We have a Microsoft Server 2008 Server running IIS 7.5 acting as an FTP-S server, located in our DMZ. External customers post files to this FTP server, and then our internal staff pull the files for further work.
Right now, our internal staff also use FTP-S to connect in to the DMZ FTP server to pull the files directly. I feel that this creates a security risk.
Other than having our internal staff directly connect to the DMZ FTP server (with any protocol - FTP, SSH, RDP, File share, etc...), what is the best practice way to allow our internal staff access to the files our external partners are posting on the FTP server?