Looking for a recommendation on a sftp or ftps site

dee001

dee001

Member
Reaction score
9
My customer is requesting that one of their vendors needs to be able to upload files securely to a FTPS or SFTP site that has FERPA or COPPA protections. Can anyone make any recommendations or anything I should think of before making this recommendation?
 
Does the customer know what and/or why? So is the customer's vendor is requesting this or is the customer requesting that the vendor do this? COPPA and/or FERPA are data security regulations, not technical specifications. Anything FTP is so Y2K given the other options available. The best thing is to get a clear understanding of what is going to happen in terms of what kind of data, how is it stored, and how is it going to be used.
 
FERPA and COPPA aren't technology, they are business processes. The fact they have asked you for a file transfer mechanism that "just does these things" means they aren't compliant, and if you make any attempt at claiming it is "compliant" YOU will be on the hook for the violations they inevitably create.

Wash your hands of this, unless you have a REALLY good lawyer.

The key element here is the customer being responsible. If they want an sFTP server as part of a compliant process THEY have designed or are working with a compliance vendor that's fine. But don't let them throw compliance on IT, it will fail, it will be expensive, and they will attempt to recover the losses from your hide!

Also note, I said sFTP before, not FTPs, for the love of all that is good and right in the world, do not use FTP or FTPs! SCP / sFTP is MUCH easier to audit, configure, and secure.
 
Last edited:
Sky-Knight said:
But don't let them throw compliance on IT,
Click to expand...

As far as I'm concerned, explicitly rejecting responsibility for compliance, with anything, should be a part of one's boilerplate contract if one is NOT specifically contracted as a compliance officer.

Normal "due diligence" scope should be sufficient, but as anyone who's ever dealt with lawyers knows, it isn't.

One of the things I love about break/fix for the residential and micro-business market is you just don't have to deal with this BS.
 
Markverhyden said:
Does the customer know what and/or why? So is the customer's vendor is requesting this or is the customer requesting that the vendor do this? COPPA and/or FERPA are data security regulations, not technical specifications. Anything FTP is so Y2K given the other options available. The best thing is to get a clear understanding of what is going to happen in terms of what kind of data, how is it stored, and how is it going to be used.
Click to expand...
The guy email copied me in on an email wit the vendor, they were very vague with just stating any sftp or sftp will do as long as they meet those COPPA and FERPA requirements, my customer just needs the data to input into Tableau the normal process is the guy would send it to him using their secure site and he would download the data file but now they are requesting the customer to obtain their own sftp site. My customer is under the assumption from the vendor that this is something easy we should be able to buy.
 
dee001 said:
The guy email copied me in on an email wit the vendor, they were very vague with just stating any sftp or sftp will do as long as they meet those COPPA and FERPA requirements, my customer just needs the data to input into Tableau the normal process is the guy would send it to him using their secure site and he would download the data file but now they are requesting the customer to obtain their own sftp site. My customer is under the assumption from the vendor that this is something easy we should be able to buy.
Click to expand...
The link below indicates that collaboration solutions are suitable.

www.biscom.com

IT Guide to FERPA and Secure Document Transfer

Sharing Student Records: How to securely share files without compromising privacy. Here's what you need to know.
www.biscom.com www.biscom.com

Additionally MS states that they will be ferpa compliant. So azure is a logical solution. Schools pay a pittance for m365 solutions on techsoup.
 
You can do SFTP with Azure Blob Storage, but you would still have to configure things/have processes in place to meet whatever regulations you need.
 
trevm999 said:
You can do SFTP with Azure Blob Storage, but you would still have to configure things/have processes in place to meet whatever regulations you need.
Click to expand...
Do you think MS would have a support option to walk us through meeting their requirements?
 
"FTP"? Wow...brings back..memories...from back in the dial up days and earliest of broadband days. FileZIlla...lol.
I wouldn't want to stand up an FTP server these days and try to keep it secure. Would be as suicidal as having a terminal server exposed to the internet. I'd think this software vendor would be using one of the many more modern and secure methods avail these days to move files.
 
You must log in or register to reply here.

Similar threads

Velvis
Best way to facilitate roaming users for M365
2
Replies
23
Views
769
Sky-Knight
Sky-Knight
JoelM
Network Configuration Recommendation
Replies
9
Views
912
YeOldeStonecat
YeOldeStonecat
britechguy
Accessing a Windows 11 Computer with a Microsoft Account Linked Windows Account After the Owner's Death
Replies
16
Views
1K
fincoder
fincoder
timeshifter
Any tips on getting Crucial scanner to work again - or a replacement?
2
Replies
26
Views
14K
frase
frase
A
BSOD on boot
Replies
17
Views
2K
ell
E
Back
Top