security hygiene that you can implement for your organization: limiting physical access to your facility and systems, securing storage and transport of data, and monitoring your systems usage are good places to start. Also, note that Level 1 compliance is the basis for Level 2 compliance.

Read More

Blog Feature

Compliance Cyber and Data Security EAR FTP Solutions GOVFTP Cloud Government Compliance ITAR NIST Secure File Sharing

Everything You Need to Know About Aerospace Industry Regulations and Cybersecurity

The aerospace industry is a big business — and it’s only going to get bigger in the coming years. In 2020, the global aerospace industry reached $298 billion. That figure is expected to grow to $430.9 billion by 2025 (an expected 45% increase in 5 years). The size of the industry and it’s expected growth is even more impressive when you consider the many aerospace industry regulations that companies must adhere to. The challenge with operating in aerospace is that almost everything designed, built or created has defense-related implications. Indeed, trade organizations (like the Aerospace Industries Association) and the U.S. government have established stringent regulations and security frameworks to prevent the aerospace industry’s products and data from falling into the wrong hands. These regulations can be burdensome for aerospace companies. But they can also represent an opportunity for aerospace companies to put into place the right tools and technologies for making compliance easier and more automated. Here’s a look at the most relevant aerospace and defense industry regulations — the AIA’s NAS9933, NIST SP 800-171, ITAR and EAR — plus a rundown of how aerospace companies can benefit from compliance.

Read More

Blog Feature

Compliance Cyber and Data Security FTP Cloud FTP Solutions File Sharing Best Practices GOVFTP Cloud Government Compliance SOC Secure File Sharing The Cloud

What is SOC 2? Why it’s Important to Your Organization

In the modern age, cybersecurity has become a serious priority for organizations operating in both the public and private sectors. Government entities prioritize cybersecurity to prevent foreign actors and third parties from accessing state secrets. Corporations and other businesses prioritize cybersecurity to prevent ransomware, the loss of proprietary information and trade secrets, and generally to secure any information and files they store and share. What is SOC 2 and where does it fit within the emerging cybersecurity universe that’s growing more important with each passing year? SOC, an acronym for “System and Organization Controls,” is a cybersecurity risk management reporting framework that includes different levels for different types of organizations — SOC 2 is the second level of the framework designed for service providers. The SOC framework and SOC 2 requirements for service providers have become a universally accepted standard for securing information, data and files. At FTP Today, we are SOC 2 certified with the GOVFTP Cloud in scope. This is one of the best ways to ensure we’re securing our users’ data and files while minimizing the risk of outside threats. See below for more details on the SOC framework, on SOC 2 compliance, plus what it means for your organization.

Read More

Blog Feature

Compliance Cyber and Data Security FTP Cloud FTP Solutions File Sharing Best Practices GOVFTP Cloud Government Compliance NIST Secure File Sharing The Cloud

NIST 101: Everything You Need to Know About the NIST Framework

Even if you’ve only dabbled in cybersecurity, you’ve likely heard the acronym NIST — which stands for National Institute of Standards and Technology. Behind that simple acronym are huge implications for organizations that experience cybersecurity threats or that regularly handle sensitive files and information. The NIST framework for cybersecurity can help keep your organization safe from breaches, and it can also help you achieve compliance so that you can work with other organizations and government agencies that are concerned about cybersecurity. To help you better understand the NIST framework for cybersecurity, here are in-depth details about NIST and specific publications relevant to cybersecurity and the protection of sensitive files and information.

Read More

Blog Feature

CMMC Compliance Cyber and Data Security DFARS EAR FTP Cloud FTP Solutions File Sharing Best Practices GOVFTP Cloud Government Compliance ITAR NIST PCI Secure File Sharing The Cloud

CMMC 2.0: How the DoD’s Cybersecurity Certification is Changing

The body that oversees Cybersecurity Maturity Model Certification (better known as CMMC) has just announced version 2.0 of its standards. This updated version of CMMC is significant for organizations that are part of the defense industrial base — organizations numbering 300,000-plus that comprise the supply chain for defense-related projects in the United States. See below for more details on CMMC 2.0, plus what those changes mean for organizations that work on projects with the U.S. Department of Defense.

Read More

Blog Feature

Cyber and Data Security EAR FTP Solutions File Sharing Best Practices GOVFTP Cloud Government Compliance ITAR Secure File Sharing The Cloud

ITAR Compliance Tips for 2021 and Beyond

The United States is likely to spend more than $700 billion on national defense in 2022. A big portion of that budget will be spent on contracts with third-party businesses — contractors who provide products, materials and services to the U.S. military. But, if you want to work with the U.S. military, you need to understand ITAR compliance and how it empowers you to secure a contract. If your business would like to work with the U.S. military, or continue to work with the U.S. military, here’s a look at everything you need to know about ITAR — and ITAR compliance requirements.

Read More

Blog Feature

CMMC Cyber and Data Security DFARS GOVFTP Cloud Government Compliance ITAR NIST Supply Chain

Securing the Supply Chain - Meeting CMMC Compliance

This blog post is the culmination of our Securing the Supply Chain series. In our second blog post Securing the Supply Chain - Meeting NISP SP 800-171 R2 we provided information on meeting compliance with DFARS (Defense Federal Acquisition Regulation Supplement) contracts clause 252-204-7019, which triggers your compliance with NIST 800-171 R2 by uploading your self-assessment, System Security Plan, and any Plan of Accreditation & Milestone (POA&M - Plan Of Actions and Milestones) to SPRS (Supplier Performance Risk System) system. Our initial blog covered what the government wants you to protect, the interim rule, Cybersecurity Maturity Model Certification (CMMC) levels, and how to get started. In this blog we start the journey toward meeting compliance with CMMC. We begin with first meeting compliance with NIST SP 800-171 R2, the latest self-assessment and self-attestation standard. Ultimately, over the next five years (by 2026), you will be required to meet DFARS contract clause 252-204-7021, which will trigger compliance with appropriate level of CMMC compliance.  The Cybersecurity Maturity Model Certification (CMMC) is a compliance framework for Defense Industrial Base (DIB) contractors to safeguard intellectual property of United States. DIB contractors must properly safeguard, disseminate, and destroy Controlled Unclassified Information (CUI). As a DIB contractor, you will need to comply with the appropriate CMMC maturity level to renew a contract, compete for a new contract or receive an award of a contract. In this blog we give you the information you need to meet CMMC compliance.

Read More