February 2, 2022

    FTPS : How Does This Secure File Sharing Protocol Work?

    Corporate servers are loaded with sensitive information. If this information falls into the wrong hands, it could lead to regulatory violations, breach-related liability and even embarrassing headlines. An ecosystem of frameworks and protocols has grown out of the need for secure data storage and sharing. FTPS is one of those protocols used to protect data in transit. But how does FTPS work? And what makes it different from other file-sharing protocols?

    We’ll address those questions and others below. Continue reading to learn more about your options for secure file storage and sharing, and get in touch with the Sharetru team to ask questions or talk about your organization’s specific file-sharing needs.

    Why and How to Connect to FTPS for Security

    We’ve come a long way since the earliest days of file transfer. File transfer protocol (FTP) was the initial method for sharing files with other parties. Unfortunately, FTP didn’t provide a way to secure files during transit. Hackers and others could gain access to your files, no matter how sensitive they may be in nature.

    Of course, most organizations are sharing files and data that are proprietary or otherwise sensitive in nature — at least some of the time. FTPS grew out of the need for a secure way to share this sensitive information, including the following use cases:

    • Law firms sharing client-related information with courts and other attorneys.
    • Defense contractors sharing files that contain regulated information pertaining to the U.S. military.
    • Large multinational corporations sharing personnel files that contain private and personal information.
    • Healthcare providers sharing files that include information regulated by HIPAA.

    Without something better than the original FTP approach to file transfers, there would be no way to secure this sensitive information as it moved from one party to another.

    FTPS was first established in 1996 as a protocol that includes encryption for files in transit. While FTPS is not the only option for organizations that need to share sensitive files, it remains one of the most popular protocols due to support for myriad applications and frameworks relevant to today’s operating systems.

    Implicit FTPS vs. Explicit FTPS

    As you explore FTPS options, you may come across 2 terms: implicit FTPS and explicit FTPS. Don’t let the distinction between this pair of terms confuse you or frustrate your search.

    Implicit FTPS was the original FTPS method. Implicit FTPS establishes a connection on a separate encrypted port (port 990) prior to login and before a file transfer actually begins.

    Explicit FTPS (also known as FTPS) is the newer method. Rather than establishing a connection on a different port (as in implicit FTPS), explicit FTPS uses the same control port as FTP (port 21). A more traditional FTP connection is established to start, but then an SSL connection can be selected by the client or required by the server. This happens prior to login credentials being transmitted. File transfer ports can also have SSL required to create the necessary level of security for sensitive information.

    Because of this increased flexibility and ease of use (without sacrificing security), explicit FTPS is now the industry standard, while implicit FTPS is considered a deprecated protocol. You may still find legacy systems using implicit FTPS, but this is a dated approach to secure file transfers.

    Comparing Different Protocols

    As you search for file-sharing solutions, you’ll come across a number of different protocols and frameworks. Many of these protocols and frameworks demand a close comparison. Here’s a look at some of the most commonly compared file transfer protocols — and the key differences between them.

    FTP vs FTPS

    We’ve already addressed this above. But, in short, FTP allows users to transfer files but without encryption or any security measures in place. FTPS builds on the FTP foundation by adding support for Secure Sockets Layer (SSL) and Transport Layer Security (TLS). FTPS provides the same function as FTP while adding the security that most organizations want and need when sharing sensitive files.

    HTTPS vs. FTPS

    Just as FTPS is a secure version of FTP, HTTPS is a secure version of HTTP (which stands for Hypertext Transfer Protocol). HTTPS is limited when it comes to file sharing because it’s used almost exclusively for a limited number of small file uploads and downloads. You’re likely familiar with HTTPS because it’s used for surfing the internet. You enter a web address, and HTTPS renders a secure version of the requested webpages in your browser.

    But HTTPS is used far less often for file uploads and downloads than alternatives like FTPS — and with good reason. HTTPS can only handle small files, which can lead to excessive timeouts if you attempt to use HTTPS for larger files. HTTPS cannot recover from timeouts whereas FTPS can because FTPS is a stateful protocol. So, if you’re one of the many organizations that needs to securely upload multiple files or large files, doing so via HTTPS could be a frustrating process for the user.

    With HTTPS you’re also limited by your browser’s configuration and settings. For example, different browsers (like Chrome, Firefox, etc.) allow for different files sizes and different numbers of files that users are allowed to upload or download simultaneously. These settings vary widely depending on the browser used.

    HTTPS certainly has its place in the digital world. It’s just not as well-suited to securely transferring large amounts of sensitive files, and does not support file transfer automation.

    SFTP vs. FTPS Security

    SFTP and FTPS look similar and often get mistaken for one another, but they are completely separate protocols. While SFTP uses the SSH (or Secure Shell) protocol and FTPS the SSL (or Secure Sockets Layer) protocol, both help achieve the same end goal of allowing organizations to securely transfer sensitive files and information.

    Is SFTP or FTPS more secure? While both provide a world-class level of security, your organization will need to choose between the two (or when to use each one) based on factors like system compatibility and security controls. Your security controls include how many ports your organization allows open through its firewall.

    Why Choose FTPS?

    Why should your organization opt for a hosted FTPS solution? Here’s a look at just some of the many benefits associated with FTPS file sharing:

    • Simplicity: FTPS uses FTP as its foundation, which makes it incredibly easy to implement.
    • Acceptability: FTPS is widely accepted by organizations around the world that often facilitate secure file transfers.
    • Mobile Support: FTPS is supported on mobile devices, which is important given the growing use of mobile in professional environments.
    • Security: The SSL/TLS authentication systems used by the FTPS protocol deliver world-class security for your files.

    Is FTPS Right for Your Organization?

    Is FTPS the right solution for your organization? That depends on how you’re currently storing and sharing sensitive files and data, the knowledge and abilities of your existing team, plus other factors related to your unique business.

    At Sharetru, we provide a series of secure file storage and transfer solutions. Each one is available as part of an affordable plan that includes no setup costs. You can be up and running with FTPS or whatever protocol is best for your organization in no time.

    If you want to know how to setup FTPS, it’s best to start with a brief call and demonstration of Sharetru’s solutions. Get in touch with us to learn more about what we can offer your organization and to schedule time to speak with one of our cybersecurity experts.

    Brendon Ainsworth

    Brendon, Sharetru's CRO & VP of Sales, brings diverse industry experience, excelling in GCP & AWS infrastructure certifications.

    Other posts you might be interested in

    View All Posts