What is a secure client portal?
Historically, FTP servers and email attachments were used to transfer files over the internet. FTP server (also known as File Transfer Protocol servers) have fallen out of favor due to complexity and security concerns. Emailing attachments continue to be a security concern and are often limited to fairly small file sizes. People now transfer files using File Sync and Sharing Services or Secure Client File Portals.
The key difference between Clould-based File Sync and Sharing Services and Secure Client File Portals are the type of users. It will be important to understand this difference before we dive into the question of "what is a secure client portal".
File Sync and Sharing Service
What is a File Sync and Sharing Service? This is a service that copies folders and files from your device into cloud storage. Any changes to the files will sync down to other devices that have access. For example, if you save a file in a Dropbox folder on your Windows desktop a copy is uploaded to the Dropbox hosting server. Later when you access the same folder from the Dropbox Phone App you will see the same file and can download it there. These folders can be shared with other users to collaborate and sync changes to files typically within an organization. Many companies have moved away from costly Network File Shares and switched to File Sync and Sharing Services.
If I edit a Word document and save that change it gets saved up to the Dropbox file cloud storage server. And then gets transmitted out to all of my team members that also have access to that folder. This also allows multiple users to work on the same file. These services can save and resolve file conflicts and view file version histories. Deleted files can be recovered and have full auditability of their change history.
Any business would be insane, not to use Cloud file sinking is their primary mechanism of collaborating on files within a team in 2021.
What is a Client Portal? A client portal is a secure internet site which allows access to files to be securely shared with specific users. These are typically used to transfer sensitive or large files with other people typically outside your organization. Client Portals are commonly used by Accountants, Attorneys. Some organizations abide by safety standards such as the Gramm–Leach–Bliley Act. In these cases, emails are not secure enough so Client Portals are used to transfer files.
Challenges with File Sync Solutions for Customer File Sharing
The drawbacks to File Sync and Sharing Services in terms of your customer:
- Customer required to create an account for a file syncing solution
- Added complexity in how you audit access to the shared files
- Accidentally sharing too much access with a customer
- Customers may sync a file that your business does not want on your network
For sinking files is not an ideal experience for your customers. Especially when your customer just wants to access their file as quickly as possible. They want to download or upload their file and move on with their life.
For customer file sharing, use a client file portals such as Zapa File Portals, SmartVault or Citrix ShareFile. These file portals are designed with the customer experience in mind and are branded specifically for your business. Newly invited customers should see your logo on the main page. They should also clearly see that they are accessing their files and only the files that you've granted them access to. They can easily upload files to you and you can send files to them. Access rights and permissions are completely controllable in a Client Portal. Most also allow you can to receive notifications by email as soon as a new file has been uploaded by your client.
Rating Client Portals
A good client file portal should work harmoniously with a File Sync and Sharing solution like Dropbox or OneDrive. But what makes a good client portal?
Great User Experience for your Customers
The most important aspect of a client portal is ensuring that your customer has a good experience accessing their files. The customer should find the portal to be easy, clear and intuitively (without training) know how to access and download their files. If the customer has a problem, you will immediately become their IT support solution. This is not what you want as a business and does not make a good customer experience.
Pricing and Limitations
The cost of the portal may include limitations on your subscription. Some portals have scalable fee structures while others will increase the costs your business with the number of users. Modern fee structures tend to not penalize businesses with growth. See the section below for more information on costs and limitations of various client portals.
Security is an essential component of describing what is a secure client portal. As we will discuss later, security should be fundamental to a secure client portal. The files should be encrypted at rest and when being transmitted across the internet. The requirements to access files should be as strong as a bank. There should be industry standard guidelines like OWASP that are adhered to. You should always know the context of who has access to the folder you are saving a file. Transferring a file to the wrong folder can be just as bad as a security vulnerability in the system.
And lastly, a good client portal should be auditable. You should always know who access to which file. From where did they upload the file. When did it happen. And did they have access at that time. To do so, this should be clearly available for you and your team members to review.
What is a secure client portal?
Encryption in Transit
As we discussed earlier, any file transferred to your client portal should be transmitted over SSL so the data is encrypted. When you visit a bank website, you can see the SSL lock on the left-hand side of the URL. Client Portals should have same level bank-level confidence in security. It is important that anything that leaving or comes to your device is encrypted.
Encryption at Rest
The file should also be encrypted as it's written to the Client Portal file server. When the file is written to the disk on the server, that file should be encrypted with a private key. That should be unknowable and never communicated outside the system's core architecture. Between these two encryption methods, your data will be secured both during transmission and while stored on the server.
