Only available on GOVFTP plans
All our data center partners are audited annually under SSAE-18 standards.
All FTP Today data center partners are audited annually under SSAE-18 standards. SOC3 report can be found on our resources page. SOC1 and SOC2 audit reports can be provided to existing customers upon request.
All infrastructure partners are certified under the ISO 27001 security standard.
Some subscription plans are available with our signed GDPR DPA.
Our GOVFTP Cloud platform is FedRAMP JAB Authorized!
The Joint Authorization Board (JAB) is the primary governance and decision-making body for the FedRAMP program. The JAB reviews and provides joint provisional security authorizations of cloud solutions using a standardized baseline approach. Chief Information Officers from the Department of Defense, the Department of Homeland Security, and the General Services Administration serve on the Joint Authorization Board (JAB).
The NIST SP 800-53 provides a catalog of controls that support the development of secure and resilient federal information systems. These controls are the operational, technical, and management safeguards used by information systems to maintain the integrity, confidentiality, and security of federal information systems.
Our GOVFTP platform meets all ITAR requirements for cloud service providers.
The ITAR itself mainly concerns preventing the export of information related to the U.S. Munitions List (USML) to non-U.S. Persons. However, it is safe to conclude that nearly all ITAR and EAR data is also considered Controlled Unclassified Information (CUI). The protection of CUI is controlled by the Defense Federal Acquisition Regulation Supplement (DFARS).
Because these compliance rules all tie together, effective November 15, 2018, FTP Today has added a FedRAMP Authorized cloud platform.
Only available on GOVFTP plans
Cloud platform built on best-in-breed network, compute and storage systems.
All FTP Today production servers run on a high availability (HA), enterprise-grade cloud infrastructure (VMware/Cisco/EMC). Our infrastrcutures are designed for production workloads, business-critical data and applications, reliability and performance.
Firewalls isolate FTP Today to create a Virtual Private Data Center.
FTP Today's production virtual machines (VMs) are protected, both internally and externally, by two hardware firewalls in an active-passive fail-over configuration. This provides FTP Today with a Virtual Private Data Center (VPDC) that is completely isolated from other customers within our partners' cloud infrastructures — and creates what we call The FTP Cloud™.
All traffic must pass through these firewalls to reach our Internet-facing server IP addresses. Our firewalls provide accelerated security throughput at gigabit line speed.
Industry-leading virtualization technologies offer maximum uptime.
VMware VMotion automatically enables the live migration of running virtual machines from one physical server to another with zero downtime, continuous service availability, and complete transaction integrity.
Hacker blacklisting based on FTP Today's proprietary rules and heuristics.
FTP Today uses proprietary Intrusion Detection and Prevention heuristics to monitor, detect and instantly blacklist any offending IP addresses. The blacklist is then updated on our entire network of servers within a couple of minutes. For added security, FTP Today also blocks shell access on port 22 in order to prevent all attempts to compromise attack the root operating system, while still allowing SFTP traffic to your site. Secure Shell (SSH command line access) is not available to anyone over a public network.
We back up your data to a remote location at our expense.
FTP Today performs backups from our production facilities to a highly secure system at least 500 miles from our production facilities. All backups are encrypted both in transit and at rest using AES-256 encryption.
Backups have a 5-day retention policy, so any files you accidentally delete may be recoverable if you contact us within 5 days after the deletion occurs.
Our GOVFTP Cloud includes Cisco Firepower Thread Defense protection.
Our GOVFTP Cloud uses Trend Micro comprehensive real-time virus protection.
Our GOVFTP production cloud is duplicated nightly to another location.
All GOVFTP servers at our FedRAMP Authorized facility are replicated nightly from our production facility in Sterling, Virginia to a second facility in Denver, Colorado. In the event of a facility scale disaster, the standby facility will be activated with and RPO and RTO of 24 hours.
Configurable FTP, FTPeS, FTPS, SFTP and HTTPS protocols.
Unlike file sharing services that make you use their own software and barely (if at all) support FTP or any other automation-ready protocols, we fully support all of the following standard protocols for every authenticated user:
Each protocol can be individually controlled by the site administrator. With these protocol controls, you can force end users to conform to your compliance requirements, rather than letting them police themselves (e.g. by written policy).
