Secure File Transfer Party – FTP vs SFTP?
At QuayTech, we’re currently in the middle of a migration containing a few million files, so I’ve had plenty of time to think about File Transfers over the last week or two.
Back in the early 1970’s, FTP (File Transfer Protocol) was the only way of sending data across the Internet. Of course in 1973 the Internet was made up of only 83 Servers and most of them were Universities like Harvard or Tech Giants like IBM, so there wasn’t much need to encrypt or protect the data. There were no hackers, no phishing, and everyone knew who was on the other end.
The internet in 2018 is a very different place, so we need to make a few adjustments to the way we bulk send files.
Why you shouldn’t use Plain FTP
When we say FTP it can be a general term referring to all types of File Transfer, but more specifically it usually means Plain FTP. It’s called plain because the Data, Usernames, and Passwords are not encrypted, neither are host names, IP addresses or anything else. So what does this mean? Anyone listening in can not only view your files, but also where they are going, where they came from, and the necessary passwords to gain access.
It may have worked when Aberdeen were sending their research to Harvard 40 years ago, but sadly the Internet isn’t the safe place it was back then.
What should you use instead?
There are a few answers to that question, the most well known being file sharing programs like Dropbox, Google Drive, and OneDrive. Maybe more time consuming than FTP, these software companies have to go through a huge number of security checks and procedures to be able to handle your data securely, so you’re in good hands. The advantage of this is that it requires almost no set up on your part.
If that doesn’t suit you, there are two successors to FTP – SFTP and FTPS. These use the same interface as Plain FTP, so the immediate benefit is that most FTP programs can also use SFTP and FTPS. More Importantly, both also encrypt passwords and data transmissions.
SFTP uses SSH, this means that prior setup is required to send files. Both sides of the transfer must have the SSH Key required to operate, as well as the username and password.
FTPS is certificate based, and uses TLS for encryption rather than SSH, making it quick and easy to connect to a Server with a trusted Certificate, as long as you provide the username and password.
Both of these iterations of FTP make secure transmissions between trusted systems fast and easy, and automated transmissions secure and efficient. One of the best things about SFTP and FTPS is that most Plain FTP programs now allow you to enable SSL/TLS (FTPS) or SSH (SFTP) and automates a lot of the process for you. Just remember – Don’t choose Plain FTP.
Good luck with your file transfers!