Support Contact
Why Sharetru?
Platform
Features
Compliance
Industry
Pricing
Resources
Start Free Trial
    Start Free Trial
      January 2, 2005

      What should you look for when comparing FTPS vs SFTP vs HTTPS?

      Written by: Martin Horan

      The intent of this article is to explain how FTPS, SFTP and HTTPS protocols differ from one another, and the advantages and disadvantages of each method of encryption.

      FTPS (FTP using SSL) - Best for Secure and Automated Transfers

      Advantages:

      • Uses 256-bit SSL encryption.
      • Username and password are encrypted, as opposed to being sent over the Internet as clear text, as with standard FTP.
      • Data files are sent over an encrypted channel. [Note - This may be user-selectable on stand-alone client software.]
      • No one can snoop or sniff out your login information or the contents of your data files on the public Internet.
      • Third-party FTPS (FTP using SSL) client software compatible.
      • Many standalone FTPS (FTP using SSL) client software packages can automate and schedule unattended transfers... a BIG ADVANTAGE.
      • Some of your users may already have FTPS (FTP using SSL) client software and prefer it to our web-based method (next).
      • Users are jailed to their private FTP folders based on username.
      • The activity log keeps track of all user activity.

      Disadvantages:

      • Your end users will have to license and install FTP client software ($0 to $50) with FTPS (FTP using SSL) capabilities.
      • FTPS (FTP using SSL) is not always "firewall-friendly," therefore you and your clients with firewalls may have to arrange for certain TCP/IP ports to be open to your Sharetru FTP site's IP address. This is not a major hurdle, and our support staff will guide you.

      FTPS (FTP using SSL) is one of the most reliable secure file transfer protocols for users who need both encryption and automation.

      FTP - over - HTTPS (SSL Tunnel) - Best for Secure Web-based Transfers

      Advantages:

      FTP-over-HTTPS is a practical middle-ground solution for improving the security of existing FTP workflows without completely abandoning legacy systems. However, for organizations aiming for long-term scalability and compliance, more advanced protocols may be preferable. Despite its many limitations, there are some advantages:

      • Enhanced Security:
        • Adds SSL/TLS encryption to protect data during transfer, addressing the security shortcomings of traditional FTP.
        • Provides encrypted credentials, reducing the risk of credential theft compared to plaintext FTP.
      • Compliance Improvement:
        • May help organizations meet basic encryption requirements for data in transit, improving compliance compared to unencrypted FTP.
        • It provides a transitional step for legacy systems that need to enhance security without a complete protocol overhaul.
      • Familiarity for Legacy Systems:
        • Allows organizations reliant on FTP workflows to incorporate encryption without major changes to their existing processes.
        • Retains compatibility with many legacy FTP clients and servers.
      • Firewall-Friendly (Compared to Traditional FTP):
        • Often uses a single port (typically 443) for data and control channels, simplifying firewall and network configurations compared to traditional FTP.
      • Wider Accessibility:
        • Many FTP clients support FTP-over-HTTPS, making it easier to adopt for organizations that already use FTP.
      • Intermediate Solution:
        • Acts as a transitional protocol for businesses upgrading their systems from unencrypted FTP to more modern protocols like SFTP or HTTPS APIs.

      Disadvantages: 

      While FTP-over-HTTPS adds a layer of encryption to the traditional FTP protocol, it still falls short in several critical areas compared to modern file transfer methods. From security vulnerabilities to operational inefficiencies, the limitations of FTP-over-HTTPS make it an outdated option for organizations that prioritize compliance, usability, and performance. Below is a breakdown of its key disadvantages:

