What is Secure FTP (File Transfer Protocol)?
FTP is a file transfer protocol that does not include any option to encrypt data in transit. It was originally designed for use in private scientific and research networks and is based on a specification defined in 1985 by the Internet Engineering Working Group in RFC 959. FTP uses a data connection to send commands and a separate data connection whenever the client or server needs to send data, requiring multiple firewall ports to be opened. Authentication data (for example, user names and passwords) is exchanged in a cleartext command channel. Data files are sent in a separate clear text channel that is established after authentication is complete.
What is Secure FTP?
Secure FTP is a broad term that refers to two different technologies that can encrypt both authentication information and data files in transit.
- FTPS refers to secure FTP that uses SSL or TLS for encryption. FTPS is very similar to FTP and uses extensions to FTP that add support for the Transport Layer Security (TLS RFC 4217) and Secure Socket Layer (SSL RFC 2228) protocols. Like FTP, FTPS uses two connections: a command channel and a data channel and therefore suffers from the same firewall headaches as FTP. You can choose whether to encrypt both connections or just the data channel.
- SFTP refers to the use of Secure Shell or SSH network protocol to exchange data over a secure channel. SFTP is widely compatible with all major operating systems in use today, from Windows, Linux, and MacOS, to mainframe, IoT, and cloud storage systems. SFTP uses a single connection and encrypts both authentication information and the data files being transferred, making it firewall-compatible. SFTP is the best protocol for secure and automated file transfers.
Secure FTP protocols protect data only while it is being transmitted. Once data files have been written to an SFTP server, the data is no longer protected unless the files have been encrypted prior to transmission. A typical approach is to encrypt files using a tool like PGP, and then transmit using SFTP or FTPS so that the contents of the file remain encrypted when they reach their destination.
What is the difference between SFTP VS. MFT
Managed File Transfer (
MFT) and Secure File Transfer Protocol (SFTP) are often and incorrectly used, either interchangeably or as if they were integral and always sitting side by side. This is not true. MFT is a platform for securely, automatically, and reliably sending and receiving files to and from organizations with auditing and alerting. SFTP is a protocol for transferring files securely between systems. MFT and SFTP complement each other; and the best MFT platforms, such as Diplomat MFT, use SFTP as their default protocol to automatically protect files. Here’s why.
SFTP has been around for over 20 years and is compatible with virtually every computing platform developed during that time. The ubiquity of SFTP means it enjoys near-universal compatibility with current, legacy, and future computing technologies, including on-premises hardware, cloud systems, and software-based systems.
The SFTP protocol implements rich file system semantics, such as opening and closing files, writing to specific offsets within a file, enumerating directories with file metadata (size, dates created and modified, and permissions), setting or getting metadata on individual files, etc., making it perfect for file transfers. Niche protocols, defined by industries or geographies (PeSIT and OFTP come to mind) have limited value due to their limited deployment options and inability to address operational challenges. Even popular cloud-based protocols like AS2 and AS3 rely on HTTPS, meaning they lack rich file transfer semantics. Perhaps that’s why Microsoft announced SFTP support for its Azure Blob storage service (long after Amazon AWS added SFTP FIle Transfer Family for S3), and why companies like e-commerce giant Wayfair, JP Morgan, Citi Bank, Concur, Workday, and more standardized on SFTP for file transfers between their vast network of clients, partners and suppliers.
Here’s what SFTP offers and why, as a secure protocol for automated file transfers, it’s the best of the best.
- The strongest cryptographic encryption
- Strong cryptographic authentication of both client and server, including two-factor authentication (2FA);
- Firewall compatible: The full power of FTP with the ease of configuration of HTTPS because it only requires one port to be opened on the firewall
- Built-in data compression using zlib or zip libraries, which helps reduce the amount of data sent over the cable and speed up file transfers;
- File system semantics: secure file transfers operate with all the capabilities of file systems, including metatdata management, data addition, renaming of files / folders, rich directory listing operations; and,
- Message Integrity: SFTP provides a cryptographically strong integrity check of every data packet that flows between the two systems. This ensures that no data manipulation occurs.
in the industry;
Information sent via SFTP is secure and both parties involved in the transfer can be assured that the information has not been intentionally or inadvertently changed. No other protocol offers all that on so many SFTP
and PGP platforms When it comes to data transfer,
SFTP and PGP™
have different goals. SFTP’s job is to encrypt the transfer on the wire. PGP is to encrypt the files that are transferred. This ensures that the file itself is saved to disk in encrypted form at its destination, so that only the intended recipients can decrypt and view its contents.
Encrypted sessions via FTPS and SFTP are great for protecting data when in transit. However, there are no guarantees about where that data resides at its destination (it may exist within an insecure network segment in your partner’s data center), and the file may be accessible for theft from the disk where it is stored. Using PGP solves this problem because the file itself will be encrypted at rest (on disk) until such time as the partner intentionally decrypts it. PGP is the most widely deployed encryption to protect data and plays a critical role in the transfer of managed files. Another commonly used option is to compress the file with a password, although this is a less standard and universally supported option (Diplomat MFT supports this if you wish).
Coviant Software uses PGP™ as its preferred encryption standard to keep data safe when using our Diplomat MFT platform. We use PGP because it is available on all operating systems, is easy to work with, and has proven to be a reliable form of encryption for over thirty years.
To learn more about PGP and why we trust it, visit our PGP information page.
To learn more about Coviant Software’s Diplomat MFT SFTP server, visit our SFTP server page.