Whether you’re looking to upgrade from your current FTP file transfers or have new requirements from a trading partner or customer, you might be wondering what FTPS is. You may ask: how does FTPS work, and does it differ from secure file transfer protocols like SFTP and AS2?
Good questions. Let’s start by defining what FTPS is.
What is FTPS?
At its core, FTPS (FTP over SSL) is a secure file transfer protocol that allows you to connect securely with your trading partners, customers, and users. When file transfers are sent, they are exchanged using FTPS and can be authenticated through FTPS-supported methods like passwords, client certificates, and server certificates.
GoAnywhere Glossary: From A to Z
Anything Else I Should Know About FTPS?
Algorithms & Authentication
FTPS implements strong algorithms like AES and Triple DES to encrypt file transfers. For authentication when connecting to trading partner servers and vice versa, FTPS uses a combination of user IDs, passwords, and/or certificates to verify authenticity.
Compliance
If compliance is a concern in your organization, you can achieve various security requirements with FTPS, including PCI DSS, HIPAA, HITECH, SOX, and data privacy laws.
TLS & Certificates
FTPS uses TLS (and SSL, though SSL is now considered insecure by PCI DSS and most industry standards) to encrypt FTPS server connections. X.509 certificates are used to authenticate these connections. They contain identifiable information like issuer name, subject name, subject public key details, and signature.
When using certificates, they’re considered trustworthy if signed by a known certificate authority (CA) or self-signed by a trading partner. Certificates signed by a CA are easy to validate using the chain of trust that is built into the standard. To validate self-signed certificates, you must have a copy of the trading partner’s public certificate in your trusted key store.
One Downside to FTPS
There is one downside to FTPS you should be aware of: FTPS protocols can be difficult to connect through firewalls with high levels of security. FTPS uses multiple port numbers for implicit and explicit connection types, so every time a file transfer or directory listing request is made, another port will open. This can put your network at risk and open you up to vulnerabilities if you aren’t careful and alert or have strategies in place to avoid them.
Learn More: What is an FTPS Client?
Does FTPS Differ from Other Secure FTP Protocols?
We already know that, by nature, FTPS is far more secure, reliable, and flexible than basic FTP or homegrown file transfer solutions. But what is the difference between FTPS and a different secure protocol, like SFTP?
Well, we have that answer for you already, wrapped neatly in a detailed blog post:
Which is Better: SFTP vs. FTPS?
If you’re looking at FTPS versus protocols like AS2 or HTTPS, the answer truly depends on your scenario and your trading partners.
For example, are you planning to transmit EDI documents and need a protocol that provides a high degree of security assurance? You may want to look into AS2 for your file transfers. And if you’re exchanging files with websites using HTTP servers, HTTPS may be your best choice for that particular requirement.
Meet Your Requirements with Managed File Transfer
Choosing or using FTPS as your secure file transfer protocol is a smart, efficient way to exchange files in your organization. However, FTPS doesn’t operate in a void! In order to effectively implement all the features of FTPS and more, you’ll either need to find an FTPS tool or go with a centralized, all-in-one file transfer solution like managed file transfer (MFT).
MFT solutions are used by organizations of all sizes for needs ranging from a few dozen file transfers a week to thousands or more exchanged a day. With strong encryption practices in place (e.g., Open PGP or AS2), IT teams can be sure MFT will protect their data no matter the size, contents, or frequency of the file transfer.
Watch the On-Demand Webinar: Managed File Transfer 101
Beyond file transfers, some MFT solutions including GoAnywhere MFT, have the ability to handle critical file transfer requirements for sharing large files via an accelerated file transfer protocol, on-premises collaboration features, or even a secure mail plugin for email clients like Outlook.
Having all these options in one product accomplishes the goal of centralizing, managing, and tracking your file exchanges in one place, giving you better file security and peace of mind.
GoAnywhere MFT facilitates using the FTPS protocol for secure file transfer, including guaranteeing delivery of FTPS transfers with auto-retry connection options, auto-resume interrupted file transfers, and integrity checks for successful file transfers.
See What’s Beyond FTP: Secure and Manage Your Data
Whether you need FTPS to meet trading partner requirements or you’re looking to update your FTP implementation to a more secure, modern framework, you’re in this right place. Use this white paper, titled "Beyond FTP: Securing and Managing File Transfers," to discover the options you have outside of scripts and legacy file transfer tools.
