Sending large files by email was never a practical solution as there are too many variables involved between the sender and recipient.
Attachment limits vary by the service provider (if using a free service) but rarely exceed 25Mb. For self-hosted mail servers, admins must, by necessity, define mailbox sizes and attachment limits for each user in a way that ensures smooth operation for the entire company. AND without slowing down broadband access for users. This configuration is directly tied to the server hardware resources available (RAM, storage, etc.). Even if using a third-party solution, such configurations remain necessary. Therefore, email is an ineffective solution for large file transfer, with failings including but not limited to:
- The file size is too large and is not allowed by the sender or recipient's mailbox admin settings.
- Your internet service provider (ISP) prevents the transfer of large files (using data caps or fair usage policies). OR ISPs throttle connections to prevent a prompt transfer. Use a VPN to bypass any ISP restrictions; it's the only sensible course of action.
- Email is an insecure option unless end-to-end encryption is available.
Clearly, companies that handle and transfer large files need an alternative, and your choice will depend on file sizes, your desired security requirements and compliance targets (vital if you need an audit trail for file transfers). For example, movie and TV studios and related production companies deal in large video files. In contrast, others in the sciences or engineering disciplines may have large data sets or CAD files to share. For others, large file sizes may apply to backups or data retention requirements. Let's look at some of the alternatives for large file transfer that allow collaboration.
1. Post and Traditional Logistics
Using traditional snail mail or express couriers is an option for some companies, but unfortunately, it's not as convenient as a digital file transfer. Cost is also a factor, and despite the common perception of safety, security breaches can occur before and after delivery. Some removable media such as discs and HDDs are easily damaged during transport as some couriers see the word "fragile" as a challenge. Yes, I've dealt with damaged goods in the past. Not that it's the only flaw with removable media.
2. Removable Storage and Media
Avoiding heavy-handed postal workers and couriers may seem like a good idea, and hand carrying removable media to clients and team members may eliminate some issues in this area. If your process allows it and time is not a factor, some companies use this method for offsite backups and transfer of urgent data. However, the loss or theft of removable media is a possibility. In addition, data breaches can occur when drives, memory sticks, and discs are discarded or recycled. Of the removable media in your immediate vicinity right now, how many items contain confidential or proprietary data?
3. Consumer-Level Cloud Storage
Despite security and compliance warnings from IT, many employees persist in using consumer-grade cloud storage for company data. It's convenient, and they can't see the harm in doing so. Preventing IP theft and creation of an audit trail (e-discovery litigation is increasing these days) are common business objectives, but shadow IT (the use of unauthorized software or services) remains a problem. Cloud storage is useful when the files involved are too large to send by email. You can send a link to the file location in the cloud instead. Popular service providers include Google (Google Drive), Microsoft (OneDrive), and Dropbox. There are many others available, but let's focus on the top three and pick a single compliance standard (HIPAA – as this requires a formal relationship under the Business Associate's Agreement (BAA). Bear in mind that consumer-grade or free cloud storage (regardless of provider) means that all data is outside your firewall and controlled by THEIR admins. What do you really need from secure cloud storage under HIPAA or similar standards? Can you afford to sacrifice security and privacy for employee convenience?
While resisting the urge to grind my teeth and lapse into a rant, it's worth pointing out that all three store, scan, and catalogue user data, regardless of free or paid packages. This is to either present targeted ads, improve their own services (such as AI in the case of Microsoft and Google), or detect IP theft… Your data is also shared with unnamed third parties and subject to legal requests (that you may never hear about due to gag orders).
YOUR DATA CANNOT be private in such an environment as it is unencrypted after upload to facilitate scanning (even for thumbnail generation in Dropbox) and then encrypted again for storage. I suggest encrypting everything yourself before upload. Live without thumbnails etc.
Dropbox, Google Drive, and One Drive all claim HIPAA compliance, and paid/business account holders can obtain a BAA. However, as pointed out by The HIPAA Guide, no software or file-sharing system can claim complete compliance due to configuration requirements and possible human error. Look at the steps required to make Google Drive compliant. At least Microsoft makes more of an effort, offering a compliance center for multiple standards, including GDPR. Data harvester that it is, Google Drive is to be avoided more than the others, given the company's lax attitude to user privacy, compliance, and antitrust violations (deceptive practices), which has resulted in a variety of fines in several countries. Who would trust them with camera and microphone data from the Google Nest cam?
To sum up, if you must use a cloud storage service and you value privacy, then choose one with file anonymity and end to end encryption. Review all privacy policies before signing up to a new service.
4. File Transfer Services
As the name indicates, providers of these services offer the facility to transfer files and generally from your browser window. Again, there are many options, but FileMail is one that offers compliance with several standards (only on the Enterprise package) and encrypted transfer (on all packages). Pricing varies according to storage and desired features. If you have a storage option – you can send a link to the stored file or simply send the file as an email attachment (providing the recipient and sender address in the browser window). Note that to receive large files, the recipient must have at least a business account. Such services are convenient, but provider review and selection is always necessary. Again, check their privacy policies and know the features you'll need to maximize business benefits. Audit tools, tracking, and encryption are apparent advantages for compliance.
File transfer protocol (FTP) is familiar to most of us and allows authenticated users (with a username and password) to transfer files to in-house or hosted servers. Security is pretty basic, and a basic audit trail is possible with a little work. Being only suitable for tech-savvy users is a drawback. Purging obsolete data is necessary, as is ongoing maintenance and user management—a bit of a resource hog.
6. Secure FTP
Like its predecessor, Secure FTP (SFTP) requires admin and maintenance and can hog IT resources during file transfer. It is possible to define a process and audit trail but not to prevent casual usage by authenticated users that bypass these processes. Again, SFTP is not for the technically challenged, and non-technical users require training.
7. Managed File Transfer Solutions
MFT (managed file transfer) solutions are secure, an obvious plus. They are often seen as complex but, once correctly configured, are ideal for securing proprietary data and ensuring compliance with a wide variety of standards. Licensing per user is often required, and administration is in-house. The ability to define process-driven policies and provide an accurate audit trail for all data transfers outweighs the potential costs involved. If you worry about potential compliance issues, why not investigate further? Yep – that was the call to action. There's a free trial available, so what have you got to lose?
In conclusion, if you must send large files, please ensure IT is involved so they can recommend an authorized solution. Do not use consumer-level or free cloud storage. A managed solution makes sense to eliminate potential compliance problems, protect data, and create a complete audit trail, all without involving third parties. Do you disagree?