Authenticated users can send expiring links to people without login accounts.
Since 2001, FTP Today has led the industry in user-authenticated file sharing via FTP, FTPS and SFTP, as well as in providing secure browser-based access for ad-hoc file transfers.
(assuming you want them to, that is*)
Turn on InfiniShare™ and any user with download permissions in a workspace will be able to create a link to certain files, then email the link to the recipient of their choice. The recipient of the link does not even need a login account on the FTP Today site.
*InfiniShare can be completely disabled system wide if you have concerns over compliance.
Configurable access restrictions based on global geo-IP database by country.
Using a professional Geo-IP database that tracks 99.9999% of all IP addresses in use world wide, this industry-exclusive feature gives you control over front line access by country. This feature, along with our managed Proactive Hacker Protection, will keep unwanted visitors away and prevent brute force attacks by stopping them dead in their tracks before they even receive a login prompt.
Point your own custom domain name and get a matching, signed SSL certificate.
Each FTP Today customer receives a dedicated, static IP address for the life of their account. No IP's are ever shared. This allows you to point your own DNS host name (e.g. sftp.yourcompany.com) to your FTP Today IP address and maintain your own site identity. We'll also purchase and install a custom SSL certificate to match your own DNS name, in most cases at no extra charge.
A dedictated IP address also means that, at most, you will require only one firewall rule to make on your end, for example an SFTP rule like "Allow port 22 outbound to <your FTP Today IP>".
Apply your logo and matching colors. White Label Branding also included.
Represent your own company, not ours, on all Web browser login and file transfer screens.
Pick up to three specific colors for the Web UI to match your logo and company branding.
Eliminate the "Powered by FTP Today" from the Web UI and any support links back to us. Available on any plan that includes Branding.
Strong TLS 1.2 and FIPS compliant ciphers required on all protocols.
FTP Today follows expert guidelines in deploying SSL/TLS encryption security, resulting in an A+ grade from an independent lab. This highest independent grading is achieved in part because:
Transparent encryption of all files as they are uploaded to your FTP Today site.
FTP Today Enterprise customers have the option of adding AES 128-bit encryption* to their FTP storage. Our GOVFTP platform uses AES-256 on all SAN storage drives.
Our at-rest encryption process is completely transparent to all end users of your secure FTP site, so you may prefer this option to training users on the use of PGP file encryption.
*Even with a supercomputer, it would take one billion-billion (1.02 x 1018) years to crack a 128-bit AES key using a brute force attack. AES 256-bit encryption is also available on the GOVFTP platform.
FTP Today allows you unlimited transfer per month at gigabit line speeds.
When we say unlimited bandwidth, we mean it. You get an unthrottled connection and unlimited monthly transfer. Upload and download as much as you want without fear of any overage charges.
FTP Today allows you an unlimited total number of connections to your site.
Our system can handle as many simultaneous connections as you can throw at it, without a hiccup. However, there is a limit of 25 connections per username.
There are no imposed limits on the size of a file; only your overall storage.
Many file sharing services limit your file size to 1 GB, 2 GB or maybe 5 GB, depending on what you are paying. Not FTP Today. As long as you are under your overall storage limit, you can upload any size file you want (actually, we even let you exceed your storage limit by one file of any size).
Web browser... FTP client... Let them use the tools they are familiar with!
A user-friendly Web browser interface has been part of the FTP Today experience since our launch in 2001. Being browser-compatible back then required each user to have a Java plugin. Recent Java security issues have led us to develop our own Web App. It is designed to work within all modern browsers -– without the need for any plugins.
The FTP Today Web App is developed in-house by FTP Today programmers, so none of our competitors have anything quite like it. Our Web App is under continual development and improvement. We strive to make it as powerful as any third party FTP client software in the marketplace and we release new or improved functionality regularly, usually as a result of suggestions made by our customers.
Experienced users may already have file transfer software they know well. Called "FTP clients" in general, these software typically offer the person a choice of file transfer protocols such as SFTP, FTPS, SCP or FTP. Filezilla, WS_FTP Pro, CuteFTP Pro, Fetch, SecureFX, WinSCP -– you name it (mobile tools, too) -- they are all compatible with FTP Today! Most of these software tools also support automation or scripting.
