[Bender]

What I have done in the past was to create Chroot SFTP-Only accounts on servers for customers then restrict it to SSH keys and for paranoid customers also limit what CIDR blocks those keys are valid from. All of this is doable from within OpenSSH and storage would be limited to whatever size storage your company has on a server or set of servers or VM's. Each group or POD of customers could have their own active-standby servers only running OpenSSH and whatever monitoring tools your org uses. This could be on physical servers or VM's. Basic hardening is required such as restricting port-forwards, disabling multiplexing and so on. Cipher hardening would depend on if all your customers have modern versions of OpenSSH and avoid using proprietary SFTP clients, otherwise defaults or weaker than defaults may be required in some pods. Set up a active to standby sync of the customer chroot home directories and practice promoting the standby to active using an internal employee-only server.

All of this could be managed from either server automation or an in-house UI that gives customers ability to upload SSH keys and optionally define CIDR blocks and IP addresses the keys are valid from in a user interface.

Just me personally, I would keep it simple and avoid any "turn-key" solutions. Those are usually full of vulnerabilities. I would also avoid web services that could cancel your account locking you and your customers out of your and their data. Oh and a user agreement that sets a "best effort" service level agreement and start off telling the customers there is a 120 day file retention but then extend that as a free value add every quarter. From day one state that there are no backups and do not tell them about the standby servers.