      Disadvantages of Using FTP Over HTTPS

      • Security Concerns:
        • Traditional FTP lacks encryption, leaving data vulnerable to interception.
        • Plaintext credentials expose sensitive information to attackers.
        • No built-in mechanisms for verifying data integrity, unlike HTTPS.
      • Compliance Issues:
        • FTP does not meet encryption standards required by regulations like HIPAA, GDPR, or NIST.
        • Limited auditing and logging capabilities make compliance reporting difficult.
      • Operational Challenges:
        • Requires multiple ports, complicating firewall configurations and increasing attack surfaces.
        • Setup and management are more manual compared to HTTPS.
        • Incompatible with many modern tools and systems.
      • Usability Drawbacks:
        • Requires dedicated clients for access, while HTTPS allows browser-based usage.
        • Lacks advanced features like metadata handling, real-time collaboration, and seamless API integration.
      • Performance Limitations:
        • Relies on separate control and data channels, which can introduce latency.
        • No support for compression, leading to inefficiencies with large file transfers.
      • Scalability Issues:
        • Struggles with high-volume transfers and scaling efficiently for large datasets.
        • Increased computational overhead due to SSL/TLS encryption.
      • Obsolescence:
        • FTP-over-HTTPS is completely outdated and removed from almost all systems. This is when compared to modern protocols like SFTP or an MFT platform, which offer better performance, security, and usability.
      • Complexity of Setup and Maintenance:
        • Requires detailed configuration of the FTP server and SSL/TLS layer, including certificate management.
        • Expired or improperly configured certificates can disrupt operations and create vulnerabilities.
      • Firewall and NAT Challenges:
        • Passive and active modes often cause connectivity issues due to multiple port dependencies.
      • Limited Features:
        • Does not offer built-in advanced authentication, monitoring, or compliance tools found in modern systems.


      CTA-case-studies-02-v1

       

      SFTP (Secure File Transfer Protocol using SSH)

      Advantages:

      • Uses up to 256-bit SSH2 encryption.
      • Username and password are encrypted, as opposed to being sent over the Internet as clear text, as with standard FTP.
      • Data files are sent over an encrypted channel.
      • No one can snoop or sniff out your login information or the contents of your data files on the public Internet.
      • Third-party SFTP client software compatible.
      • Many standalone SFTP client software packages can automate and schedule unattended transfers... a BIG ADVANTAGE.
      • Some of your users may already have SFTP client software and prefer it.
      • Firewall friendly since all commands and files are transferred over a single port -- TCP port 22.

      Disadvantages: 

      • Your end users will have to license and install SFTP software on their computers.
      • You may also have to support your end users in installing, configuring, and using their SFTP software.
      • Most SFTP server deployments use OpenSSH/SFTP on the server, which does not jail a user inside of a particular folder based on their username & password authentication. Because of this lack of privacy among multiple users, SFTP is best deployed in a single-user environment. [see UPDATE below]
      • SSH/SFTP keeps no log of user activity. There may therefore be no audit trail whatsoever. [see UPDATE below]

      UPDATE - As of April 1, 2010, Sharetru is the only service we are aware of that does NOT have the limitations described above in items 3 & 4. Click here to Learn more...

      SFTP is a strong contender among secure file transfer protocols for environments requiring single-port operation and encrypted transfers.

      HTTPS (HTTP using SSL) - Not designed for File Transfer applications.

      Disadvantages:

      HTTPS is used in hosting websites with e-commerce applications. This is great for securing order forms while customers enter credit cards, but functions like user-authentication and folder privacy are not best handled by HTTP or HTTPS. The HTTPS protocol is not natively meant for transferring files. It is meant for displaying web content over a secure connection from a web browser to a web server.

      While HTTPS offers encryption, it is less optimized compared to other secure file transfer protocols for file-based applications.

      Free Trial CTA - Male & Female Digital Screen

       

      Tag(s): FTP

      Martin Horan

      Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

      Other posts you might be interested in

      View All Posts
      Cyber and Data Security

      SFTP vs. FTP: Understanding the Difference

      Data is a valuable asset, one that’s important for businesses to protect.... Read More
      FTP

      SaaS FTP Showdown: Sharetru vs. BrickFTP

      In terms of secure file sharing solutions that you can depend on, it's hard to... Read More
      File Sharing Best Practices

      Explicit FTPS vs. Implicit FTPS: What You Need to Know

      File sharing solutions can be a great asset for you company, but sometimes it... Read More