Share or delegate administration with full-site and sub-site admin roles.
Create multiple Site Administrators with full reign over the entire site, both from an administration standpoint and from a file and folder permissions standpoint.
Create Team Managers who can create and manage users and folders, but only within their own team.
Non-administrators can only access their assigned folders and files, or perhaps reset a forgotten password.
You will be able to control which users, if any, are allowed to create file sharing links and which users are not.
Allow or require SSH-key authentication in lieu of a password.
The following authentication methods are supported:
Administrators can limit a user to only password authentication, only SSH-key authentication, or both. Allowing both might be useful if some of the user's activity is automated SFTP, but there are also occasions when the same user just wants to use their web browser.
Require a specified IP address (or range) and/or a specific protocol of each user.
A powerful security layer that allows site administrators to create user-level access rules that restrict individual user connections by remote IP address and/or by protocol. So, even if a user's password is compromised it cannot be used from another location. Some example restrictions:
This feature meets requirements for two-factor authentication (username + IP address), yet it works across all protocols.
Controls for password strength, expiration, resets and new user invites.
When you have a large user base you need to control their password management behavior. We give you total control of the following:
Password Edits & Resets - Whether users can edit their own passwords at all (manually or via reset). And, if so, can they change their own password from a Forgotten Password link.
Password Strength - You decide what constitutes the length and strength of each chosen password.
Password Expiration - You decide how often passwords must be changed.
New User Invites - If enabled, new user(s) are emailed a temporary link to follow and choose their initial password. Until they do so, login access is disabled.
Of course, administrators can always edit anyone's password or send them an email to reset it themselves.
Require users to enter a second One-time Password (OTP or TOTP) after a password.
Our Web App can require authenticated users to require Two Factor Authentication (2FA). This is configurable on a per user basis to require certain users to enter a One-time Password (OTP) before being granted access. OTP can be configured per user with one of the following OTP or TOTP delivery methods:
Design your directory tree as you wish and configure access at all folder levels.
FTP Today provides the most flexible folder permission system in the industry. This allows you to organize your folder structure any way that suits your needs. Some options are:
Each user can only see their assigned folders. Everything else is hidden.
You never want anyone to see any files or folders they are not supposed to. With FTP Today you'll have total control of folder visibility and access, from the top of your directory structure to the bottom. Every user will only have visibility to those folders to which they have been assigned.
Separate Upload, Download, Delete and List permissions -- per user, per folder.
Some FTP hosts only give you two user permissions settings (based on the Linux operating system):
Note that with the above system there is no way to allow Upload without Delete. Also, you can't prevent someone from seeing a directory listing.
FTP Today gives you more granular control over your users. Per-user permissions (per folder) are:
Configurable alerts triggered by upload, download or delete actions.
Configure as many email notifications as you want, to as many people or email addresses as you want.
Send emails to:
Trigger emails by the activity of:
Activity types are:
Consolidate your triggered messages:
Brand your email headers with:
As you can see, the above gives you the ultimate in flexibility in how you create outgoing email notifications based on activity within your FTP site.
Purge settings configurable at the site level or at the individual folder level.
Set up auto-delete rules to purge files from your FTP site based on age since upload. Choose a site-wide default of "Never Purge" or a default number of days to purge files site wide. Then override the default setting on each individual folder.
See who is connected and what they are doing -- LIVE, in real time.
The Dashboard shows you system status, who is logged in, the most recent activity detail and the most recent file transfers.
On-demand reports allow you to review activity from 1 to 90 days old.
Run reports on a selected date range up to 90 days old and either view, print or export (CSV) your selected data. Some example reports are:
We're building new reports all the time. If you need information more than 90 days old, historical log files are always there for you.
A permanent archive of detailed audit logs is kept and never purged.
No matter how long you are an FTP Today customer, your log files will be kept by calendar month, all the way back to the day you first signed up. These CSV log files contain far more detail than the on-demand reports — things such as logins, failed logins, user navigation, session timeouts. It is the ultimate audit log that is never deleted.