June 10, 2020

    Secure FTP: Best Alternatives to FTP

    FTP (File Transfer Protocol) has been a leading option in file transfers for a long time. However, looking at the complexity of data security compliance standards and the capabilities of data hackers, a stronger and more secure solution can be required. As technology advances (and hackers’ skills advance in parallel), you need the best file transfer option to keep data protected.

    With data security continuing to be a major concern for companies, it’s essential to explore alternatives to FTP. Here at Sharetru, we have developed secure file sharing solutions for our clients for more than 20 years. 

    Let’s take a look at a few different options and determine how these alternatives address data security. 

    SFTP

    What is SFTP?

    SFTP, or FTP over SSH, is an FTP alternative that deviates from traditional FTP transfers in a key way: the application of SSH keys to the process. One of FTP’s biggest vulnerabilities is that all information, including potentially sensitive information, is shared over plain text, including your username and password. 

    Using SFTP closes this security gap by adding a layer of security – SSH encryption. SSH (secure shell) encryption allow two computers to establish a secure channel before a transfer occurs. Client computers encrypt the channel only after validating the server’s SSH host key. Once the connection is established, all data is securely transferred via the encrypted channel.

    Pros of Using SFTP

    The biggest benefit of using SFTP is its data security. The encrypted transfer means that not only are your transferred files encrypted, but your username and passwords are encrypted in transit, too. Another benefit of SFTP is that only one server connection is used to share data, so no other ports need to be open, diminishing the burden on configuring your firewall. Finally, you can glean more metadata from transferred files, like send date and time, and file size.

    Drawbacks of Using SFTP

    Fundamentally, using SFTP is pretty simple. But that doesn’t mean it’s totally without its drawbacks. Users need to download and install SFTP Client software on their computer and IT departments may need to get involved in allowing these tools to be installed. 

    Also, if you start using SFTP Clients in your organization, there may be a learning curve for your employees. Everyone knows how usernames and passwords are used to log into accounts, but not everyone knows how SSH keys (another form of authentication) work.

    FTPS

    What is FTPS?

    FTPS (File Transfer Protocol SSL) transfers files the same way as FTP, but with an encrypted connection to protect data. SSL, or “secure sockets layer”, FTP transfers use the same control channel (port 21) to facilitate data sharing, which means your system needs to be able to accommodate FTPS, but prevent FTP transfers. FTPS enables you to encrypt both the command and data channels, and authenticate transfers with usernames and passwords, certificates, or both together.

    Pros of Using FTPS

    The biggest benefit of using FTPS is, like SFTP, the added security. You don’t have to worry about your data transfers being compromised, since you’re using encrypted connections to share data. Also, SSL is a popular form of authentication, and many methods of internet communication already have SSL built in.

    Drawbacks of Using FTPS

    Whereas SFTP transfers only need one port open, FTPS requires multiple ports to facilitate data transfers, in the same way that FTP transfers do. This level of internet exposure can make it incompatible with company firewalls. Plus, not all servers enforce the use of SSL on port 21, so your organization may be open to employees accidentally using unencrypted FTP.

    HTTPS

    What is HTTPS?

    HTTP allows you to share data via a web browser. While this method is simple, it offers nothing in terms of security. HTTPS (Hypertext Transfer Protocol Secure) adds the layer of SSL/TLS security HTTP needed by encrypting the connection. Like FTPS, it’s imperative that your system allows HTTPS but not HTTP.

    Pros of Using HTTPS

    HTTPS makes it highly simple to download files straight from an internet browser. In fact, most people have already used this method in some form or another, so there’s very little education would be needed to ensure your team is using HTTPS effectively. Also, there’s no need for any kind of protocol installation, which would be the case with FTP or SFTP. Users only need the right URL to access a file. Plus, all traffic to a HTTPS website is encrypted, which maintains user privacy. 

    Drawbacks of Using HTTPS

    HTTPS can make it difficult to transfer large files. This method is best for the transfer of small, simple files. In many businesses, complex files are transferred every day, so this is a major drawback. Also, there’s no way to schedule or automate transfers with HTTPS, which is possible with other methods like SFTP. 

    AS2

    What is AS2?

    Applicability Standard 2 (AS2) best for business-to-business EDI (Electronic Data Interchange) transactions – perfect for industries like retail and manufacturing. With this method, a SSL “tunnel” is created for secure transfer from point-to-point via the internet.

    Pros of Using AS2

    In addition to security benefits like end-to-end encryption, you can also verify receipt of data. This means you’ll know when transfers have been received, a benefit that methods like SFTP, FTPS, and HTTPS don’t offer as readily. You can also ensure that files are transferred intact, without any manipulation or corruption.

    Drawbacks of Using AS2

    The biggest drawback of AS2 transfers is that both parties must have an AS2 solution to share data, which makes AS2 incompatible with other file transfer protocols. This need for specialized software is why this method is best suited for B2B transfers.

    Managed File Transfers

    What are Managed File Transfers?

    MFTs aren’t a protocol, but a solution that facilitates file transfers. These solutions are actually compatible with multiple methods of file transfers – FTP, FTPS, HTTPS, sometimes even AS2. With MFTs, the solution provider manages the solution and maintains appropriate security measures. This option streamlines both internal and external file sharing.

    Pros of Using MFT

    Managed file transfer solutions generally have the most advanced authentication and data security measures built into the solution. They also make it possible to manage and analyze user activity for greater visibility into the data sharing processes. You’re also not required to manage data security efforts yourself; that responsibility falls to your solution provider. 

    Drawbacks of Using MFT

    Using MFTs does come at a cost. You’ll likely need to pay a monthly or annual fee to use the solution. You’ll need to rely on the vendor for support, which means you may not always receive the level of support you need. You could quickly outgrow the solution you choose, so if you select this option, you must ensure it’s scalable to fit your needs.

    Get the best file sharing option for your business

    It’s imperative that you select the solution that provides the greatest level of security and support to ensure using a managed solution is easy for your employees and clients. To learn more about your file sharing options, download this free Comparison Guide


     

    Tag(s): FTP

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts