Explicit FTPS vs. Implicit FTPS: What You Need to Know

File sharing solutions can be a great asset for you company, but sometimes it can be hard to find the right balance between a solution that’s secure and a solution that’s easy to use. When you find a file sharing option that meets both of those needs, you can increase productivity by making data sharing processes both simple and uniform. You can also keep you data protected, safe from hackers with sinister motives.

One file sharing method that might be ideal for your company is FTPS. FTPS builds off the simplicity of the traditional FTP data transfers and adds a needed layer of security to keep data protected from prying eyes. In this article, you’ll learn more about how FTPS works and how it protects your sensitive files. You’ll also explore the differences between the types of FTPS you can use – explicit vs. implicit FTPS.

What is FTPS?

Before diving into the differences between explicit vs. implicit FTPS, let’s first look at what FTPS is and how it differs from the traditional FTP data sharing. When FTP (file transfer protocol) was first used, there was virtually no way to protect your data. Now, FTPS allows you to protect data, which still taking advantage of the simplicity of FTP.

FTPS essentially addresses security gaps you face when only using FTP. FTPS stands for file transfer protocol SSL (secure sockets locker). SSL is a cryptographic protocol that encrypts the data being transferred. The term SSL is generally used interchangeably with TLS or transport layer security, with TLS v1.2 actually being the most current non-vulnerable protocol.

One of the biggest drawbacks of using FTP alone is that your data is sent unencrypted, even your usernames and passwords during login. So, anyone could intercept and understand this sensitive data. Using FTP alone could lead to serious data breaches for your company. With FTPS, you data is scrambled, inaccessible to anyone but the sender and the recipient. Only the two approved entities – the sender and the recipient – can exchange data securely.

When sharing data via FTPS, you can use either explicit FTPS or implicit FTPS. Explore the difference between explicit vs. implicit FTPS connections, and learn which one of these secure file sharing options is better for your company to use.

What is Explicit FTPS?

Explicit FTPS is the newer method of FTPS transfer and has generally overtaken implicit FTPS use, with the exception of legacy systems. When explicit FTPS is used, a traditional FTP connection is established on the same standard port as FTP. Once the connection is made (before login), a secure SSL connection is established via port 21.

Today, explicit FTPS (also FTPES) is supported by the majority of FTP servers since it is an approved, standard way of protecting data. With explicit FTPS, before a transfer can begin, the client will request encryption information to determine what portions of the data is protected. If the client hasn’t set up these security requests, one of two things occurs – either the connection is declined, or the transfer is made insecurely using the basic FTP protocol.

Explicit FTPS inherently provides users with flexibility regarding how files are sent. So, you could choose to send data unencrypted, but protect your user credentials, or you could protect all information sent in a transfer. The client can decide how secure they want file transfers to be.  The server can also disallow insecure requests, thereby forcing the client to use FTPS and not FTP.

What is Implicit FTPS?

Implicit FTPS was the first method created to encrypt data sent “via FTP”; although a different port is used. When using implicit FTPS, an SSL connection is immediately established via port 990 before login or file transfer can begin. If the recipient fails to comply with the security request, the server immediately drops the connection.

Implicit FTPS is actually more strict than explicit FTPS when it comes to establishing a secure connection. In fact, the entire FTP session is encrypted, in contrast to flexibility you have when using explicit FTPS. However, implicit FTPS is considered a deprecated protocol, meaning that it not the current standard. 

Some FTP providers only use implicit FTPS. In these cases, port blocking to prevent non-secure FTP connections, and because explicit FTPS starts by making an FTP connection, this prevents explicit FTPS transfers, too. So, although implicit FTPS is a depreciated protocol, some providers still require it.

It’s important to remember that not all FTP providers facilitate both explicit vs. implicit FTPS, so you may be limited by the provider you select for your file sharing needs. If you don’t want to choose between explicit vs. implicit FTPS, you do have options. A top file sharing host like FTP Today enables both protocols, so you can use either or both at the same time.

The Benefits of FTPS: A Recap

So, what does all of this mean for your company? FTPS is a commonly used and simple way to protect your data. And partnering with a vendor that facilitates FTPS transfers helps you strike the needed balance between security and usability. You don’t give up the familiarity and simplicity of FTP data sharing, but you don’t need to worry about sensitive data being intercepted. 

So, why should you choose FTPS over another file sharing protocol like SFTP? Whether you’re using implicit or explicit FTPS to share files, there are a few benefits you’ll reap. 

• FTPS is easy to understand and commonly used in professional environments.
• FTPS adds security to an already familiar protocol.
• It is easy to implement since it uses FTP as its foundation.
• FTPS facilitates server-to-server file transfers.
• Troubleshooting is simple as connections can be read by humans.
• Mobile devices support FTPS.
• Security is enhanced by strong SSL/TLS authentication systems.
• FTPS works in some FTP-enabled operating systems (unlike SFTP).
• Numerous web interaction structures support FTPS assistance, and FTPS has built-in support in .NET Framework.

FTPS doesn’t require you to sacrifice usability for security. You can still use FTP if that’s a protocol you’re comfortable with, but your file sharing is enhanced by increasing security with SSL/TLS.

What if you want to use explicit FTPS sometimes, but other options like implicit FTPS, too? With FTP Today, you have the flexibility to transfer files using any protocol you want, including both implicit FTPS and explicit FTPS. You can use the appropriate protocol at the appropriate time, and you can also permit your users and clients to use different protocols, too.

Ultimately, the best way to determine if you need to use explicit vs. implicit FTPS is by evaluating your company’s specific file sharing needs. Look at who your sharing files with, like internal or external entities. Also, consider which option is easiest for your employees to navigate. Both explicit and implicit FTPS protect your data, and with the right file sharing solution provider, you don’t have to worry about data compromises. And with a provider like FTP Today, you have the flexibility to use whichever protocol is ideal on case-by-case basis.

Do you want to learn more about choosing the right file sharing solution for your company’s needs? Download this free comparison guide for in-depth insight.