June 22, 2017

    Which File Sharing Solution is Best: FTP or SFTP?

    The process of choosing a file sharing solution for your organization can be hindered by paralyzing uncertainty surrounding the options at your disposal. Which offering provides the most efficiency and productivity benefits? How do you know if you’re selecting one with the proper security features? What’s involved in procuring a provider that best meets your needs?  

    These are critical questions that help you make the smartest decision on implementing a file sharing solution for your business -- so it’s imperative to understand the answers before drawing a final conclusion.

    This article will help you tackle one of the most common questions involved in the selection process: Which file sharing solution is best, FTP or SFTP? The answer is a variable one, as it depends on the unique goals and requirements of your organization. Fortunately, a smart decision can be reached by breaking down the specific needs of your business and your industry. Consider the following defining factors of FTP and SFTP to compare and contrast the details associated with each one.   

    FTP 

    FTP, or file transfer protocol, is a file sharing technology that furnishes significant productivity and efficiency gains for organizations everywhere, with the added benefit of increased mobility. A file stored on an FTP server is accessible from any computer or device that has an active Internet connection present, making it ideal for users who need to be productive on the go. 

    When would you need it?

    This option is most suitable for organizations that need to access files and data from mobile devices, like smartphones, tablets, etc., or from some specific operating systems with FTP support but no SSH/SFTP clients.

    Why should you use it?

     With other file sharing options, it’s necessary for documents to be uploaded manually or on an individual basis. Maybe this isn’t an issue for the typical home user, but in an enterprise setting, it can create major inefficiencies. Think about the sheer volume of data your organization deals with on a daily basis. Without FTP, you’re likely to be incurring a great deal of time and expense on unnecessary steps simply to share and manage files. 

    Here are some of the most valuable benefits of FTP:

    • Supports large file transfers and bulk file transfers, which can also be entirely automated to save both time and effort
    • Enables the transfer of multiple files and directories simultaneously so you can multitask in “both directions” (uploading and downloading at the same time)
    • Ability to resume a file transfer if a connection is lost for any reason, like if you have to suddenly reboot your computer

    What should you look for in a provider?

    Unfortunately, not all FTP providers are equal, so it’s essential to ensure you’re opting for one that can deliver on your organization’s specific needs. Case in point: Some providers offer encryption capabilities, but just because your transmissions can be encrypted, that doesn't make the solution inherently compliant with industry regulations. In fact, your business could face some serious challenges if your FTP vendor doesn’t enable you to manage these types of regulatory issues.

    You must be extra selective in choosing a provider that understands the nuances of your industry and has the capabilities to protect both your data and your company. Here are some of the most important features to look for:

    • At-rest and in-transit encryption
    • Granular account permissions that can be specified down to the directory level
    • Built-in elements for maintaining industry compliance

    SFTP 

    If the main purpose of FTP is to transfer data, the goal of SFTP is to transfer data through secure access to the file system on an FTP server. SFTP as a protocol always runs on a secure channel for this reason. So, for example, whenever a user inputs their username and password, that information is not transmitted in clear text, but rather in an encrypted fashion. As a result, access to that password by an intruder or other malicious individual would be impossible.

    When would you need it? 

    If your business operates in any industry that handles sensitive, personal or health-related data, or if you’re interested in building a custom security solution, SFTP is the more suitable option. With SFTP, there is no un-encrypted alternative, which is why many organizations that prioritize security rely on this file sharing solution.

    Why should you use it?

    SFTP (also known as “SSH File Transfer Protocol”) employs advanced ciphers to encrypt data transfers as well as user IDs and passwords. SFTP connections can be authenticated via SSH keys (in lieu of passwords), which offers another layer of security and ensure that information doesn’t fall into the wrong hands.

    In addition, SFTP runs on top of the Secure Shell protocol and defaults to port 22 for data exchanges (although it can be configured to run on another port to mitigate attacks). So while FTP and FTPS use many separate ports to communicate, SFTP uses just the one encrypted channel. When dealing with strict firewall policies, this distinction can render SFTP the easier protocol to use. 

    At a time when heightened security is critical to preventing the types of cyber attacks and data breaches that can cost millions of dollars to clean up, SFTP is an obvious solution to these concerns. It takes the versatility and ease of use found in standard FTP environments one step further by offering a complete, secure solution to all of your file transfer requirements.

    What should you look for in a provider?

    If you can’t trust your provider with the organization’s mission-critical data, it’s not the right choice. The selection you make should meet the highest levels of data protection and deliver advanced functionality.

    First, ensure that your provider features systems and controls to prevent data theft, data loss, information leakage and human error. Some of these capabilities include:

    • Intrusion Detection & Prevention: Actively monitors connections, detects suspicious activity, instantly blacklists offending IP addresses and distributes the blacklist across the entire network of servers
    • User Authentication by Password or SSH Key: Fosters password strength and expiration parameters, and manages public keys on a per-user basis
    • User IP/Protocol Enforcement: Enables site administrators to create user-level access rules that restrict individual user connections by remote IP address and/or protocol
    • Granular Access Controls: Governs your company’s file sharing processes with granular user permissions and restrictions

    Second, be clear about whether your provider’s solution is developed with regulatory compliance in mind. Employing an option that doesn’t meet the compliance laws in your industry can result in major repercussions for your business. A compliance-focused solution will make sure that the manner in which your files are stored, accessed, shared and distributed is compliant with all relevant regulatory bodies.

    Finally, it’s vital to choose a provider that has reliable disaster recovery. Threats to the security of your company’s data can come in the form of accidental deletion by users, complete data center failure and more, so you need to be sure that your provider can get things back up and running as quickly and smoothly as possible.

    Tag(s): FTP

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts