2

I just was wondering what is considered a common practice in the security community for securely sending files back forth between company and client. For example, at the company I work for, we receive Excel files from our clients through our web portal, we then review them and send them back via email. A problem came up where a file was emailed to the wrong client.

We have started using our website to transfer files back and forth since then, but the design and process by which documents are assigned to clients -so that only they can see the document on their login- is really not efficient. It is multiple steps and takes longer than it should to simply say "x should see y".

Anyway, the company I work for thinks that they're smarter than everyone else and no one really has any database, programming, IT, or security experience so they want to have these long drawn out conversations that are essentially reinventing the wheel. Reinventing the wheel in that there a common practices that companies utilize millions of times a day.

So this is the question. How are most companies sending their confidential information between themselves and clients?

I know with institutions I personally bank with or have credit cards through, it is all through their customer portal. They probably just have a more efficient way of assigning docs to clients than we have.

HashHazard
  • 5,105
  • 1
  • 17
  • 29
cjones
  • 223
  • 2
  • 7

3 Answers3

2

Typically client portals (secured with HTTPS) are the recommended best practice for exchanging documents. If your current solution is kludgy and maintaining different access for different clients is cumbersome, there are some canned document sharing portals available (some even free, though specific product recommendations are off topic here) that have the notion of maintaining separate "sites" for each user.

I would investigate what aspects of your current solution make it problematic and then correct them, or look for a product that addresses those issues already.

HashHazard
  • 5,105
  • 1
  • 17
  • 29
0

Create an SFTP server and establish logins with file permissions.

DAUIE
  • 1
  • 2
    sec.SE is not a good place for one-liner. SFTP has several vulnerabilities if improperly configured, you need to take them into consideration. – grochmal Sep 29 '16 at 21:14
  • 1
    SFTP is also not entirely user-friendly and isn't a 'typical' way companies share files with clients. – schroeder Sep 29 '16 at 21:25
0

I think ShareFile by Citrix may be a good option as it is secure and has very fine grained access controls that you are looking for. It is built for businesses that need to share files with external entities. You can even customize it to look like your site.

Here is a review which may be helpful. I know a few businesses that use it and they are very happy with it. It is cloud based which may be pro or a con depending on your requirements. They have a free 30 day trial with flexible pricing plans so it may be worth checking out.

ARau
  • 619
  • 4
  • 9