Business Class FTP Storage

You can use Filezilla Server to create a FTPS server (TLS).  Here's the link for the installation files:

http://filezilla-project.org/download.php?type=server

I also found Core FTP Server.  This server supports SFTP.  Here's the link:

http://download.cnet.com/Core-FTP-Server/3000-2160_4-10783460.html

What can I tell them abou the security, I think that is the main concern

FTPS over TLS is: Two separate methods were developed to invoke client security for use with FTP clients: Explicit or Implicit. The explicit method is a legacy compatible implementation where FTPS aware clients can invoke security with an FTPS aware server without breaking overall FTP functionality with non-FTPS aware clients. The implicit method requires that all clients of the FTPS server be aware that SSL is to be used on the session, and thus is incompatible with non-FTPS-aware clients.
   http://en.wikipedia.org/wiki/FTPS

SFTP is: the SSH File Transfer Protocol (also Secret File Transfer Protocol, Secure FTP, or SFTP) is a network protocol that provides file access, file transfer, and file management functionality over any reliable data stream.
   http://en.wikipedia.org/wiki/SSH_file_transfer_protocol

SFTP is much more secure that FTPS

FTPS is secured by SSL (TLS) which is the same familiar method used to keep online web transactions safe.  If you have every bought anything online you have used this method.  You can use it to encrypt the login credentials, the actual data, or both.

SFTP is secured  by SSH which is the same method used for unix remote login sessions.  This is just as safe as FTPS but has the advantage of only using a single port for both control and data so it is easier for your firewall administrator to configure.  The down side of this approach is that there are not as many clients that can do SFTP as there are that can do FTPS.

Can some of these products do both SFTP and FTPS?  And for security purposes it would be best if hosted my own FTP storage, right?  And I saw the FileZilla has a server and a client install so you can host it yourself

Well money isn't the problem, its security so as long as I can spell it out for them I should be good!  Now the Robo-FTP server should be on a server at my location (like my file server or something), not like just my PC and then is there a client install so I can have users here use it to store and send files to customers?  this would be great if its an agent that can be installed on an existing file server (unless using a file server isn't recommended, I can find another server)  

With Robo-FTP or any of these servers you can put it on a regular server on your network but you've got to poke a little hole in your firewall to allow it.  Otherwise you put it out on the DMZ in your extranet.  Do they even still call it an extranet?

Anyway, as far as poking a hole in your firewall goes this is another reason to use SFTP instead of FTPS because you only need to open (or forward) a single port.  The default SFTP port is number 22.

If you want to really get super freaky about the security you can have the users log in with a client key (sftp) or a client certificate (ftps) instead of a password.  Some banks (not most) do this...  some even PGP encrypt the files in addition to sending them over the encrypted transport.

Well thank you so much!