In general, people like free things. Beverages, company lunches, swag at tradeshows and conferences, t-shirts and socks, those intriguing items in the “For Free” box at your local yard sale… You can’t go wrong with free, right?
Well, coffee you don’t have to pay for is great, but the adage “There’s no such thing as a free lunch” exists for a reason. When it comes to exchanging sensitive files with your trading partners, free software or PC tools may not be as appealing or as costless as you think.
If you’re currently evaluating SFTP software for your organization, we recommend taking a deeper look at free SFTP software and enterprise-level SFTP software before you decide on one or the other. What are the pros and cons of a free solution? What are the pros and cons of a commercial solution? Let’s dive in.
First, we should establish what SFTP software is. In a nutshell, SFTP software can exist as an open-source PC tool like WinSCP or as part of a bigger solution, like managed file transfer. SFTP software can include a client, a server, or both, and its primary job is to move files over a secure shell (SSH) connection. AES, Triple DES, and other algorithms that come with SFTP software will encrypt those files as they transmit between users, systems, and networks.
Related Reading: WinSCP Free SFTP Client or an MFT SFTP Client?
Organizations who choose to work with SFTP software (as opposed to FTPS, AS2, or another secure FTP solution) generally do so because their trading partners require it. That makes it imperative that the SFTP solution used has good authentication measures to ensure proper access of files, keeping out those who aren’t authorized to decrypt and view the files exchanged. Most SFTP software allows users to test a connection with their user ID and password, an SSH key, or a combination of a password and SSH key for top security.
Like anything in life, there are upsides and downsides to free SFTP solutions. As you evaluate your needs against your budget, weigh these pros and cons against the ones for an enterprise-level SFTP solution to better determine which will fit your organization’s file transfer needs.
If you only exchange files occasionally with your trading partners, a free SFTP server and client solution might suit you. Free SFTP software may also work for you if you don’t need to prove compliance with data security standards or track file transfer activity for auditing purposes.
2. It provides basic functionality for simplistic needs.
Maybe you don’t need all the bells and whistles, and you just want to implement something that satisfies the bare minimum of functionality necessary. If so, free SFTP tools can usually fulfill basic file transfer needs for user authentication, unlimited file transfers per server connection, and port usage control.
While this could be a positive for some, it could be a negative for others. Inexpensive or free SFTP tools rarely offer automation, auditing, monitoring, or other key features that make file transfers easy, secure, and affordable to execute. And if you need to be compliant with local or federal data security standards, you’re out of luck. Free SFTP solutions rarely come with additional security features, like integrated key and certificate managers or folder-level permissions, that can help ensure your data is protected under certain regulation requirements.
2. Some SFTP clients require custom scripts to run file transfers.
If your team doesn’t have the programming knowledge to build file transfer scripts, along with several other cumbersome tasks like manual auditing, running commands, and using secondary free tools to cobble together a final approach that works, the “free” aspect of a free solution can quickly become complicated. Scripting also introduces an aspect of human error that can compromise your business processes as a result.
3. Free tools may not be updated as often, and support can be lacking.
Free tools are nice for the budget conscious, but if you run into problems, there may be no support team available to help you. This puts all the work of finding, fixing, and pushing the changes into your own hands. If staffing is limited, the time involved in a fix could set you back, especially if you depend on the free SFTP tool to run critical file transfers. Security updates are in the same bucket. A free tool may be updated infrequently or not at all, leaving you at risk of a cyberattack if you don’t patch the vulnerabilities yourself.
Enterprise-level SFTP solutions (aka SFTP software that requires a small-to-medium figure investment) also come with a set of pros and cons. Like the free solutions, whether these are positives or negatives to you depends on your organization’s needs.
If you have extra considerations in your organization that you need to meet, enterprise-level SFTP software can be great. A managed file transfer solution that includes SFTP, for example, can support your need for robust reporting and auditing, workflows and tasks for automatic encryption, file movement, and file processing, integrations with cloud services, secure file sharing for internal users, clustering and high availability for multiple systems, and more.
2. Enterprise-level SFTP solutions can support your compliance needs.
An SFTP solution’s auditing and reporting features can help organizations track file transfer activity for compliance with data security standards like PCI DSS, HIPAA, HITECH, FISMA, and the GDPR. Granular security settings for file transfer processes and clearly-defined user roles and groups can also help keep you in line with compliance needs.
3. You’ll get the support you need, anytime you need it (including security updates).
Good enterprise-level SFTP solutions are updated frequently (every few months at least) to keep you in line with the latest cybersecurity and technology requirements. Dedicated support staff are also available 24/7 to help when you have troubles, which is far better than worrying over lost time and money when your file transfer systems go down.
Many vendors of enterprise-level solutions also offer professional services and training, so you don’t have to learn everything on your own or hire someone who knows how to program. This staff is there to help ensure your SFTP file transfers, and everything else you need, are a success.
4. If you’re planning on the cloud, commercial SFTP solutions are where it’s at.
Are you in the cloud? Most solutions support file transfers in the cloud, on-premises, or within a hybrid environment. Free SFTP tools are less likely to have a wide coverage of support on the various platforms and environments you need (for example, some may just run on Windows, and others may not integrate well with computing platforms like Microsoft Azure or AWS).
5. Enterprise-level SFTP solutions are a great fit for companies of any size and industry.
Commercial SFTP solutions aren’t just for medium- to large-scale organizations! A good solution will be able to fit the needs of any team or organization, scale as you grow, and keep your file transfers centralized, so you don’t need multiple tools or in-house processes to keep things running smoothly.
While the actual price of an enterprise-level SFTP solution varies on many factors, including how many licenses you need and which features you add, it’s good to remember that a robust SFTP solution is an investment. It will cost money up front, but using a tool like an ROI calculator can help determine how much money you’ll save on your file transfers vs. how much you’ll pay out for the solution you’re considering. Chances are high that you’ll save money and time.
If the cost is still too high for your budget, ask vendors for alternative options. Most are willing to see if a scaled-down implementation of the software will better align with your price point. Additional features can always ben unlocked later when budget allows for it.
2. Commercial SFTP server software may include more functionality than you need.
In the positives section, we listed the functionality that regularly comes with a commercial SFTP solution. For some, this may be more than they need. Check with the vendor you’re evaluating to see if the features you don’t want can be left off (for example, collaboration modules are often added on to the base solution). If they can’t be left off, you might be able to use those extra features that help solve some file transfer roadblocks you’re facing. Ask if they have a list of real use cases and projects; this type of resource can help point you in the right direction.
Is a solution like managed file transfer, with support for secure FTP protocols, automatic encryption, auditing and reporting, and workflows, right for you?
Watch our MFT 101 webinar to see how MFT and its built-in SFTP solution can reduce human error, simplify trading partner connections, comply with strict security standards, and more.