Awareness of Client Context
It is important when accessing a client portal that you always have a situational awareness of whose folder you're in. You should never be confused and accidentally send somebody a wrong file. You should also always have visible, who has access to the portal you're working with, at any time. If either the name of the portal, or the list of users that have access to that portal are hidden. You may unknowingly transmit or communicate sensitive data to an unintended user.
This is as much a security breach. As a hacker proactively attacking your site, your system, your portal. This is all too common in older client portals, like smart vault. So what are the most popular secure file sharing applications.
Most Popular Secure File Sharing Portals
Let's not only answer "What is a secure client portal" but also show a comparison of common solutions:
- NetClient CS Portals
- Zapa Client Portal
How do you set up a client portal?
Below we will compare the process for creating a new client portal to share files for each vendor.
ShareFile is fundamentally folder based, so be warned that granting access to a root folder will grant access to ALL subfolders.
- Select the "People" Accordion Menu
- Click "Manage Users Home"
- Click "Create Client"
- Enter the Client First Name, Last Name, Email Address and Company Name
- Click "Create & Continue"
- Select "Continue Anyway" to add a specific folder for this client.
- Click the "Folders" Accordion Menu
- Press "Shared Folders"
- Click the Plus icon, then the "Create Folder" action item
- Enter the Folder name and details
- Check the "Yes" radio box under "Add People to Folder"
- Click "Create Folder"
- In the top left dropdown that says "Select..." enter the client name entered in Step 4 to find the existing client.
- Check the appropriate permissions
- Select "Add Person"
SmartVault has separates "Vaults" and "Clients" and these two need to be linked together for an individual to access their own personal portal.
- Open the SmartVault Dashboard
- Click the "Clients" action under the "People" section of the left-hand menu
- Press the Plus icon in the top left corner to "Add client"
- Select the Plus icon under "Names" and enter the client's First, Middle and Last Name
- Click the Plus icon under the "Email" section and enter the client's email address
- Press the Disk icon in the top left corner to "Save Changes" for the new client of type "Person"
- Click the Door icon on the top bar to "Open vault"
- Select the newly created Vault in the left-hand tree view
- Press the Gear icon on the right side of the gray bar at the top of the screen
- Switch to the "Access and Notifications" tab
- Select "Edit Access Settings"
- Click "Add User"
- Press the dropdown labeled "License" and select "Guest"
- Enter the email address entered in Step 5
- Enter the First and Last name entered in Step 4
- Select the desired access settings (Note: Create is required for user upload)
- Click "Add"
- Click "Save Settings"
Zapa Client Portal
Zapa Client Portals are designed with ease of use in mind. You can see that by how quickly it allows users to create new client file portals.
- Click "New Portal" on the left side menu
- Enter the Portal Name
- Click "Create"
- Click "Invite New Guest"
- Enter Guest Name and Email Address
- Click "Invite"
NetClient CS Portals:
These steps assume that you are already using Practice CS from Thomsen Reuters for your Accounting Practice and have connected NetClient CS Portals. It also assumes that you have an existing client created to share a portal with.
- Open the Practice CS Windows Application
- Open the Contact Info tab
- Confirm the existing contact has a valid email address
- Click the Actions Dropdown in the "Internet" subsection
- Click "Add Portal"
- Launch NetClient CS Portals and select the desired Portal Type
What are the limitations and costs of a client portal?
We not only want to know what is a secure client portal, but more specific which is a great client portal. A great client portal solution should have clear fixed fees that encourage you to allow all add team members without a financial penalty. It should also have a clearly understandable audit of who access which file and when. Furthermore, the space limitations should be abundant. The total number of portals or total number of guests that you invite shouldn't be prohibitive. You don't want your employees dealing with a message saying "your IT administrator needs to increase your subscription license" again. This does not make a good experience or scalable use for a good client portal.
SmartVault starts at $16/user/month with a minimum of 5 users at a total minimum cost of $80.00 per month.
Zapa Client Portals starts at $10/user/month with no minimum at a total of $10.00 per month.
Citrix ShareFile starts at $11/user/month with a minimum of 5 users at a total minimum cost of $55.00 per month.
NetSuite is a tailored quote, but the base license starts at $999.00 per month plus $99.00 per user per month.
If you have more questions about what is a secure client portal, email our team, and we would be happy to answer any questions.