MFT security controls buyers expect in 2026

Vendor security questionnaires in 2026 assume cloud-native MFT, not appliance SFTP. The baseline moved.

Non-negotiables

• OIDC / Entra SSO — no local-only passwords for operators
• TOTP MFA on every account
• Dedicated tenant isolation (compute, metadata DB, object storage)
• Per-transfer audit with exportable evidence packet
• 14 protocol adapters so you do not keep shadow FTP servers

xEvolve ships these as defaults on a $1,200/mo single tier — one Environment, one price, no surprise modules.