- Why Sharetru?
- Learning Center
Does SFTP simply add the word “secure” to “file transfer protocol”? Do you really know what that entails? What type of security is added? How can you be sure? Do you need it? Simple terms can sometimes be confusing when they don’t have to be. In the decision between SFTP vs. FTP, you need to learn a little bit about both before you can determine which one is right for you.
Use this as a guide to break down everything you need to know about FTP vs. SFTP and what you can expect from a hosted SFTP provider.
FTP has been used for decades to facilitate basic file transfers over the internet. However, even though most FTP transfers involve login with a username and password, these file transfers aren’t necessarily secure. When data is sent from one party to another using the FTP protocol, all the data is sent in clear, unprotected, unencrypted text. This makes FTP transfers particularly vulnerable to packet sniffing, where an hacker intercepts data that’s exposed to the web. If you deal with secure data, this lack of protection can be a huge problem.
While SFTP and FTP perform the same basic function – transferring files – there is one key difference. When it comes to security, SFTP has FTP beat. SFTP closes the loop on this potential data security threat. While many people refer to SFTP as “secure” file transfer protocol, the “S” actually stands for SSH (secure shell) file transfer protocol. With SFTP, data is always encrypted when it’s transferred.
While it is true that FTPS (FTP over SSL) is an encrypted version of FTP, FTPS requires either the FTP client (the end user) or the FTP server to require SSL in order to be secure. Thus, either the end user must manually choose FTPS over FTP or the server must have a setting to force the end user’s hand. With SFTP, there is simply no choice.
SFTP also offers public key authentication in lieu of password authentication. Public key authentication is far more secure. FTP and FTPS only offer password authentication. As we all know, passwords are easily compromised either by being guessed, brute force attacked or stolen.
Using SFTP to transfer a file, a secure shell connection is always established first. This essentially scrambles the information being transferred, which is the only decipherable by the client and the server using a specific SSH key. Also, SFTP defaults to port 22 for data exchanges. This is in contrast to FTP, which uses many separate ports to communicate. SFTP uses just the one encrypted channel for login, commands and data transfers, which makes the process both secure and firewall friendly.
Thus, data that could otherwise be vulnerable when sent using FTP is now secure with SFTP. The best way to remember the difference between FTP and SFTP is think of SFTP as performing the same functions of FTP, just with the added encryption and security.
In the FTP vs. SFTP debate, it can be hard to tell when you should use FTP or when an SFTP solution would be the better option. While both options allow you to send data with ease, there are times when SFTP is the smarter alternative. Here are a few examples of when SFTP is the best choice for your business:
When it comes to protecting data, you never want to risk a data breach, which could cost your business millions of dollars. Using FTP can’t adequately protect your data, so any time you’re sending secure files, SFTP is the best option.
While you may realize it’s essential to align with data security best practices, sometimes it can be hard to convince your employees to do the same. It’s common for employees sacrifice data security for convenience. Maybe they don’t change their passwords often enough, or their passwords aren't strong enough. If that’s the case, SFTP should always be used to ensure your data stays safe, regardless of how your employees handle it.
Compliance has a huge impact on the way many companies operate. Often, these regulations outline data security practices that are imperative for businesses in the applicable industry to follow, or these businesses will face noncompliance fines. So, if your organization is subject to any compliance regulations, SFTP is key to aligning with them. SFTP can help you maintain compliance with the following regulations and more:
While all SFTP providers use basically the same technology across the board to facilitate file transfers, there are some key differences that can indicate the difference between a top provider and one that falls short.
Contact FTP Today to talk to the file sharing experts. They can help you navigate this important decision process.