Get it Now

x Close

Get it Now

Meet Your SFTP Security Requirements


Since its conception in 1999, FTP Today has been focused heavily on file security and privacy. By the time we launched our first hosted FTP service in 2001, governmental regulations were already due to go into effect on certain industries such as health care and financial services. We believe we have a responsibility to fully understand such regulations in the context of secure file transfer so we can provide our customers with a compliance-ready environment from which they can securely share files with their business partners.

Physical Security

FTP Today partners with Flexential (formerly Peak 10) and our production infrastructure is housed in Louisville, Kentucky. All Flexential data center facilities incorporate multiple physical and operational security features and protocols. Among them are: • Combination lock cabinets • 24/7/365 monitored video surveillance with video stored for review for nonrepudiation • Alarmed and monitored perimeter doors • Door event alarming in which auto tickets and texts are sent to staff if abnormal door events occur • Visitor sign-in via iPad, in which a visitor’s driver’s license is scanned, the visitor quickly verified and placed into a database before printing the visitor badge • Package tracking, which allows the Technical Assistance Center (TAC) to record receipt of customer packages into a database and track their storage locations.

Server & Network Device Security

FTP Today’s network of servers runs on Flexential’s Enterprise Cloud, a best-of-breed infrastructure (Cisco / VMware / EMC). Flexential leads the industry in certified, audited and compliant cloud offerings to satisfy regulatory bodies and audit standards. The entire Flexential cloud platform is compliant.

Virtual LANs separate network traffic, creating a Virtual Private Datacenter for FTP Today at the virtualization layer. FTP Today's Virtual Private Data Center is protected by dedicated physical firewalls. The data center plays no role in either deploying or managing FTP Today virtual machines (more info below).

Logical Security

Dedicated hardware firewalls at the FTP Today network perimeter protect both our external facing and internal IP address blocks. Software firewalls at the server level provide automated intruder blacklisting within seconds and update a master blacklist with all servers on our network within a few minutes.

FTP Today operates on the principal of least privilege. The principle means giving a user only those privileges which are essential to perform its intended function. There is no administrative access to any FTP Today machines from the public Internet. FTP Today staff with root privileges only have such access over a VPN. Privileged staff are prevented from accessing customer data by our confidentiality policy. Data center technical staff have no root-privileged access to FTP Today's virtual machines. 

FTP Today’s software provides customer with logical controls such as limiting active protocols on the service (FTP, FTPeS, FTPS, SFTP and HTTPS). The customer is also provided logical control over IP address restrictions both by country and by user. Password and SSH-key authentication are also the responsibility of the customer to manage, along with assigning users access and permissions to file folders.

Backup & Disaster Recovery

Continuous backups encompassing all production applications, databases and customer data are continuously backed up to a location that is remote from our production facility. Remote backups are encrypted both in transit and at rest with AES-256 encryption. Frequency of backup updates is every four hours.

Effective February 2018, all FTP Today backups are stored in the AWS GovCloud region. AWS GovCloud (US) is an isolated AWS region designed to host sensitive data and regulated workloads in the cloud, helping customers support their US government compliance requirements, including the International Traffic in Arms Regulations (ITAR) and Federal Risk and Authorization Management Program (FedRAMP) requirements.

Vulnerability Management

Full web application and network security are tested regularly by FTP Today using software from Acunetix Online. Minimum frequency is quarterly. Customers are welcome to run their own penetration tests against their FTP Today IP address and its applications.

Software Development Lifecycle

Production servers are never used as a development or testing environment. Software is developed and tested offline and further tested online in a staging environment separate from production.

5 Essentials to Choose the Best FTP Hosting Service for Your Business Needs

Businesses who rely on the productivity, flexibility, compatibility and security from a file sharing software - rely on FTP Today.